As an aspiring cypherpunk activist, and archeologist of the present, I'm really happy I did my part in making sure everyone got to know Kaspa well, for what it is. And in shining a spotlight on Kaspa's founder's views on decentralization and trustlessness.

Just so you know, the Founder made fun of the cypherpunk motto Don't trust, verify even before launching Kaspa. He ridiculed it as "Don't trust, terrify!". So it's no accident that Kaspa lost bit of its transaction data early on.

Of course some people don’t care about full nodes because they trust Yoni, or for they're simply ignoramuses.

But the Kaspa blockchain is cryptographically corrupt nonetheless exactly because you've to trust Yoni and Shai. Or you have to not care. But you will never be able to trustlessly verify/prove that all transactions in Kaspa's history were signed.

Feels good to see Nick Szabo ask that rhetorical question, man. ✌️

What would you say to a new defi primitive that gives you leveraged long convexity exposure for a one time upfront fee, 0 liquidation risk, 0 volatility decay, 0 funding fees.

In other words, only you can close your position, and your profit loss depends exclusively on entry/exit price. The path price took doesn't affect your profit/loss.

What does convexity mean? That position size follows a convex curve, not a straight line like an ordinary leveraged long.

Profit auto-compounds as price moves in your direction.

Because of convexity you also never get liquidated if price moves against you.

And finally, you don’t pay funding fees but only a one time upfront fee (no fee when you close).

Entirely onchain, on ETH.

If you didn’t get a word of what I just explained, best to move on because it means this is too complex for you. But if you got it then I’m sure you understand this is a big deal. SIR is a new defi primitive that doesn’t exist anywhere else.

I'm in, feel free to join the movement!

It's time we separate being pro-crime from having good tech. Most of the time being pro-crime actually means the tech is a honeypot.

Palantir's business model rests on selling services to LE. Chainalysis sells Monero tracing services. Palantir & Chainalysis have the same parent company, CIA's In-Q-Tel. Maybe that's why Monero is "pro-crime".

Speaking of the tech: Monero's privacy rests on 15 decoys, 11 of which can be eliminated just by looking at decoy age. W/ FCMP++ Monero TX IDs stop referring to specific decoys on the input side, but they still give you the number of inputs spent in each TX and the new outputs created w/ that transaction. In other words, you can get the UTXO structure of the transaction as well as the naked outputs created with it.

In a ZEC shielded TX, OTOH, you don't see any inputs/outputs or number of inputs/outputs.

Therefore ZEC does indeed deserve to flip Monero. Because even with FCMP++ Monero will still be trivial to trace and light years behind ZEC.

Why are there so few shielded transactions on Zcash? At its current state Zcash can be attacked via timing analysis & the recency heuristic.

To be clear, this in no way shape or form implies that XMR is better. In XMR I see the output of every single transaction directly in the XMR explorer because each transaction ID in Monero references the specific outputs that it created. Monero is the worst & weakest privacy coin of all, light years behind Zcash.

That said, Zcash uses zk proofs, which means a transaction itself bears no reference to any outputs, or "actions" (as they are called).

However, right now there seem to be really few shielded transactions which make it really easy to link together transactions of spontaneous users.

Eg: if I know a target transaction T took place at a specific time then chances are that the receiver of T was the only shielded receiver around that time. By using the recency heuristic, any de-shielding transaction around the same time can be tied to T.

The honeypot has released another update, Fluorine Fermi (or the anti-CGNAT upgrade).

Seriously dummies? Do you really think a spy node network, operated by Chainalysis & Co (sophisticated players), will use a naked AWS IP address that forms clusters instead of being routed through onion?

If anything amateur nodes are the target of this upgrade, such as those running behind CGNAT. Fluorine Fermi discriminates against such amateur nodes, increasing the likelihood that your transaction is broadcast straight to Chainalysis.

As a reminder, Monero's network is completely compromised, and they keep compromising it.

Dandelion was introduced to make sure your wallet picks industrial nodes (high uptime, low latency) as first hop nodes. In other words, your wallets sends your transaction straight to Chainalysis.

Now with Fluorine they actively filter out more residential full nodes, limiting the odds that your wallet may pick a non Chainalysis node for the first hop.

🚨For anyone from the Dero community who cares to refute/verify the inflation bug FUD once and for all, here is an easy way to do it if you have enough technical expertise to browse the Dero blockchain for the following data:

1) Identify all transactions where the exploit wallet dero1qy4rr9y88yukn6249e4kg9mv3za0emlwq8px4kr92eapuqxhwuvnqqqa33r9m appears as receiver in the time frame between the moment that address was registered and the moment the exploit transaction took place

2) deanonymize those transactions by using the brute force scripts from the alpha wallet

3) you should find at least one incoming transaction (probably with a big amount) to prove that dero1qy4rr9y88yukn6249e4kg9mv3za0emlwq8px4kr92eapuqxhwuvnqqqa33r9m received coins before it started sending out coins

I'd have done this myself but I'm not technical enough to do it.

🚨Important message for all Dero holders: I managed to do this with Chatgpt myself, I created a Python script that uses the local explorer to go through all block contents, from block 1059301 to block 1081893.

It pains me to say this but the address dero1qy4rr9y88yukn6249e4kg9mv3za0emlwq8px4kr92eapuqxhwuvnqqqa33r9m appears in none of the transactions present onchain between those 2 events. Which means this account couldn't have had any coins. The only explanation is an inflation bug. Or at least I can't think of another one.

I encourage everyone to verify on your end, there could be an issue with my Chatgpt Python script although it's highly unlikely because I tested it with other addresses.

With this we go full circle. I guess I was wrong, and I apologize to anyone who got into Dero because of me.

Very difficult time for me considering how invested I was. I'm really sorry for any losses I caused with my shilling. If it makes you feel any better just know I never made any money from Dero.

Peace ✌️

In private a lot of Dero holders are pushing back that if there was a bug then someone would have found the bug in the code.

First things first, I'm not trying to FUD Dero. I'm just reporting what I found.

Second, yes it's true, I did not find a bug. All I'm saying is I found something that is highly suggestive of an inflation bug, and refutes the hypothesis that Derolytics was hiding transactions. His explorer has been proven to be reliable so far.

Also, to be clear, I did not find what I was hoping to find. I was hoping to find proof that Derolytics was hiding transactions, to expose him as a liar. Instead, I found that his explorer accurately portrays the transaction history of the flagged address. I reported everything transparently, I felt obliged to do so.

I've also not tried to front run anyone by selling any coins before reporting my findings.

I think anyone who bought because of me deserves to sell ahead of me, I'm not going to drain any liquidity that is left. This will be the hill I die on. Once/if the bug is confirmed in the code, I'm done with crypto for good. Never touching another coin. Be it privacy or Ponzi.

And yes, there is still a small glimmer of hope that this may be just a misunderstanding or psy-op, I personally think it's only a matter of time before someone finds the bug in the code and Dero ends up like Haven.

🚨Even the second address in the flagged transaction doesn't appear in any other transactions in between registration and the inflation exploit transaction. Imo this definitively proves we are dealing with an inflation scam/bug.

Here is how you can verify everything on your own end:

1) Run a full Dero node
2) Load the explorer (open terminal at folder with ./explorer-darwin)
3) Visit http://127.0.0.1:8081 in your browser
4) This is the ID of the inflation bug transaction: 5bbe1b7eecfe3447cb045b1197a07a214b456968eda8a3d5a90f5fae9ce57e55
5) insert it in the explorer to see all the ring members

I went through all ring members one by one, and you can verify that the following are all registration spam addresses from March 2022

-dero1qyjgfvvf4e7jrna8xg6mmwh77km6q9nfrgdue6q2lczy33almkgy2qq9wzrkp
-dero1qyzm8zl7g5xgggx8vukkr7me3xfjdlsxy25y5lmh2a76uft9df4yyqqd60z7j
-dero1qygshqcqnvl4vpcwyyrg4sxhjxwzargna2nnzzn78dg98a33h5lx5qq2h5jdg
-dero1qypwnjc4syxqeujjwrd0mkrtdwh3jvrp75779fn6ldln8drc556fuqq5m220t
-dero1qynz0wgad7wys0cnt7xasxntmd9pwyju5nq9map4968v4xm2dzz6uqq8ggvzl
-dero1qy2vr7lrm24exvgkr5yqhj2fwu70juhs0gfv4j0urjc3n7vk7zmqgqqjyxtd7
-dero1qydkmcc8we20lyjp5c84t79yysn0neae74j0sk2wqj0z0r92atyewqg4wj8re
-dero1qydgqkfpe54zqyq38ynd0pff7a4xls3wt09p9xc8ps97rgx09vf35qqz6zszx
-dero1qyd6k30dk90mxmfdf7vsf8fj439y6d06d7djsr7sw0ck64mu80p9kqggkxa2f
-dero1qyh2lthxcks8035sx79wr74l2jzr4j5hscjkrp2459xm5ajzdxng5qqfg4asl
-dero1qynrnprp4zmzcztsjrm3mae8z8vqqqdnvjqtk2ze2ah6mefdxxdvuqq9u9vnf
-dero1qyvwtpws8thucd53ehsww0ldn9sgjnekey6fa9dkr2n7wt7fwcuj2qqlzl9g9
-dero1qy5em9fkd53hpnxptls5lhmmtc2uu7ejqsr2d9cld6pj6rj3smvfjqg3e5cl0
-dero1qypq4x0xnjw92aykztk3xl83x96cdnktqqna0hly5fx5u9gupcatcqg6ey088

You can copy paste them in the Derolytics explorer to verify they are spam registered in the same time span. Or if you don't trust the derolytics explorer take the registration blockheight displayed by derolytics in your local explorer, such as http://127.0.0.1:8081/block/<insert block height here> and you will find the registration transaction in the respective block. Derolytics doesn't lie, everything in his explorer checks out.

The only 2 addresses that are not from the registration spam spree are the following:

Sender or receiver 1: dero1qy4rr9y88yukn6249e4kg9mv3za0emlwq8px4kr92eapuqxhwuvnqqqa33r9m

Sender or receiver 2: dero1qynyngff0r3jvt27anevfhul3v3jfz8g47n7e6v9y3w2434t8ap96qqwje5g5

For each of these 2 addresses in the Derolytics explorer and in your own local explorer you can verify that they were registered respectively on block 1059301 (1) and 1059392 (2). Now run a python script to check all blocks from the registration blocks to the flagged transaction block 1081893. In both cases you will see that none of these addresses appeared in any transactions in any blocks in between.

Therefore NONE of these 2 addresses could be spending any money at all and therefore this practically confirms there was an inflation bug without having to find the bug in the code and without even having to deanonymize the transaction.

Maybe Derolytics is right, Captain exploited the bug himself and maybe also patched it shortly after, maybe in February 2023. So today the bug is no longer in the code, that's why nobody can verify it.

Everything perfectly lines up also with the findings of those who deanonymized the transaction using the randomness reuse bug.

It's very hard at this point to believe the bug is not real. Someone exploited Dero and minted 2.2M coins. This is very disappointing. Fucked up. You name it.

Dero has the best privacy tech I have seen around, but it also seems to be an inflation scam. The only good news could be that inflation exploit seems contained at 2.2M. But there is no guarantee even of that, Derolytics could again be right and the bug could still be there.

Where are all the cypherpunks in the community that preach don't trust verify? All the genius devs with 6 digit salaries that brag about their coding skills?

I'm not even a coder and I got to this before you.

Why did nobody verify Derolytics' claims? All I've seen is dumb memes making fun of him. And if someone did verify, why didn't they share their findings with the community?

ARE YOU CYPHERPUNKS? ARE YOU FRAUDS? OR ARE CYPHERPUNKS FRAUDS?

Enlighten us.

🚨THE INFLATION BUG WAS PATCHED 10 DAYS AFTER THE EXPLOIT TRANSACTION!

Dero's builds, at the time of the exploit, were not reproducible. Only 10 days after the inflation bug was exploited Captain did release binaries with reproducible builds.

This means before October 27, when the exploit transaction happened, the pre-compiled code had a vulnerability, which was exploited to create 2.2M coins.

There is no vulnerability in the code today because the code was later updated with reproducible builds that didn't have the inflation bug.

I understand the lesson about not running pre-compiled code, but fuck did he have to do a 2.2M exploit?

WTF CAPTAIN! The only good news is that there is probably no inflation bug today but there are 2.2M extra coins in circulation.

🚨DERO INFLATION SCAM FAQ

1) What's the source of your information?
Answer: My local Dero node.

Just run a Dero node and query it for the exploit transaction ID, you will find a list of ring members and by going through ring members you can identify decoys and the only 2 ring members left that are not spam addresses. These 2 couldn't have spent any coins in that transaction because they never appeared in any other transactions before that one, therefore it was an exploit.

2) How do you know that it was Captain who exploited Dero?
Answer: Because Dero's code was not reproducible at the time, and Captain's precompiled daemons accepted the exploit transaction.

Dero's public code had no bug, yet Dero's daemons accepted the transaction, this proves the bug was in the pre-compiled binaries. This proves the source of the bug was Captain, since only he could have corrupted the pre-compiled binaries

3) How do you know that Captain himself wasn't attacked with a compiler vulnerability?
Answer: Because then the code would have been reproducible since the compiler bug would have affected everyone, not just Captain.

4) Is the bug still in Dero?
Answer: No, the bug was likely patched 10 days later when Captain pushed reproducible builds.

5) How did the transaction pass verification after the update of the code by Captain 10 days later?
Answer: Because Captain explicitly asked everyone only to swap the daemon, and to not delete the mainnet folder. By doing so the exploit transaction was passively accepted by the new daemon.

6) Why didn't new nodes catch the bug?
Answer: I don't know, but there are many ways to filter out any nodes that catch the bug by telling them "it's a node bug we're working on, just use fastsync, or pop a few blocks." Many such instances on Dero Discord.

7) Are the Dero chain splits of early 2023 related to the bug?
Answer: There are rumours that the chain split in early 2023 was caused by an effort to push a chain that wouldn't show the old corrupt proofs so they don't show when new nodes sync from 0.

Apparently Slixe and G45, the founders of Xelis convinced the community to follow their side of the fork even though some people suspected that arm of the fork was exploited.

8) So then Slixe and G45 did the exploit, not Captain?
Answer: If that's the case then it would only prove that there is a strong possibility that Slixe, G45 and Captain are 1 entity.

We know for sure Captain was the source of the discrepancy between pre-compiled and public binaries. If Slixe knew too, then he was Captain or part of Captain.

9) So this means the same team behind Dero also launched Xelis?
Answer: Yes, there is a strong possibility that they are the same team.

A lot of evidence points that way, since Slixe in 2023 pratically helped cover up Captain's exploit so he was either part of Captain or Captain himself (same person or same team).

10) How many coins were minted in the exploit?
Answer: I don't know for sure, but Derolytics' explorer shows 2.2M coins were minted.

Other people have corroborated his findings by epxloiting the randomness reuse bug.

11) Is this the only inflation bug in Dero?
Answer: I don't know for sure, but according to the Derolytics explorer it is the only one. Someone would need to inspect the entire chain on their own to decide.

12) Is there any possibility Captain could be innocent?
Answer: For me 0. Of course they will try to say "Captain was a team and some people in our team did this but we purged them it was Slixe and G45". It just doesn't add up, for me.

My final verdict: Dero is a scam, and Captain is a scammer.

I can tell you how it is ended on the example of Haven.
First they delist it from all exchanges, on the last exchange trading volume falls to zero. Then the miners leave, the blockchain stops working so you can't do anything at all. So your fav coin has literally gone to zero but you still believe that it is more valuable than btc. But guess what: the wallets stop working at all, you see just numbers on computer screen but can't even send then to another address.
Many privacy coins died like that.

Fork dero, remove rings, do a fair launch (they cannot sue you, I will tell you why at the end). Let it be your gift to the people of the world. Let me explain why.

While Dero’s tech has the potential to be the best privacy tech, it’s very far from realizing its potential. Today you can easily trace transactions on Dero, even with the bug fix.

The Derolytics explorer, for example, makes it very easy to know when a wallet moves money. Dero’s current decoy picking algo also sucks, because it seems to be entirely random so by spamming the chain with 1M addresses (like someone did in 2022), it’s highly probable that most decoys will be spam addresses and easily discardable.

Monero is still more difficult to trace because wallets and explorers don’t let you query for specific TXOs. This of course doesn’t mean the tech is better.

But ok, the chief scammer Captain has said that he wants to give people time to understand Dero. Damn Cap, where are you? We understood it so well that we even caught you stealing from your own users! On one side your minions preach on the importance of integrity, privacy, freedom and on the other side there is you stealing your users’ freedom to feed your greed! I bet you paid/pay some of those minions with your stolen coins!

Anyway, if Dero is not already the product of some CIA/NSA/FBI lab of devs with God complex (it sure looks that way right now, and if so then "waiting on Cap" is just the current stalling strategy), then the idea/tech will eventually be captured by the deep state anyway.

What happens next imo is that they will stall development for years, like they did with Monero. The upgrade Dero badly needs is removing rings. But I fear that once they capture it (Captain Baba and the 40 thieves have made it extremely easy), Dero will linger in its deprecated state forever and they will only upgrade it when it will no longer make a difference.

So if any capable devs are reading this, if you can be anon and take care of your opsec. Study Dero, fork it, remove rings, relaunch it. If somehow they find you through their friends at the NSA, and sue you, you can refer to their Xelis scam as precedent where the license was not enforced.

If you can but you don’t then we will be at the mercy of the deep state either way. So I sincerely hope someone reading this has got the backbone to do what it takes. Don’t even message me if you do it, let me find out on my own.