Headquartered in Kiev, Liqui is a crypto-only cryptocurrency exchange with a 235 trading pairs. Liqui offers both a public and private API for programmatic trading and states a 24-hour volume of around 1250 BTC. Liqui’s numerous trading pairs are all against its three main currencies, BTC, ETH, and USDT, meaning that those looking to trade with fiat will want to find a different exchange or a method of converting their crypto after the fact. Overall, It is a good choice for small to medium traders, especially those looking for the ability to trade programmatically against a large number of cryptocurrencies.

Liqui finds itself at #23 on BlockExplorer’s list of the top 25 cryptocurrency exchanges of 2017.

Liqui

liqui cryptoURL: liqui.io
Launched: 2016
Trading pairs: 235
Deposit Fees: No
Withdrawal Fees: No
Trading fees: Yes
Verification: Yes
Margin Trading: No (coming soon)

Fees and Limits

Liqui lays out its fees in the usual maker/taker scheme, where makers pay a 0.10% fee and takers pay a 0.25% fee. All of Liqui’s trading pairs currently have the same fees applied to them. Fees are listed on Liqui’s Fees and Limits page, with the fees specifically only listed for the three ‘main’ cryptocurrencies you trade against; Bitcoin, Ethereum, and USD Tether.

Limit-wise, Liqui has three levels; New accounts are split into three 24 hour periods, where their withdrawal limit increases by 5,000 USDT or equivalent per day, starting at 5,000 USDT. Following the new account restrictions, an account receives the “Basic Account” withdrawal limits of 50,000 USDT or equivalent per day. And lastly, for “Enhanced Accounts”, the limit is 500,000 USDT or equivalent per day. Note that the Enhanced Account’s limit requires both verification and 2FA to be enabled on the account.

Registration

Registering an account on Liqui is simple, and requires a username, email, and password. A confirmation email will be sent to you once you have completed the registration form. And after following the confirmation link in said email, you can begin to trade. Note that new accounts have withdrawal limits that are explained above.

Verification

Liqui has one verification level, the requirements for which are not published. Getting verified begins with a support ticket at their support site. Assume that for verification, the usual information is required. Namely a photo ID and proof of residence.

Interface

Liqui has a soft feel to its interface, which by default is a cool white with blue highlights. Liqui’s interface also offers a dark mode, which can be toggled with the lamp icon at the top of the page. The dark mode maintains the same highlights but trades the light background and dark text for a dark background with light text. Almost all of the interface switches seamlessly, with charts requiring a refresh. Some users may find the dark mode difficult to read, as the contrast between the text and the background is not very high.

On Liquis main trading page, there is a chart and summary front and centre, with buy and sell dialogues below. Further below is an area to select trading pairs, the current order book, trade history, and your personal trade history.

Security

Liqui offers decent security measures, including 2FA. When logging in to your account, without having 2FA configured, you are emailed a security code for that login. The security code is a massive 64 character string, making it safe from brute forcing in the 5 minutes which it works. Two Factor Authentication is offered via Google Authenticator and is simple to set up, using the standard ‘scan this QR code’ approach.

Otherwise, Liqui offers a complete overview of account login activity. Specifically, you can see all active sessions, with the ability to close them, and you can see all login activity, successful or otherwise. Both account information sections have the date, time, and IP address of the occurrence listed.

Coinfloor is a London UK, based cryptocurrency exchange that was founded in 2012. It offers 8 trading pairs, all of which are crypto/fiat. Coinfloor finds itself at number 21 on BlockExplorer’s list of the top 25 cryptocurrency exchanges of 2017.

Coinfloor is a good choice for any UK based trader looking to trade in some of the more well-known cryptocurrencies. Specifically, Coinfloor provides trading pairs for Bitcoin, Bitcoin Cash, Ethereum, Ethereum Classic, Ripple, and Litecoin. Coinfloor’s markets seem active, with XBT/EUR being the most active trading pair.

Coinfloor

coinfloor cryptoURL: coinfloor.co.uk
Launched: 2012
Trading pairs: 8
Deposit Fees: Yes, for fiat
Withdrawal Fees: Yes, for all
Trading fees: Yes
Verification: Yes, one level
Margin Trading: No

Registration

Registration on Coinfloor is broken up into three steps. Step one requires just an email address and password. Once you have completed step one, you must confirm your email via a link before proceeding to step two. Step two requires you to configure two-factor authentication, and step three requires you to go through Coinfloor’s verification system.

Verification

Coinfloor has a single verification level that is required to trade on the platform. Getting verified is a two-step process that requires a picture of your ID, your full name, your country of residence (including postal code). According to Coinfloor, the verification process should take about a minute for pre-verification in most cases.

Fees

Coinfloor’s trading fee system is broken up into three levels where each level is based on the amount you have traded over the past 30 days. On the low-end, the trading fee is 0.30% of your trading and applies for traders with less than $500,000 USD traded over 30 days. For mid-range, the fee is 0.20%, which applies for traders that have traded between $500,000 USD and $1,000,000 USD over the past 30 days. And on the high-end, for more than $1,000,000 USD traded, the fee applied is 0.10%.

Deposit and withdrawal wise, for cryptocurrencies, there is no deposit fee and there is a small withdrawal fee of 0.0050 of that currency, with a minimum deposit of 0.05 and a minimum withdrawal of 0.0005. Fiat wise, the fees are set per currency and can be seen on Coinfloor’s fee page. Minimum deposit and withdrawal for fiat are 5,000 and 2,000 respectively for every fiat currency that Coinfloor accepts.

Interface

Coinfloor’s trading interface leaves a bit to be desired, the entire site is built on a white and blue theme, with the occasional green accent. And unfortunately, there is no dark mode available, making late night trading sessions heavy on the eyes. The main trading interface has a market depth chart, but no other charts are offered. Below the chart on the left is an order book, with your personal orders filtered to the right. Directly to the right of the chart is an order submission form. And on top is a trading pair selection drop-down.

Security

While Coinfloor does enforce 2FA, there are unfortunately only two supported 2FA methods, and Google Authenticator isn’t one of them. The two choices you do have are Authy and YubiKey, with YubiKey being the star of the two, as it’s a hardware-based second factor. Otherwise, Coinfloor will email you on every login to your account.

On the corporate side, Coinfloor states that it maintains all of its client’s currency in multi-signature cold wallets. Also stated is that its entire system is regularly tested by penetration testers, though it does not state exactly who, aside from ‘a highly regarded penetration testing firm’.

Blockchain

“The authorities in EOS just instructed the block producers to censor transactions from 27 accounts with no reasons given.” – @ferdousbhai on twitter

On the 22nd of June, the EOS Core Arbitration Forum, ‘An Arbitration Forum for and by the EOS Community’ ordered EOS block producers to refuse transactions from specific addresses “indefinitely”. ECAF’s order further went on to state “The logic and reasoning for this Order will be posted at a later date”, followed by a handwritten, dated signature.

Following the first order, on the 24th, an additional order was released that retroactively revokes all tokens in 5 accounts from the time of the original order.

After the initial order, one of the EOS Block Producers made a steemit post, in which, as part of an update, the reasoning behind the order was disclosed. Apparently, each account had currency stolen from it.

What happened to trustless systems?

One of the core ideas behind (most) cryptocurrencies is that the system is trustless. Meaning that no matter what, no trust is required to use the cryptocurrency. With EOS, it would seem that you are required to trust that ECAF will not decide to freeze or revoke your assets, with or without reason, much in the same way that you trust a bank with your fiat currency.

What happens if you speak out against ECAF? What is in place to prevent someone in power from freezing or outright revoking your assets? Said hypothetical person of power would not even have to come up with a convincing reason for the action. To quote the above orders: “The logic and reasoning for this Order will be posted at a later date”.

According to a post on ECAF’s forums, when freezing assets, those responsible are required to open a case against themselves regarding the decision, and if found to be in error, are liable for the results of the freeze. The liability is reactionary, there does not seem to be anything directly preventing someone from freezing or revoking assets.

Even if ECAF does what it believes is right, why do they get to decide? What gives them the right? Why are they better at deciding than anyone else? Why should anyone trust them? How is it any different from a government, or the leadership of a company? How can those that DO trust them be sure that there are no ulterior motives in play?

The only way to be sure is for the system to be trustless.

What happened to decentralized systems?

Another core idea behind cryptocurrencies is that they are decentralized. There is no central target to attack. No single group of people that can make changes to the blockchain. With EOS, there are ‘Block Producers’ who are responsible for adding blocks to the blockchain. Block Producers follow orders from ECAF. This communication line is a single point of failure (or a large attack surface, depending on your view).

What happened to immutable systems?

Immutability, meaning the inability to change, is a word often used to describe blockchains. The idea is that once something is on the blockchain (a transaction, for instance), it cannot be changed or undone. For PoW coins like bitcoin, this works by means of cryptographic hashes, a block contains its parent’s hash. Therefore, in order to change something behind a block, you must change every block after it. The immutability of a blockchain is one of its strengths. For transactions, immutability means that you cannot undo a transaction, or change how much currency was sent within it. Thus removing the need for trust between parties.

EOS has shown its ability (and intent) to rewrite history ‘when necessary’, which ruins immutability and tears apart the trustless nature of its blockchain. How can you trust what you see on the blockchain if you know that what you see can be changed at will?

In the case that prompted this article, the reasons for the change are to prevent losses accounts that may have been compromised. A familiar tale for anyone who knows about the origins of Ethereum Classic.

Hypothetically, assuming that an account is compromised, and is used to transfer currency in the form of payment for services to another account, what happens to the service provider? Do they get the short end of the stick and lose what they earned? Or does the service provider get to keep what they earned, while the compromised account is also re-credited with currency? The former seems unfair, and the latter seems insane. If you can simply create currency out of thin air, what is to stop someone in power from making themselves rich?

The only solution here, while maintaining a trustless system, is for the blockchain to be immutable.

What is left for EOS?

From my perspective, the only thing left with EOS is the tech behind it and the hope that there are no malicious actors within its ranks. I feel that EOS has walked away from what cryptocurrencies are, and towards what they were created to fight against.

Trustless. Decentralized. Immutable.

GuardiCore, a cloud-based security provider, has uncovered a large-scale attack on vulnerable servers. Codenamed Operation Prowli, the attack leverages various exploits to redirect web traffic, and to install cryptocurrency mining software on its targets.

Operation Prowli

Operation Prowli attacks targets with various exploits tailored to specific vulnerabilities. From SSH brute forcing to Mirai-like attacks on consumer modems. Post-infection actions taken include installing cryptocurrency miners and redirecting web traffic. Both post-infection actions performed by Operation Prowli are intended to provide a revenue stream back to those running the attack. At the time of writing, it was reported that over 40,000 computers have fallen victim.

A more in-depth look at the methodology and attacks used by Operation Prowli can be seen in GaurdiCore’s release.

Cryptojacking

Cryptojacking, or stealing computing power from others, allows those behind Operation Prowli to leverage many compromised computers to mine cryptocurrency. As in the last few reports on cryptojacking, the currency of choice for the attackers is Monero, undoubtedly chosen for its commitment to being minable on consumer CPUs and untraceable nature.

Traffic redirection

Once Operation Prowli has managed to gain access to a server, it will attempt to redirect web traffic towards malicious sites. An example used in GaurdiCore’s release is tech support scams.

Prevention and staying secure

For consumers, the best way to stay secure is to verify that the site you have visited is the one you intended. And otherwise to only follow links you trust.

Providers that are not already infected, ensuring your servers are secure can be done in various ways. With the simplest being to use strong passwords, and to only expose to the internet what you absolutely have to. For this reason, firewalls to close ports that do not need to be accessed externally are a must. Otherwise, ensuring that the software you use is up to date, and does not have any longstanding security issues will go a long way.

Otherwise, for providers that are already infected, changing all passwords and doing a security audit is a good first step. After which, stop all currently running malicious processes and remove their binaries (hashes provided below). Or in the case of the traffic redirection attack, check all relevant files for malicious lines.

Filename Hash (sourced from GaurdiCore’s release)
r2r2 128582a05985d80af0c0370df565aec52627ab70dad3672702ffe9bd872f65d8
r2r2-a 09fa626ac488bca48d94c9774d6ae37d9d1d52256c807b6341f0a08bdd722abf
r2r2-m 908a91a707a3a47f9d4514ecdb9e43de861ffa79c40202f0f72b4866fb6c23a6
r345 51f9b87efd00d3c12e4d73524e9626bfeed0f4948781a6f38a7301b102b8dbbd
r345-a cfb8f536c7019d4d04fb90b7dce8d7eefaa6a862a85c523d869912a1fbaf946a
r345-m 88d03f514b2c36e06fd3b7ed6e53c7525a8e8370c4df036b3b96a6da82c8b45b
xm111 b070d06a3615f3db67ad3beab43d6d21f3c88026aa2b4726a93df47145cd30ec
cl1 7e6cadbfad7147d78fae0716cadb9dcb1de7c4a392d8d72551c5301abe11f2b2
z.exe a0a52dc6cf98ad9c9cb244d810a22aa9f36710f21286b5b9a9162c850212b160
pro-wget a09248f3a4d7e58368a1847f235f0ceb52508f29067ad27a36a590dc13df4b42
pro-s2 3e5b3a11276e39821e166b5dbf6414003c1e2ecae3bdca61ab673f23db74734b

 

Reddit and GitHub user iminehard noticed their cellphone experienced interference while near their impressive GPU mining farm. Following this, iminehard investigated the issue and found that there was a definite increase in noise around a specific LTE range. iminehard’s testing methodology and results are covered in more detail below.

“TL;DR – Large number of GPUs in open air crypto currency mining “rigs” emit substantial spurious emissions/noise on portions of the LTE spectrum used in the United States.”-GitHub and Reddit user iminehard

Testing for interference

iminehard documented their testing methodology along with their results. Testing made use of a Laptop, an RTL-SDL tuner, and an omnidirectional antenna for said tuner. SDL, or Software Defined Radio, allows you to use a computer to capture and produce RF signals, using its CPU to process the signals. This is different from regular radio, which uses specialized hardware to process the signal. Iminehard used this to capture the frequencies on which LTE operates.

Chart comparing parts of the RF spectrum between tests
Mining in blue, idle in green

The first pair of tests iminehard performed was a single GPU inside a case, first at idle, but overclocked and with fans on, and the second with the mining software bminer running. No perceptible difference can be seen on the charts comparing the LTE spectrum between the two tests. The lack of difference between the charts could mean a few things. Namely, it could mean that the case used blocked or grounded out the interference. Otherwise, it could mean that the interference generated by a single GPU is undetectably negligible.

Moving forward, iminehard tested their mining farm, with interesting results:

 

iminehard's GPU mining farm
iminehard’s GPU mining farm

iminehard used the same testing method that was used above on their farm. And unlike the previous test, there was a significant change in what iminehard called “range 1” of the LTE spectrum used by the United States (617-746 MHz).

Chart of RF spectrum showing the difference between tests
Mining in blue, idle in green. Sourced from iminehard’s investigation on GitHub

Results of interference

As shown above, there is some definite interference caused by large-scale GPU farms. This interference may cause service disruptions for those trying to use cell phones within the field. Due to the fact that this may cause service interruption, the farms may break federal laws regarding intentional interference. Or may cause the FCC to come knocking on your door asking you to knock it off.

Shielding to prevent interference

The above tests were performed on ‘open’ GPUs. ‘Open’ referring to the fact that the GPUs were not mounted in a metal case. A metal case may provide some shielding for the interference that the GPUs release, either due to grounding or construction. Aside from being sure to mount all GPUs in a real case, one could build a Faraday cage around the entire farm. A correctly built faraday cage should contain all the interference within the cage. One major downside to using a Faraday cage is that Faraday cages are conductive. If it collapses, it could damage equipment.