Monero logo

A huge upgrade to Monero, the 10th largest cryptocurrency network, just made transactions 97% cheaper while maintaining its privacy features. Monero, which is best-known for its anonymous transfers, now uses technology called “Bullet Proofs” to scale up. Armin Davis explains further.

Another six months have gone by, and as such, Monero has performed its bi-yearly network upgrade hard fork. Specifically, the hard fork took place on the 18th of October, at block height 1685555. 

Of the numerous changes made over this upgrade, a few stand out:

  • “Bullet Proofs” greatly reduce transaction size (and therefore transaction fees)
  • Monero’s upgrade further discourages specialist mining tools like ASICs.
  • To maintain privacy, the ring size for all transactions on the Monero network has been fixed to 11.
Monero infographic
Credit: Reddit u/cryptoKL

Explaining Monero’s New “Bullet Proofs”

Prior to this upgrade, Monero used a version of what is called a “range proof”, or zero-knowledge proof”. 

A zero-knowledge proof means that something can be proven true without knowing the actual data. For example, I can prove that it is less than 0°c outside without knowing the actual temperature data. All that I need to do is place some water outside and see if it freezes.

For Monero, range proofs allow outside observers, like other Monero nodes, to confirm that a transaction took place using cryptocurrency that already existed. Rather than currency created out of thin air, or currency already spent elsewhere.

The Downside of the Previous Monero System

The downside of these range proofs is that they are large, each transaction takes up somewhere around 13 kilobytes, which is significantly larger than Bitcoin’s ~ 300-byte transactions. 

With large transactions comes large fees, as the fee you pay is (mostly) based on the size of your transaction in the block. And, while not an issue for Monero, larger transactions can cause network congestion on blockchains with small, fixed size blocks.

bullet proofs

Enter Bullet Proofs: A great improvement on the previous range proofs, reducing transaction size by as much as 80% while maintaining the same level of privacy and ensuring that no foul play occurs. 

As discussed above, the size of your transaction is what determines your fee (mostly). By reducing the transaction size, transaction fees are also greatly reduced (as much as 97%)

A Two-Stage Monero Upgrade

The upgrade to Bullet Proof based transactions will happen in two stages. Starting at height 1685555, the Monero network will be upgraded to v8. On v8, transactions using both the old range proof and the new Bullet Proof system will be accepted on the network. 

Shortly after, at height 1686275, a second hard fork will occur that upgrades Monero to v9. This will cause the Monero network to reject any non-Bullet-Proof based transactions and implements a number of patches to Bullet Proofs.

Crucial Monero Audit Halts Threat of 51% Attack

On the 22nd of October, an embargo was lifted on some major bugs found during an audit of the code around Bullet Proofs. 

Of the few bugs found, the most major involves a method to perform a 51% attack on the Monero network. Due to the magnitude of this bug, information around it was embargoed until a patch was live. As is standard practice for most major bugs. 

The flaw was discovered by OSTIF (The Open Source Technology Improvement Fund) during its audit of Monero’s Bullet Proofs.

A 51% attack involves gaining the lion’s share of mining power on a given blockchain. Once you have the most mining power, you can begin to rewrite history, and otherwise change the blockchain. This is because most blockchain nodes follow the longest chain. If you have the lion’s share of mining power, you control the longest chain.

51% attack explained

There are various methods one can use to gain 51% mining power on a given network. In Monero’s case, a vulnerability was discovered that would allow malicious actors to crash other nodes remotely.

By crashing nodes other than yours, you can begin to chip away at the mining power that is not yours. Once you have removed enough rival mining power, you gain two things; most of the mining profits on the blockchain, and the ability to perform a 51% attack.

Monero Continues to Deter Mining Hardware (ASICs)

Monero developers purposely try to deter giant mining companies (like Bitmain) from monopolizing, and therefore centralizing, the network.

Earlier this year, specifically just before the previous hard fork, Monero’s network “difficulty” (a measure of how difficult it is to mine a block) began to rise uncharacteristically quickly.

It was discovered that the cause of this was that Bitmain had developed a working mining device (ASIC) for the CryptoNight algorithm – the backbone of Monero’s network. 

At the time, a small change to the algorithm was made as a hotfix to make the ASICs unusable on Monero. Said change was referred to as CryptoNight v7.

Monero blocks ASIC miners

Fast forward to this month, and the Beryllium Bullet network upgrade, Monero’s algorithm has once again been changed. Now called CryptoNight v8, it is intended to make producing an ASIC for Monero even more difficult.

How Does CryptoNight Prevent ASIC Miners?

CryptoNight v8 continues the work done by v7, in that it further increases the amount of memory bandwidth used by the algorithm. Specifically, the increase is by a factor of four. 

Unfortunately along with this comes with a slight performance hit to regular CPUs of around 5-20%. The Monero developers and community feel that the performance drop is worth the gained protection from ASICs. And the performance may be gained back through optimizations of mining software.

This change works on the basis that it is prohibitively expensive to add large amounts of fast and high-speed memory to ASICs. A regular desktop CPU usually has somewhere between 4-64MB of cache, of which 2MB will be used per CryptoNight mining thread. 

So for an ASIC looking to run a large number of threads, a large amount of high-speed, cache-like memory will be required. And further still, v8 now requires a 64-byte wide memory access. Which, for a desktop CPU is easy as it should already have the required hardware.

Keeping Monero Private With Fixed Ring Size

Beryllium Bullet changes two things about how Monero users can structure their transactions.

Fixed Ring Size: First off, Monero users can no longer select the ring size of their transactions. Ring size is the number of decoy transactions added to every Monero transaction in order to hide which transfer is the real one in the transaction.

monero-ring-signature
Credit: BitcoinKeskus

This change, while controversial, is intended to help keep all users on the network private. Specifically, keeping transactions private while also keeping some transaction sizes down.

Ring Size Increased to 11: Secondly, the minimum (and now fixed) ring size has been set to 11. This is greater than the previous minimum of 5.

The rationale behind locking the ring size to 11 is that by making all transactions look exactly the same, it’s harder still to trace a given transaction across the network. You want to look the same as everyone else, rather than making a transaction with a massive ring size, which will stand out. While it is true that a larger ring size makes the transaction more private, it also makes the transaction as a whole a lot easier to spot.

Conclusion

Together, these upgrades combine to make Monero transactions 97% cheaper, while deterring mining centralization and maintaining its core privacy features. The upgrades make Monero truly bulletproof.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Five million bitcoins.

That’s how many have been lost or stolen since bitcoin was created. 

Unless you take the right precautions, cryptocurrency theft and hacking is still a very real threat. 

And then there’s the risk of losing your cryptocurrency by failing to back it up. (Just ask the man who threw away a hard-drive with $75 million of bitcoin on it).

Luckily, there’s plenty you can do to protect yourself. In this article, we’ll go over eight best-practices you should follow when using cryptocurrency.

Stay safe.

1. Don’t Tell People How Much Cryptocurrency You Own

Or better yet, don’t tell anyone that you own cryptocurrency at all. If pressed about this, a good answer is that you own “some” or any other non-answer.

The reasoning behind this is pretty simple. Telling people how much cryptocurrency you own is a great way to turn you into a target, even to people you trust. There’s a reason one of the first things lottery winners are always told is to contact a lawyer before telling those around them. 

bitcoin best practices

Unfortunately, money makes some people greedy, and those people will stop at nothing to get what they want.

Unlike a bank account or other fiat cash storage, cryptocurrency is almost always stored close to you (on a computer or hard-drive in your home). It can be stolen relatively easily. And while your password may be strong, rubber-hose cryptanalysis or social engineering means that a strong password may not be enough when thieves are in close proximity to you.

2. Cold Wallets Are an Awesome Idea

Keeping all your currency in a hot wallet is asking for trouble. A hot wallet (one connected to the internet) is great for day-to-day transactions, but they are easier to steal from. A “cold wallet” means storing your crypto offline. Keeping most of your cryptocurrency safe in cold storage is just plain good practice.

Read more: What is cold storage for cryptocurrency?

Additionally, for an extra step of protection, you can use a hardware wallet. Hardware wallets are like an external hard-drive but designed specifically to store cryptocurrency. 

ledger nano cold storage bitcoin wallet plugged into a laptop
Pictured: a Ledger Nano hardware wallet

Most hardware wallets are tamper resistant. Meaning they will erase themselves if someone tries to break into them, either physically or by attempting many passwords. This is much better than a laptop or other general-purpose device because if the laptop is stolen, any wallets on there can be attacked forever.

The most popular cold storage hardware wallets are Ledger and Trezor. 

3. Never Use Exchange Wallets for Longer Than You Need To

In other words, don’t keep your bitcoin on Coinbase, Bitpanda, Binance, or any other exchange.

This one doesn’t make sense on the surface. Why wouldn’t you want all your currency ready to trade at a moment’s notice?

First off, online wallets, in general, are dangerous. You are not the only person with access to your funds. In fact, you don’t even have total control over the wallet. Not having full control over your wallet is a pretty glaring security issue, and should be avoided if possible.

Secondly, cryptocurrency exchanges can fail incredibly quickly. There is no fallback for crypto exchanges other than the ones they make. If the exchange fails, you may never get your cryptocurrency back. Your money may have even been used without your knowledge in an attempt to prop up the failing exchange.

And lastly, due to their extremely large turnover, exchanges are a much bigger target for hackers and other malicious people than a single wallet.

4. Always Encrypt Your Wallets

Now that your crypto is safely in a private wallet, your next challenge is keeping your wallet secure should the files themselves be stolen by someone across the internet.

The first line of defense for the wallet is a strong password. As with most passwords, length trumps complexity, and the combination of both is best.

how to make strong passwords
Credit: 360 Total Security

That said, if you believe your wallet has been compromised, move all the cryptocurrency from the compromised addresses to new (hopefully secure) addresses. The fees you will pay to move them to the new address is worth the peace of mind. 

Some wallets have one-click options to do this, often referred to as “sweeping”.

5. Use Separate Addresses Where Possible

Staying private in the cryptocurrency world is, in general, a good idea. Bitcoin has a reputation for being anonymous, but that’s not actually true.

When you transact with someone, they can see your “public address.” It looks something like this:

1GsOmhLr0FbBpNco1NDar6sSV8tsHaKF6kd.

It doesn’t tell anyone your name, but if they search for this address (on a block explorer), they’ll see every transaction you’ve ever made using that address.

It means you’re effectively sharing your transaction history with someone else. You’re also showing that person who else you have transacted with and how much was transferred. That last one falls under the first rule we have, as sharing how much cryptocurrency you have makes you a target.

When transacting with non-private cryptocurrencies like bitcoin or litecoin, be sure to use separate addresses for each transaction.

An alternative is using a truly anonymous cryptocurrency like monero.

6. Double Check Everything

One easy way to lose currency is to send it to the wrong place or to use the wrong wallet. 

Cryptocurrency transactions are “immutable” – they can’t be reversed. So if you send money to the wrong wallet, it’s gone forever.

For this reason, you should always verify that you know what you’re doing, and everything is correct.

For addresses, this is pretty simple. Check that the first few and last few characters are the same as your intended target. If the first and last characters are correct the rest probably are. 

Though, there is some malware out there that will switch out addresses for lookalikes in your clipboard. For this reason, you may want to verify that the entire address is correct before sending large amounts. 

If you’re still worried, try sending a test transaction first.

7. Always Make Backups (Use the 3-2-1 Rule)

Keeping backups of everything is a good idea in general, but it’s an especially good idea when it comes to cryptocurrency.

For most use-cases, the 3-2-1 rule for backups should be followed; three copies, two different media, one off-site. 

321-Backup
Credit: ISG Tech

That could mean keeping your private keys on:

  1. Hardware wallet.
  2. CD or flash drive.
  3. Paper wallet.

That’s three versions stored on at least two different devices or media.

Next, you should keep one off-site. In other words, nowhere near the other two. 

A nice off-site location is a safety deposit box at a bank. Either hardware or paper wallets are good here, though paper wallets are (in this case) the safer bet. Note that this requires you to trust that the bank will not open your box for any reason.

For large amounts of cryptocurrency, you can even utilize a former military bunker in the Swiss Alps.

The two separate media means that if one is damaged in some way, the other is likely not. And one off-site means that in the event of a house fire or otherwise, you still have a backup.

Remember that you should always encrypt your backups. If you back up a wallet file and someone malicious gets a hold of it, your currency is theirs to steal.

8. Never Spend Money You Can’t Afford to Lose

Finally, cryptocurrencies are incredibly volatile. This means the price can swing up very high, and fall very low. 40% swings of value in a single day are not unheard of, especially for smaller coins.

Much like with regular investments, storing value in cryptocurrencies is a calculated risk, and, there is always the chance that cryptocurrencies “go to zero”. And if you’ve put in every cent you have, you could end up in trouble.

Conclusion

The best-practices outlined here require a little extra work, but it’s well worth the effort. Keeping your crypto safe and secure is the most important thing you’ll do.

Gatecoin's interface

Founded in 2013, Gatecoin is a Hong Kong based cryptocurrency exchange that finds itself at #25 on BlockExplorer’s top 25 exchanges of 2017 list. Gatecoin offers a good number of trading pairs and an API for programmatic trading. Of the 90 trading pairs Gatecoin offers, there are both crypto/fiat and crypto/crypto offered, with the crypto/fiat pair’s fiat side being one of USD, EUR, or HKD.

Gatecoin has a respectable number of trading pairs and offers an API for programmatic trading. Which makes it a good choice for any traders located in Hong Kong, especially those looking to trade programmatically.

Gatecoin

gatecoin cryptoURL: gatecoin.com
Launched: 2013
Trading pairs: 60
Deposit Fees: Yes
Withdrawal Fees: Yes
Trading fees: Yes
Verification: Yes (Three levels)
Margin Trading: No

Fees and Limits

Fee wise, Gatecoin charges fees based on the trader’s volume over the last 31 days. Unlike some other exchanges, the 31 day period is a rolling one, meaning that you do not have to wait an entire period if you have significantly changed the volume of your trades. Fee levels are broken into the standard maker/taker distribution, where the taker pays a higher percentage than the maker. On the low end, 50BTC/31d, makers pay a fee of 0.25% and takers pay a fee of 0.35%. And on the high end, 20,000+BTC/31d, makers pay 0.02% and takers pay 0.1%. A complete breakdown of the trading fees charged can be found on Gatecoin’s fee page.

For deposit and withdrawal, Gatecoin only seems to charge fees for fiat. The fees paid depends on the transfer method, for example, there is a 1EUR deposit and 5EUR withdrawal fee for SEPA based deposits and withdrawals. The full list of fees can be found on Gatecoin’s transfer costs page.

Limit wise, accounts are limited based on their verification level. For crypto, you can transfer an unlimited amount as soon as you have completed tier 1 verification. And for fiat, tier 1 accounts are limited to $50,000USD or equivalent, which is upped to $100,000USD or equivalent for tier 2. There is no indicated timeframe for these limits.

Registration

Gatecoin’s registration method is a multi-step process that requires a decent amount of personal information. Registration cannot be completed without providing said information.

The first step is an email and password and is input from the normal registration form. Once you have completed the initial registration, you will be required to go through a further five steps on login. Each step requires some personal information from you. With the first step requiring your first and last name, your date of birth, and your current nationality. Following step 1, step 2 requires contact details, specifically, your address and phone number. Step three is simple and requires you to confirm an email address for your account. While step four is essentially verification for level 1, requiring a scanned copy of a photo ID and some proof of residence. And lastly, step five is a questionnaire asking for information regarding your source of funds.

Verification

Gatecoin has three verification tiers, where the first is no verification, the second is “verified”, and the third is “Certified”

Tier 2 verification requires a photo ID no older than ten years, and a proof of residence no older than three months, and a filled out ‘source of funds questionnaire’. Tier 2 is completed as a part of the initial account registration process.

“Certified” verification requires the same documents from Tier 2 to be mailed in as certified hard copies. Once the certified copies of the documents have been received, a video conference based verification takes place. During the Skype call, you will need to show your ID to prove that you are who you say you are. Alternatively, Hong Kong residents can have their documents certified at Gatecoin’s office.

Interface

Gatecoin’s interface is a bright white with two-toned blues for highlights, there is no dark mode offered. The bright background makes the interface difficult to use at night or in dark settings. The trading interface itself is well balanced, with a decent amount of information provided. As for the layout of the trading interface, it is split into four sections. The upper left section holds an order submission form. And on its right is the currently selected trading pair’s order book. On the lower half, there is a trade history on the left and a chart on the right. Along the top of the page is the pair selection dropdown, as well as a small overview of the current ask, bid, volume, high, low, and last trade for the currently selected pair.

Security

Account security wise, Gatecoin offers 2FA by means of Google Authenticator. Gatecoin offers a very granular account security configuration tool that allows you to specify what account actions will be logged via email, require confirmation via email, and require confirmation via 2FA. Granular controls are a welcome sight and make securing your account very easy. Gatecoin also states that all user funds are stored in per-user accounts on their side.

Founded in 2016, ACX is an Australian cryptocurrency exchange that offers 8 trading pairs. Of the 8 pairs ACX offers, 5 are against AUD and 3 are against BTC. ACX supports a daily volume of 471 BTC/d, making it a medium size exchange. That daily volume, along with the fact that it offers a full API for trading programmatically makes ACX a good choice for any Australian traders looking for a local exchange. Traders from other countries are encouraged to consider other exchanges closer to them for latency and fee reasons.

ACX currently finds itself at #24 on BlockExplorer’s list of the top 25 cryptocurrency exchanges of 2017.

ACX

acx cryptoURL: ACX.io
Launched: 2016
Trading pairs: 8
Deposit Fees: No
Withdrawal Fees: No
Trading fees: Yes
Verification: Yes
Margin Trading: No

Fees and Limits

ACX charges a flat fee of 0.2% on all trades for both makers and takers and does not charge any deposit or withdrawal fees.

Limit wise, ACX has a withdrawal limit of $10,000 AUD per day for individual accounts and $30,000 AUD per day for corporate accounts. Both account types have a $100 AUD minimum deposit. For cryptocurrency withdrawals, anything over $50,000 AUD equivalent must occur during ACX business hours for security reasons.

Registration

Registering an account on ACX is a simple process, which starts with providing an email and password, and ends with confirming said email, setting up 2FA, and the verification process. Note that all three final steps are required in order to trade.

Verification

Verification on ACX follows ‘normal’ Know Your Customer rules for verification. Meaning that a photo ID with at least 6 months of validity remaining, proof of residence, and a bank statement are required for verification. The bank statement must come from the bank you will be using to credit the account. For non-Australian traders, only a passport can be used to satisfy the ID requirement, while Australian traders may use their passport, drivers licence, or proof of age card.

Interface

ACX’s interface has a jarring mix of light and dark elements, with the homepage switching between the styles in bars as you scroll down. The trading interface continues this trend but to a lesser extent. At the top of the page is a bright white bar with some account information and a place to select trading pairs. The rest of the trading interface has a dark theme with muted colours for highlights.

Otherwise, the layout of the trading interface is well thought and takes advantage of the full width of your screen. Front and center is a pair of charts stacked on top of each other. Specifically, a price chart and a market depth chart. And on either side of the charts is both a market history list and a current order book, with a personal order book below the pair wide one. Trades can be input on the left of the page.

Security

ACX offers 2FA in a variety of ways, of which the recommended is Google Authenticator. Otherwise, ACX requires that all large crypto trades (over $50,000 AUD equivalent) occur during business hours.

Headquartered in Kiev, Liqui is a crypto-only cryptocurrency exchange with a 235 trading pairs. Liqui offers both a public and private API for programmatic trading and states a 24-hour volume of around 1250 BTC. Liqui’s numerous trading pairs are all against its three main currencies, BTC, ETH, and USDT, meaning that those looking to trade with fiat will want to find a different exchange or a method of converting their crypto after the fact. Overall, It is a good choice for small to medium traders, especially those looking for the ability to trade programmatically against a large number of cryptocurrencies.

Liqui finds itself at #23 on BlockExplorer’s list of the top 25 cryptocurrency exchanges of 2017.

Liqui

liqui cryptoURL: liqui.io
Launched: 2016
Trading pairs: 235
Deposit Fees: No
Withdrawal Fees: No
Trading fees: Yes
Verification: Yes
Margin Trading: No (coming soon)

Fees and Limits

Liqui lays out its fees in the usual maker/taker scheme, where makers pay a 0.10% fee and takers pay a 0.25% fee. All of Liqui’s trading pairs currently have the same fees applied to them. Fees are listed on Liqui’s Fees and Limits page, with the fees specifically only listed for the three ‘main’ cryptocurrencies you trade against; Bitcoin, Ethereum, and USD Tether.

Limit-wise, Liqui has three levels; New accounts are split into three 24 hour periods, where their withdrawal limit increases by 5,000 USDT or equivalent per day, starting at 5,000 USDT. Following the new account restrictions, an account receives the “Basic Account” withdrawal limits of 50,000 USDT or equivalent per day. And lastly, for “Enhanced Accounts”, the limit is 500,000 USDT or equivalent per day. Note that the Enhanced Account’s limit requires both verification and 2FA to be enabled on the account.

Registration

Registering an account on Liqui is simple, and requires a username, email, and password. A confirmation email will be sent to you once you have completed the registration form. And after following the confirmation link in said email, you can begin to trade. Note that new accounts have withdrawal limits that are explained above.

Verification

Liqui has one verification level, the requirements for which are not published. Getting verified begins with a support ticket at their support site. Assume that for verification, the usual information is required. Namely a photo ID and proof of residence.

Interface

Liqui has a soft feel to its interface, which by default is a cool white with blue highlights. Liqui’s interface also offers a dark mode, which can be toggled with the lamp icon at the top of the page. The dark mode maintains the same highlights but trades the light background and dark text for a dark background with light text. Almost all of the interface switches seamlessly, with charts requiring a refresh. Some users may find the dark mode difficult to read, as the contrast between the text and the background is not very high.

On Liquis main trading page, there is a chart and summary front and centre, with buy and sell dialogues below. Further below is an area to select trading pairs, the current order book, trade history, and your personal trade history.

Security

Liqui offers decent security measures, including 2FA. When logging in to your account, without having 2FA configured, you are emailed a security code for that login. The security code is a massive 64 character string, making it safe from brute forcing in the 5 minutes which it works. Two Factor Authentication is offered via Google Authenticator and is simple to set up, using the standard ‘scan this QR code’ approach.

Otherwise, Liqui offers a complete overview of account login activity. Specifically, you can see all active sessions, with the ability to close them, and you can see all login activity, successful or otherwise. Both account information sections have the date, time, and IP address of the occurrence listed.