That's complete nonsense for the simple reason that it is possible to pay just fine with crypto on various sites, also to buy major gift cards. No KYC applies to these actions. We are not living in 2016.
I don't know how much of an issue KYC is to your average crypto-dabbler.
I found a few K's worth of BTC down the back of the sofa recently, and was astounded by how easy it was to use it like Visa after converting to stablecoin.
I don't think prediction markets are a function of stranded crypto, because for most holders, crypto has never been more fungible.
For those who live in the red-pilled real world, just don't trade on something where controlling insiders (also with a potential conflict-of-interest) can beat you at the game. This is different from bets with non-controlling insiders with no conflict-of-interest.
The key is avoiding the bets with controlling insiders, i.e. those that could have a potential conflict of interest. Even something as banal as weather data has some insider knowledge, but an insider has no practical control over it, i.e. the insider is non-controlling, with no conflict-of-interest.
Weather data in prediction markets can definitely be gamed. One example that exists in real prediction markets is that the contract specifies a single source as the source of truth. But that source rounds data during unit conversion twice (F -> C -> F), meaning there’s an unequal probability distribution, and some numbers have a 0% chance of winning.
> The practical fix for the first problem is pinning to a full commit hash instead of a tag name
If the underlying project in turn uses named tags, i.e. if the hash pinning doesn't apply transitively, then the protection appears incomplete, doesn't it?
Correct. As an attacker you just move one level deeper.
If the target pins their direct actions to commit hashes you compromise
a dependency of the action instead. They pinned the top of the tree
but you own something in the middle of it.
SolarWinds was not attacked directly. The attackers compromised Orion,
a build tool SolarWinds depended on. SolarWinds had decent security
on their own code. It did not matter because the attack came through
a dependency they trusted and did not control.
The defender has to secure the entire chain. The attacker only has
to find one weak link anywhere in it. That asymmetry is why supply
chain attacks keep working.
They should keep a single competent and curious senior developer who can do it all. In this age of AI, you can make do without having a whole team of developers.
It can be said that Trump's "tweets" on that day were strategically engineered to first bring this bet to near zero before ultimately bring it to a hundred. In this way, the maximum winnings could be made by someone with insider knowledge.
I am afraid that soon, actual sea pirates, e.g. in Central and South America, Africa, etc. will start using naval mines in their regional seas, demanding crypto payment from passing ships.
If it was just to 'hide' payments then they could just use USD and using crypto would just be an improvement in convenience. A bigger reason is that they won't be indirectly attacked with monetary policy and that the acceptance of USD with entities willing to do business with them is probably low right now.
The person launching them sure does. This scenario reminds me of the time Russian hackers took over a US pipeline a couple years ago then immediately apologized saying they didn't want to cause a international incident and they would vet their targets better in the future. There are not many people who want that kind of heat. Like the first ayatollah is dead and the second is reportedly in a coma. The Iranian government is willing to pay that price and that's why they won. How many pirate leaders do you think are willing to pay their life so that their third of fourth successors can maybe collect a toll? Or how many are like Venezuela and you can kidnap one guy and the whole house folds.
reply