shminux comments on A LessWrong Crypto Autopsy

• I sus­pect it was the triv­ial in­con­veninece of set­ting it up that stopped most of those who were con­sid­er­ing it.

• I re­mem­ber recit­ing “be­ware triv­ial in­con­ve­niences” to my­self in my head when I went through the pro­cess of figur­ing out how to buy BTC in De­cem­ber 2010. It was good ad­vice.

• Yeah. I was won­der­ing if I get any points for spend­ing two or three evenings back in 2014 try­ing to get some bit­coin and failing due to the com­plete crap­piness of the user ex­pe­rience.

• I mean, you get points for try­ing, but those points don’t go to your fi­nal grade. Your fi­nal grade is only ever de­ter­mined by re­al­ity, and if you didn’t make mil­lions be­cause of a triv­ial in­con­ve­nience, then you didn’t make mil­lions.

• I’m a lit­tle cu­ri­ous, can you go into more de­tail? I had always as­sumed that the “too in­con­ve­nient” bar­rier was when you had to mine it your­self, or when you had to slowly wire money to some fishy site like Dwolla and from there to some fishy ex­change like Mt. Gox, and that by 2014 it would largely seem eas­ier and less risky.

• Speci­fi­cally, I first looked into buy­ing some. I found that all the ex­changes re­quired far more of my per­sonal in­for­ma­tion than I was will­ing to sub­mit to what looked like and, in ret­ro­spect, very well may have been a scam.

Next I tried to mine some, but I didn’t own any com­put­ers that could re­ally do it effec­tively. I only had lap­tops and if I re­call cor­rectly I didn’t have enough spare disk space to hold the blockchain.

I could have per­sisted along the route of pur­chas­ing the bit­coin and ex­posed my­self to re­ally quite sig­nifi­cant fi­nan­cial risk. I could have per­sisted along the min­ing route and pur­chased a new ex­pen­sive com­puter. While I felt like bit­coin could be­come A Thing, nei­ther of those op­tions seemed worth the trade­off.

• I found the in­con­ve­nience more than triv­ial. I made sev­eral at­tempts over the life of Bit­coin to ei­ther mine some (back when that was prac­ti­cal for any­one) or buy some, but my efforts always ran into the sand. The soft­ware didn’t work, or the web sites didn’t look like cred­ible places to send sub­stan­tial sums of money to, or what­ever. Scan­dals like Mt Gox didn’t help. Of course, plenty of peo­ple did get past those hur­dles, so I can’t blame any­one but myelf.

I did fi­nally man­age to buy a to­ken quan­tity of Bit­coin a few months ago, but I ex­pect the boom is now over. I haven’t both­ered track­ing the price since then. I’ve even had ads for digi­tal coins in my Face­book feed, tar­get­ted at the gen­eral pub­lic (eww!). In fair­ness to Bit­coin, they mostly looked like scams with lit­tle like­li­hood of do­ing any­thing with their cus­tomers’ money but keep­ing it.

• or web sites didn’t look like cred­ible places to send sub­stan­tial sums of money to

It seems to me that this par­tic­u­lar bar­rier is some sort of dou­ble count­ing. If you’ve already de­cided that this bit­coin thing is weird and risky, but also worth a shot, then you shouldn’t change your mind when pre­sented with ev­i­dence that it’s in­deed weird and risky.

• It’s mul­ti­ple risks, each singly counted. Bit­coin in gen­eral is risky for definite rea­sons: volatility, the pos­si­bil­ity that gov­ern­ments will come down hard on it, se­cu­rity of the cryp­tog­ra­phy it de­pends on, etc. But any par­tic­u­lar method of op­er­at­ing in Bit­coin has its ad­di­tional risks of the pro­bity and se­cu­rity of those in­volved. My un­con­fi­dence in some of the cryp­tocur­rency deal­ers I looked at was not sim­ply be­cause they were cryp­tocur­rency deal­ers.

• Yeah, it’s definitely true that it’s an ad­di­tional risk. My in­tu­ition that it’s likely to be a mis­firing heuris­tic lingers, though.

Say any given ex­change has a 50% chance of los­ing or steal­ing your money, and that it’s in­de­pen­dent of the chance Bit­coin suc­ceeds. (That feels pretty pes­simistic to me, and the ac­tual track record has been no­tably bet­ter than that.) If you needed 1/​10000 cre­dence for suc­cess be­fore adding that fac­tor, now you need 15000. I’m skep­ti­cal that any of us are well-cal­ibrated enough to put Bit­coin’s suc­cess at higher than 1/​10000 but lower than 15000.

It also seems that it’s un­likely to be un­cor­re­lated. I would ex­pect a higher chance of ex­changes work­ing in wor­lds where Bit­coin is suc­cess­ful. (Be­cause if ex­changes are con­sis­tently un­re­li­able, that will make Bit­coin less at­trac­tive, and be­cause they’re both en­tan­gled with difficult-to-ob­serve fac­tors like “the com­mu­nity ac­tu­ally tries to make it work rather than just scam­ming ev­ery­one”.)

This is of course all hind­sight, so I could eas­ily be wrong. But it seems definitely true to me that most peo­ple have a lot of trou­ble over­com­ing con­ser­va­tive heuris­tics enough for suc­cess­ful “black swan farm­ing”, and pay­ing too much at­ten­tion to su­perfi­cial feel­ings of sketch­i­ness seems likely to be -EV in that con­text.

• Say any given ex­change has a 50% chance of los­ing or steal­ing your money

Ap­ply­ing a pop­u­la­tion av­er­age to an in­di­vi­d­ual is a course of last re­sort, es­pe­cially in a mar­ket­place that con­tains ev­ery­thing from solidly re­li­able busi­ness­peo­ple to those who will just take your money and run. One must seek fur­ther in­for­ma­tion about each in­di­vi­d­ual to make a judge­ment about who can best be trusted.

For ex­am­ple, the re­views I found of one of the ex­changes I con­sid­ered were al­most all nega­tive, the main com­plaint be­ing that it was next to im­pos­si­ble to with­draw funds from it and cus­tomer sup­port was un­con­tactable. The few pos­i­tive re­views I found read like spam. No-brainer there—avoid.

It also be­came clear to me that to deal se­ri­ously in cryp­to­coins (and deal­ing at all is too ex­pen­sive to do frivolously), you must have your own wallet on your own ma­chine, and not merely have an ac­count with an ex­change that holds your coins for you in their own wallet. The track record says that no ex­change can be trusted to that ex­tent. The lat­ter is the usual way of han­dling con­ven­tional cur­rency, but that is be­cause banks, funds, etc. are on the whole and by and large, rea­son­ably re­li­able, notwith­stand­ing no­table fi­nan­cial crashes from time to time. (Even then, you need to miti­gate the risk by di­ver­sify­ing not just your kinds of in­vest­ment, but the in­sti­tu­tions they are in­vested with.) You then have to take se­ri­ously the se­cu­rity of that wallet, to the point of never ex­pos­ing it to the in­ter­net ex­cept as ab­solutely nec­es­sary and for the short­est pos­si­ble time.

In short, you have to think about spe­cific failure modes and plan against them.

• Your post is a good sum­mary of how to have ex­cel­lent cryp­tocur­rency se­cu­rity, but why is it a re­quire­ment to have ex­cel­lent se­cu­rity? In sen­tences like this one:

Where does the “must” come from? What would hap­pen if you didn’t?

This seems like ap­ply­ing K-se­lec­tion strat­egy, in a situ­a­tion where a r-se­lec­tion strat­egy might out­perform. I posit that it would have been bet­ter to use $10 to buy 5 Bit­coin with­out sub­stan­tial con­sid­er­a­tion of se­cu­rity risk, rather than put$0 in due to wor­ries about se­cu­rity. Yes, you might lose that $10 in all sorts of ways, but that’s the risk you’re sign­ing up to take, and the po­ten­tial re­ward makes it worth it. • I bought 200 BTC and lost them in a hack. Later bought 50 ether and kept them in a wallet, so I still have those. In light of that, I’d say se­cu­rity was pretty im­por­tant! • Se­cu­rity is great! I love se­cu­rity. I recom­mend hard­ware wallets if you’re stor­ing a non-triv­ial amount of crypto. But the ques­tion is about what some­one should do when it’s 2011 and they want to buy$10 worth of Bit­coin as a (+EV) lot­tery ticket. My claim is that, if your goal is “have some Bit­coin”, then the op­tions go like this:

It’s great if you can get the first one, but it’s ir­ra­tional to let the ex­is­tence of the first strat­egy push you into the third strat­egy. The sec­ond strat­egy ends up with “maybe some Bit­coin”, which is more Bit­coin then “definitely no Bit­coin”.

• Th eas­iest way to buy Bit­coin was MtGox for a long time and any­body who just kept the Bit­coins at MtGox lost them af­ter­wards.

• Yep! When you make 1000-to-1 bets, usu­ally you lose.

• For my pur­poses, I rate the mid­dle op­tion lower than the last. I’m not in­ter­ested in merely “hav­ing some Bit­coin” (or other cryp­tocur­ren­cies, some of which look more promis­ing go­ing for­ward). My only rea­son for do­ing this is for a sig­nifi­cant chance of mak­ing some use­ful amount of money. By “use­ful” I am roughly think­ing in terms of at least 6-figure sums of money. Proper se­cu­rity is es­sen­tial at that scale, and cau­tion over who I deal with. My cur­rently trifling amount of BTC was only to test the ba­sics of how to do it, and in fact I haven’t yet tested the other half of the mat­ter, i.e. turn­ing BTC back into con­ven­tional cur­rency.

• a sig­nifi­cant chance of mak­ing some use­ful amount of money

It sounds like you’re talk­ing about a differ­ent bet than the one the ar­ti­cle is about. Gw­ern’s 0.05% is not “a sig­nifi­cant chance”.

I agree that for your to­tally differ­ent case, you should put more effort into se­cu­rity.

[Edit: The 8020 for crypto se­cu­rity is to buy from Coin­base if you’re in the US, or the most cred­ible lo­cal ex­change if not. If you’re buy­ing alt­coins, con­vert from BTC/​ETH on poloniex or shapeshift. Then put it in a hard­ware wallet such as Tre­zor or Ledger, with pa­per copies of your pri­vate key in a cou­ple se­cure lo­ca­tions.]

• Com­pletely agreed. I even pub­li­cly an­nounced on my Face­book when Bit­coin was USD that I was buy­ing 100USD worth, but then once I looked into how to even con­vert USD to Bit­coin, I said “eh, not worth, even it for some in­ter­est­ing eco­nomic ex­per­i­ment”.