1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
Return-Path: <daniel@gap600.com>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id 7014BC0032
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 3 Dec 2022 13:20:38 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 450BE40166
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 3 Dec 2022 13:20:38 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 450BE40166
Authentication-Results: smtp2.osuosl.org;
dkim=pass (2048-bit key) header.d=gap600.com header.i=@gap600.com
header.a=rsa-sha256 header.s=google header.b=F+O7urBF
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 9ELzfcbN7JcF
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 3 Dec 2022 13:20:37 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org E8972400E2
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com
[IPv6:2607:f8b0:4864:20::129])
by smtp2.osuosl.org (Postfix) with ESMTPS id E8972400E2
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 3 Dec 2022 13:20:36 +0000 (UTC)
Received: by mail-il1-x129.google.com with SMTP id h17so3198459ila.6
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 03 Dec 2022 05:20:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gap600.com; s=google;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=sq1gzaQFKmVYpGgLQ30BKH2lhM37zR2fMvJs40ncJuc=;
b=F+O7urBFPmnTV28/ZZKePCAgJXYNiJwe7cxnfYehzRRFXok9woCmOapkzfU6m+wSn8
WFC6lEGvNP4UnO1eFuZQwCw77aKQTfF9JUoAdbykgLrWe9FBCjpZGheClSUQdjiUKnsi
ou30YagXOz6f2yqdZF7dNDO0lx6PwbZuFhz0cdQv2fVU/8NkXriQJzy4LBMeHY/iWOfs
ENWLBL/0eygx0/kRMGnxqnj5zpz/+IGi3kARyaFYGMjlpajz4/D3+8NTBNJlYdA30/fv
EPk3Ji9imce1IGJedxkIzOmoNJ64M2vwvUjxAyGT28f8tOCKmLwIxEZdzaqvCXiS/ADZ
T3Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=sq1gzaQFKmVYpGgLQ30BKH2lhM37zR2fMvJs40ncJuc=;
b=PudrQF/8rKNcmJDdNNFUUnZuQSLssBC9TyQ9+BPDof9c/ZaTEqMLDWaYlV13eg0njl
iY0cWqkgmV5W5Cm43XWF6/hcRP8h2a7kK+2piHvEoK/d53np95FzODv5d4tX1b1pGCXL
LsXrnJlOASKnwaUIF2wyjImf6lQuV9uMUOCb94exSbMkDNA4ssWuK3OXNdtEbAgKXEa3
wiIIDAGyqdiTgWU0jrXKiMqMeDWkBqa4UuJg8QB2nhP0cxdMQqY2Z74JVan7mmQuR/VS
ZXC8eUtohOb8vhzshR6GBD8zMVJfKDx4DoIkM6/Ju3zohMnKmCdTabnJVenAu+SovjcN
yhGg==
X-Gm-Message-State: ANoB5pkvPiMosFf1Pw6B1ef7epOXO9X1zHjAh84FsLPGCh9cVhC73Xj9
4yufFOIpZ3n3l5APAWwNOeGNWQDALn9OMYS99sBpe6vzeQijsA==
X-Google-Smtp-Source: AA0mqf7tpfOi+kegIruU6NEcwjNQQKcrVXpwymc4Tz39HgYdGq8pyJIx9+ylW85avC6KBOBC7Ec5oZop6EEB68+ohjM=
X-Received: by 2002:a92:6e0a:0:b0:302:4d37:9e69 with SMTP id
j10-20020a926e0a000000b003024d379e69mr28798651ilc.160.1670073635805; Sat, 03
Dec 2022 05:20:35 -0800 (PST)
MIME-Version: 1.0
References: <CACkWPs8-rZpGSJSEyLsg9gVAuPpHztXWSZvfGscGJCn05th0DQ@mail.gmail.com>
<Y4l/ZHl9EvhaCpix@petertodd.org>
<CACkWPs_v=MYFrn=LzPSK4+=Enw2R5+REap+MFLRhwtxcwGvEHA@mail.gmail.com>
<Y4sNxWkBp7+ogcJb@petertodd.org>
<CACkWPs9p0K-1RbVMipiAwjhexaNgmMgjENYvd9S1DpA+JVcE=w@mail.gmail.com>
<Y4s9EqMfk+yXCzIO@petertodd.org>
In-Reply-To: <Y4s9EqMfk+yXCzIO@petertodd.org>
From: Daniel Lipshitz <daniel@gap600.com>
Date: Sat, 3 Dec 2022 15:17:16 +0200
Message-ID: <CACkWPs-maywWfAt_qhnsUOTm6u_Ph=LgbuLSaF1NRJSTBWkTdg@mail.gmail.com>
To: Peter Todd <pete@petertodd.org>
Content-Type: multipart/alternative; boundary="000000000000cfcd0105eeec51ff"
X-Mailman-Approved-At: Sat, 03 Dec 2022 16:07:37 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Opt-in full-RBF] Zero-conf apps in immediate
danger
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Dec 2022 13:20:38 -0000
--000000000000cfcd0105eeec51ff
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
The statistics that I have stated are based on trxs that rely on our tool.
They are not overstated, this is a reflection of the 0conf market on BTC.
They are trxs which our clients query via the API and which I clients pay
subscription for.
There is no point for clients to send us trxs they don=E2=80=99t want or ne=
ed our
response from. We are a B2b provider so we are not sure how and who the end
users and applications are.
Coinify definitely doesn=E2=80=99t send us all their traffic, as I would th=
ink some
of our other clients.
Here is some external confirmation a bit old though but still-
https://blog.coinpayments.net/news-features/gap600
You can also see our video of Coinspaid using our service on our site - all
our Marcom is a bit old.
We service primarily payment processors and liquidity providers and not end
merchants so I can=E2=80=99t say how and to who end clients implement it.
If AML/KYC was enough to prevent double spends all exchanges would offer
0conf.
I don=E2=80=99t know the split with our clients as it=E2=80=99s non of our =
business but
definitely a significant amount of end users are not Kyced for the trxs.
Best would be to try and talk to some of our major clients - ie
Coinpayments, Coinspaid and Coinify.
On Sat, 3 Dec 2022 at 14:12 Peter Todd <pete@petertodd.org> wrote:
> On Sat, Dec 03, 2022 at 01:01:16PM +0200, Daniel Lipshitz wrote:
> > Shapeshift used to be clients in fact one of our first when we started =
in
> > 2016.
> >
> > They no longer use our service but from time to time use us for fee
> > recommendations. So we actually should remove their logo as a current
> > client.
>
> Yes you should. When did ShapeShift stop using your service? Did they
> explain
> why?
>
> > If you wish to test it out try find a merchant using Coinpayments or
> > Coinspaid.
> >
> > Also some of our non custodial liquidity providers offer service no
> > custodial wallets. I am not sure which.
>
> I see that you also advertise that Gap600 is "Trusted by" Coindirect and
> Coinify, both AML/KYC crypto exchanges. Obviously, with full AML/KYC
> double-spends are not much of a concern. And it's not even clear that
> either accepts zeroconf anyway, as I'll explain later.
>
> On this list you claimed that:
>
> > 1. As of end of Nov 2022 - GAP600 has processed i.e responded to circa
> > 15M transactions
> > 2. These transactions have a cumulative value of 2.3B USD value.
> > 3. We currently are seeing circa 1.5M transactions queired per month.
>
> What's the value and number of transactions that *actually* rely on your
> unconfirmed transaction tools? The only category that would apply for is
> goods
> provided immediately and irrovocably, without AML/KYC. Because it sounds
> like
> these figures may be significantly overstated.
>
>
> Re: CoinsPaid, what you say here makes it also sound like it relies on
> AML/KYC:
>
> > CoinsPaid applies a special software tool across its solutions to condu=
ct
> > stringent KYC procedures and a risk-based approach to CDD that verify
> user
> > identities to mitigate fraud, money laundering and other activities
> linked to
> > criminality and terrorism.
> https://www.gap600.com/uncategorized/coinspaid/
>
> Re: Coindirect, the documentation I can find appears to say that
> confirmations
> are required before you can use coins deposited into Coindirect:
>
> > Digital currency transactions must be confirmed on the relevant network
> block
> > before they are considered valid. Only once confirmed, will you be able
> to
> > use the coins deposited in your Coindirect wallet.
>
> https://help.coindirect.com/hc/en-us/articles/115002441974-How-quickly-ca=
n-I-use-coins-deposited-into-my-Coindirect-wallet-
>
> This is repeated here as well:
> https://help.coindirect.com/hc/en-us/articles/4409120006546--Deposits-
>
> Re: Coinify, the API docs don't give any indication of risk scoring or an=
y
> other Gap600 integration:
>
> https://merchant.coinify.com/docs/api/#payment-object
>
> --
> https://petertodd.org 'peter'[:-1]@petertodd.org
>
--=20
________________________________
Daniel Lipshitz
GAP600
www.Gap600.com
--000000000000cfcd0105eeec51ff
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">The statistics that I have stated are based on trxs that =
rely on our tool. They are not overstated, this is a reflection of the 0con=
f market on BTC.</div><div dir=3D"auto"><br></div><div dir=3D"auto">They ar=
e trxs which our clients query via the API and which I clients pay subscrip=
tion for.</div><div dir=3D"auto"><br></div><div dir=3D"auto">There is no po=
int for clients to send us trxs they don=E2=80=99t want or need our respons=
e from. We are a B2b provider so we are not sure how and who the end users =
and applications=C2=A0are.</div><div dir=3D"auto"><br></div><div dir=3D"aut=
o">Coinify definitely doesn=E2=80=99t send us all their traffic, as I would=
think some of our other clients.</div><div dir=3D"auto"><br></div><div dir=
=3D"auto">Here is some external confirmation a bit old though but still-=C2=
=A0</div><div dir=3D"auto"><div><a href=3D"https://blog.coinpayments.net/ne=
ws-features/gap600">https://blog.coinpayments.net/news-features/gap600</a><=
/div><div dir=3D"auto">You can also see our video of Coinspaid using our se=
rvice on our site - all our Marcom is a bit old.</div></div><div dir=3D"aut=
o"><br></div><div dir=3D"auto">We service primarily payment processors and =
liquidity providers and not end merchants so I can=E2=80=99t say how and to=
who end clients implement it.</div><div dir=3D"auto"><br></div><div dir=3D=
"auto">If AML/KYC was enough to prevent double spends all exchanges would o=
ffer 0conf.=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">I don=
=E2=80=99t know the split with our clients as it=E2=80=99s non of our busin=
ess but definitely a significant amount of end users are not Kyced for the =
trxs.=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto">Best would b=
e to try and talk to some of our major clients - ie Coinpayments, Coinspaid=
and Coinify.</div><div dir=3D"auto"><br></div><div dir=3D"auto"><br></div>=
<div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">O=
n Sat, 3 Dec 2022 at 14:12 Peter Todd <<a href=3D"mailto:pete@petertodd.=
org">pete@petertodd.org</a>> wrote:<br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-=
style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">On Sat, De=
c 03, 2022 at 01:01:16PM +0200, Daniel Lipshitz wrote:<br>
> Shapeshift used to be clients in fact one of our first when we started=
in<br>
> 2016.<br>
> <br>
> They no longer use our service but from time to time use us for fee<br=
>
> recommendations. So we actually should remove their logo as a current<=
br>
> client.<br>
<br>
Yes you should. When did ShapeShift stop using your service? Did they expla=
in<br>
why?<br>
<br>
> If you wish to test it out try find a merchant using Coinpayments or<b=
r>
> Coinspaid.<br>
> <br>
> Also some of our non custodial liquidity providers offer service no<br=
>
> custodial wallets. I am not sure which.<br>
<br>
I see that you also advertise that Gap600 is "Trusted by" Coindir=
ect and<br>
Coinify, both AML/KYC crypto exchanges. Obviously, with full AML/KYC<br>
double-spends are not much of a concern. And it's not even clear that<b=
r>
either accepts zeroconf anyway, as I'll explain later.<br>
<br>
On this list you claimed that:<br>
<br>
>=C2=A0 1. As of end of Nov 2022 - GAP600 has processed i.e responded to=
circa<br>
>=C2=A0 15M transactions<br>
>=C2=A0 2. These transactions have a cumulative value of 2.3B USD value.=
<br>
>=C2=A0 3. We currently are seeing circa 1.5M transactions queired per m=
onth.<br>
<br>
What's the value and number of transactions that *actually* rely on you=
r<br>
unconfirmed transaction tools? The only category that would apply for is go=
ods<br>
provided immediately and irrovocably, without AML/KYC. Because it sounds li=
ke<br>
these figures may be significantly overstated.<br>
<br>
<br>
Re: CoinsPaid, what you say here makes it also sound like it relies on AML/=
KYC:<br>
<br>
> CoinsPaid applies a special software tool across its solutions to cond=
uct<br>
> stringent KYC procedures and a risk-based approach to CDD that verify =
user<br>
> identities to mitigate fraud, money laundering and other activities li=
nked to<br>
> criminality and terrorism.<br>
<a href=3D"https://www.gap600.com/uncategorized/coinspaid/" rel=3D"noreferr=
er" target=3D"_blank">https://www.gap600.com/uncategorized/coinspaid/</a><b=
r>
<br>
Re: Coindirect, the documentation I can find appears to say that confirmati=
ons<br>
are required before you can use coins deposited into Coindirect:<br>
<br>
> Digital currency transactions must be confirmed on the relevant networ=
k block<br>
> before they are considered valid. Only once confirmed, will you be abl=
e to<br>
> use the coins deposited in your Coindirect wallet.<br>
<a href=3D"https://help.coindirect.com/hc/en-us/articles/115002441974-How-q=
uickly-can-I-use-coins-deposited-into-my-Coindirect-wallet-" rel=3D"norefer=
rer" target=3D"_blank">https://help.coindirect.com/hc/en-us/articles/115002=
441974-How-quickly-can-I-use-coins-deposited-into-my-Coindirect-wallet-</a>=
<br>
<br>
This is repeated here as well: <a href=3D"https://help.coindirect.com/hc/en=
-us/articles/4409120006546--Deposits-" rel=3D"noreferrer" target=3D"_blank"=
>https://help.coindirect.com/hc/en-us/articles/4409120006546--Deposits-</a>=
<br>
<br>
Re: Coinify, the API docs don't give any indication of risk scoring or =
any<br>
other Gap600 integration:<br>
<br>
<a href=3D"https://merchant.coinify.com/docs/api/#payment-object" rel=3D"no=
referrer" target=3D"_blank">https://merchant.coinify.com/docs/api/#payment-=
object</a><br>
<br>
-- <br>
<a href=3D"https://petertodd.org" rel=3D"noreferrer" target=3D"_blank">http=
s://petertodd.org</a> 'peter'[:-1]@<a href=3D"http://petertodd.org"=
rel=3D"noreferrer" target=3D"_blank">petertodd.org</a><br>
</blockquote></div></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature" =
data-smartmail=3D"gmail_signature">________________________________<br>Dani=
el Lipshitz<br>GAP600<br><a href=3D"http://www.Gap600.com">www.Gap600.com</=
a><br><br><br></div>
--000000000000cfcd0105eeec51ff--
|