BaFin nimmt Interessenbekundungen entgegen

Durch das Gesetz zur Umsetzung der Änderungsrichtlinie zur vierten EU-Geldwäscherichtlinie wird das Kryptoverwahrgeschäft als neue Finanzdienstleistung in das KWG aufgenommen. Das vom Gesetzgeber bereits beschlossene Gesetz tritt am 01.01.2020 in Kraft. Unternehmen, die dieses Geschäft dann erbringen wollen, benötigen eine Erlaubnis der BaFin. Die BaFin bittet interessierte Unternehmen bereits jetzt um eine formlose und unverbindliche Interessenbekundung.

Anträge für die Erlaubnis zur Erbringung des Kryptoverwahrgeschäftes kann die BaFin erst entgegennehmen, wenn das Gesetz in Kraft ist. Gleichwohl bittet die BaFin bereits jetzt um Interessenbekundungen von Unternehmen, die bereits das Kryptoverwahrgeschäft erbringen oder die Erbringung beabsichtigen.

Diese Interessenbekundungen sollten neben dem Namen des Unternehmens und der Ansprechpartner auch ein kurze Beschreibung des Geschäftsmodells von maximal einer Seite enthalten. Weitere Informationen sind vorläufig nicht einzureichen.

Die Interessenbekundungen sind vorzugsweise per E-Mail oder postalisch an folgende Adresse zu senden:

Bundesanstalt für Finanzdienstleistungsaufsicht
Gruppe IT-Aufsicht – Kryptoverwahrgeschäft
Graurheindorferstraße 108
53117 Bonn

Bitte beachten Sie die Hinweise zur gesicherten Kommunikation per E-Mail mit der BaFin.

Die BaFin möchte mit diesem Verfahren einen reibungslosen Übergang auf die neue Rechtslage ermöglichen und frühzeitig einen Überblick über den Markt erhalten. Die Unternehmen werden auf ihre Interessenbekundung keine unmittelbare Eingangsbestätigung oder Einschätzung zu den eingereichten Angaben erhalten.

Es ist beabsichtigt den Unternehmen, die ihr Interesse bekundet haben, nähere Informationen und Hinweise mitzugeben, sobald die BaFin ihre Verwaltungspraxis zu der Zulassung und der laufenden Aufsicht für die neue Finanzdienstleistung konkretisiert hat. Grundsätzlich richtet sich das Erlaubnisverfahren für das Kryptoverwahrgeschäft nach § 32 Abs. 1 KWG, weshalb das bereits bestehendeMerkblatt der Deutschen Bundesbank über die Erteilung einer Erlaubnis zum Erbringen von Finanzdienstleistungen vom 06.07.2018 berücksichtigt werden kann. Die Unternehmen sind daher eingeladen ihre Interessenbekundung mit aus ihrer Sicht noch offenen Grundsatzfragen zu verbinden. Die Interessenbekundung ist formlos und unverbindlich. Sie ist zudem freiwillig und hat keine Auswirkungen auf ein zukünftiges Erlaubnisverfahren.

Die Interessenbekundung ersetzt nicht die förmliche Anzeige nach § 64y KWG n.F. Das Gesetz sieht in § 64y KWG n.F. verschiedene Übergangsbestimmungen für bereits tätige Unternehmen vor. Für ein Unternehmen, das auf Grund des neuen Erlaubnistatbestands Kryptoverwahrgeschäft ab dem 01.01.2020 zum Finanzdienstleistungsinstitut wird, gilt die Erlaubnis für den Betrieb dieses Geschäfts als zu diesem Zeitpunkt vorläufig erteilt, wenn es bis zum 30. November 2020 einen vollständigen Erlaubnisantrag stellt und wenn es die Absicht, einen Erlaubnisantrag zu stellen, bis zum 31. März 2020 der Bundesanstalt schriftlich anzeigt. Die gesetzliche Vorgabe in § 64y KWG n.F. setzt nach ihrem Wortlaut eine schriftliche Absichtsanzeige voraus.

Source: https://www.bafin.de/DE/Aufsicht/BankenFinanzdienstleister/Zulassung/Kryptoverwahrgeschaeft/kryptoverwahrgeschaeft_artikel.html

Hier ein etwas ausführlicher Artikel zu diesem Thema: New law makes Germany “crypto heaven”

An Ultimate, In-depth Explanation of How EVM Works.

This post is a continuation of my Getting Deep Into Series started in an effort to provide a deeper understanding of the internal workings and other cool stuff about Ethereum and blockchain in general which you will not find easily on the web. Here are the previous parts of the Series in case you missed them:

Getting Deep Into Geth: Why Syncing Ethereum Node Is Slow
Downloading the blocks is just a small part. There is a lot of stuff going on…
Getting Deep Into Ethereum: How Data Is Stored In Ethereum?
In this post, we will see how states and transactions are stored in Ethereum and how it is different from Bitcoin.

In this part, we are going to explore explain and describe in detail the core behavior of the EVM. We will see how contracts are created, how message calls work, and take a look at everything related to data management, such as storagememorycalldata, and the stack.

To better understand this article, you should be familiar with the basics of the Ethereum. If you are not, I highly recommend reading these posts first.

8 Resources to Get Started With Ethereum
The ultimate guide for understanding & Starting with Ethereum.

Throughout this post, we will illustrate some examples and demonstrations using sample contracts you can find in this repository. Please clone it, run npm install, and check it out before beginning.

Enjoy, and please do not hesitate to reach out with questions, suggestions or feedback.

EVM: 10,000 ft Perspective

Before diving into understanding how EVM works and seeing it working via code examples, let’s see where EVM fits in the Ethereum and what are its components. Don’t get scared by these diagrams because as soon as you are done reading this article you will be able to make a lot of sense out of these diagrams.

The below diagram shows where EVM fits into Ethereum.

The below diagram shows the basic Architecture of EVM.

This below diagram shows how different parts of EVM interact with each other to make Ethereum do its magic.

We have seen what EVM looks like. Now it’s time to start understanding how these parts play a significant role in the way Ethereum works.

Ethereum Contracts

Basics

Smart contracts are just computer programs, and we can say that Ethereum contracts are smart contracts that run on the Ethereum Virtual Machine. The EVM is the sandboxed runtime and a completely isolated environment for smart contracts in Ethereum. This means that every smart contract running inside the EVM has no access to the network, file system, or other processes running on the computer hosting the VM.

As we already know, there are two kinds of accounts: contracts and external accounts. Every account is identified by an address, and all accounts share the same address space. The EVM handles addresses of 160-bit length.

Every account consists of a balance, a noncebytecode, and stored data (storage). However, there are some differences between these two kinds of accounts. For instance, the code and storage of external accounts are empty, while contract accounts store their bytecode and the Merkle root hash of the entire state tree. Moreover, while external addresses have a corresponding private key, contract accounts don’t. The actions of contract accounts are controlled by the code they host in addition to the regular cryptographic signing of every Ethereum transaction.

Creation

The creation of a contract is simply a transaction in which the receiver address is empty and its data field contains the compiled bytecode of the contract to be created (this makes sense — contracts can create contracts too). Let’s look at a quick example. Please open the directory of exercise 1; in it, you will find a contract called MyContract with the following code:

Read on >>>>

The legislation enables banks to sell and store cryptocurrencies from January 1, 2020. Other providers will now require a German license.

The German parliament today passed a bill allowing banks to sell and store cryptocurrencies from next year.

The new legislation will come into force on 1 January 2020, and will require current custody providers and crypto exchanges operating in the country to take steps, before the end of the year, to apply for a German license.

The law will not only put Germany, the world’s fourth biggest economy, at the forefront of regulation in cryptocurrencies, but heralds a milestone in the adoption of cryptocurrencies.

“Germany leads the way in crypto regulation, for sure. This leads to institutional investors coming to Germany, as they want security and regulation,” Sven Hildebrandt, partner at German crypto consultancy DLC, told Decrypt. „Germany is well on its way to becoming a crypto-heaven.”

The bill was passed by the Bundestag, the lower house of the German Parliament, earlier this month,  and approved by the upper house, the Bundesrat, today.

It amends a clause in the European Union’s Fourth Anti-Money Laundering Directive that currently prohibits banks from dealing directly in cryptocurrency. It  allows them to legally sell and store cryptocurrencies, just as they do stocks and bonds, to retail as well as institutional investors.

At the same time, exchanges such as Binance and Kraken, and other digital asset custodians, will need to obtain a license from the German regulator, Bafin, if they wish to continue operating in Germany, said Hildebrandt.

In order to apply for this, companies will need a German legal entity with two directors operating in the country by the end of 2019. They also need to signal their intention to apply to Bafin for a license before 31 March 2020, and submit the application prior to 31 November 2020.

Digital asset custodians who have not established a legal identity in Germany before the end of the year will be deemed illegal by 2 January 2020, said Hildebrandt.

He said this leaves companies wishing to continue provide services in Germany with three options: to set up a German company before the end of this year, and then apply for a licence; to work with a cryptocurrency custodian who is licensed in Germany, or to work with a licence provider, which can offer a “complex but clever“ solution.

Companies have already begun to act on the new German law. Crypto Storage, a subsidiary of Swiss financial services provider, Crypto Finance announced plans to open an office in Frankfurt today.

Hildebrandt said that the new law will be a major breakthrough. “If you can hold [cryptocurrencies] in your bank account, that is massive for adoption,” he said. “I believe that this will act as a role model for all the other laws that will be coming into force Europe wide. Germany is driving crypto adoption forward and wants to play a leading role in Europe as well. One of the key challenges is keeping private keys safe.”

“I believe the biggest impact will be on exchanges such as BitStamp, Kraken and Binance, who are looking deeply into this,” he added.

The proposals were also greeted with enthusiasm by Germany’s banking community.

But consumer protection watchdogs have warned that it could mean banks could aggressively pitching cryptocurrencies to uneducated customers, putting them at risk.

Source: https://decrypt.co/12603/new-law-makes-germany-crypto-heaven

This article explains how someone will be able to become a validator in Ethereum 2.0. New Ethereum will replace mining process as seen current Ethereum and use Proof of Stake consensus where validators will be the one maintaining the network. Those validators attestations are written on the Beacon chain. However, we won’t get into those technical details and you don’t even have to know all of that to take part in validating blocks.

What’s the current status of Ethereum 2.0 development?

Specification is there and seven different node clients are actively working on their implementation. The reason for this is that they are written in different languages and will have a different specializations i.e. being focused on the browser or resource constrained devices. Also, not all of them will survive (but that’s ok). In current Ethereum (Eth1) survivors are Geth and Parity. Current active Eth2 clients are: LodestarNimbusLighthousePrysmTrinity and Harmony + Artemis that should merge together.

They all have their own testnets but they all gathered in September on an interoperability event and created a multi-client testnet. Here is the historic tweet and we are glad that we could be there! Thanks Consensys.

First launch of the Ethereum 2.0 clients, tweet by Joseph Delong

Good news is that in the latest Eth2 spec release (v0.9.0) an official deposit contract has been declared as finished!

All inital deposits, that will happen on Eth1 chain, will be used by Eth2 chain to secure the network upon launch by leveraging the security pool and value of existing Ether.

How much can you earn by being a validator?

What a great question! Yes, you get a reward if your attestations get included in a block but the reward depends on the whole state of the network i.e. how many validators are online. The economics of this are still being examined and are to be tested. Latest estimates are that validators can expect 4.6% – 10.3% in annualized rewards. However, the spec is still being updated which results in a lot of estimates so we can only recommend you the following links to understand better: – Examining the Proposed Validator Economics of Ethereum 2.0 – Eth 2.0 Economics

Basically, the math for validator return of investment (ROI) is:

ROI = Validator rewards + Network fees - Cost to run a validator node

The goal is to encourage people to become validators and have many as possible to secure the network. Therefore, the whole PoS system is a collective rewards scheme where the more people online, the more everyone earns. Vice versa, the less people online, the less that people are earning. It is why there is a slight penalty if your validator client goes offline at any point. For example, if the current interest rate is 5%, you would lose 0.0137% of your deposit every day, but gain that for every day you’re online. In case of a bigger issue where 33% of validators are offline and you’re offline, you can lose 60% in 18 days. If at any point your deposit drops below 16 ETH you will be removed from the validator set entirely.

Unfortunately, the numbers above in the links are most probably going to be changed as the Eth2 spec is constantly being updated.

What do you need to become a validator?

Basically, here are the minimum requirements for being a validator: – have 32 ETH, – run validator node 247 (this can be your PC, remote server, Raspberry Pi or similar) with Internet connection, – have access to beacon node.

Hardware requirements for running the node will be better determined during testnet activities. For the validator client only something like Raspberry Pi will be enough but in case you are running your Beacon node, you’ll need a more powerful CPU and storage space.

Keep in mind that your uptime and therefore an Internet connection are the most important things as your stake gets slashed if you are offline, meaning that you are losing your money.

How to become a validator?

The validator setup requires some technical knowledge and understanding. However, we want to enable everyone to easily become a validator and know how well they perform. This will be possible with the desktop app that we are working on – ChainGuardian. Soon more info about that, you can track for progress our NodeFactory Twitter and ChainGuardian Github or join our Discord! This app is being built thanks to MolochDAO.

ChainGuardian is a Windows/Linux/Mac app that will be a one stop shop for validators. As a user, you will be able to fully onboard as a validator which includes: making an ETH deposit, generating or importing your required key pairs (which only you own!), running a validator client and a Beacon node. Most importantly, you will be able to observe the performance of your node, return of investment and get notified if your node is down so you don’t lose your earnings!

Here are a couple of sneak peaks below. We plan to expand these features to much more but currently we are focused to make a release where you can make an ETH deposit and effortlessly become a validator.

ChainGuardian desktop application previews

Basically, to become a validator, here are the steps that one needs to take:

  1. Install one of the previously listed Eth2 clients.
  2. Get Ether. In testnet case that’s Görli ETH. We understand this is not so easy to get so we will provide a faucet for you that will get you this ETH and submit your deposit transaction altogether.
  3. Generate a validator public and private key pair (used for signing your claims as a validator).
  4. Start your validator client along with Beacon chain. You can use your Beacon chain node or some existing public server.
  5. Make the ETH deposit (stake) to Eth1.
  6. Wait to get assigned as validator. Once your validator client is up and running you just have to wait for it’s activation. This takes a few minutes (or probably hours in case of mainnet) because of a voting period in which new deposits are added to the running chain from other validators.
  7. Watch your validator create, vote and attest for blocks as well as earn rewards!

Once again, those steps will be a part of the ChainGuardian app onboarding.

Note about your key pairs

What’s important to understand when handling your validator node are validator keys. You should have a signing key which is a hot wallet – unlocked account that app client uses for voting and proposing blocks. Also, you need a withdrawal key that is a separated cold wallet which will be used for funds withdrawal in case you want to stop being a validator or your signing key gets comprimised.

Conclusion

This is Ethereum 2.0 (Serenity) Phase 0 which includes launch of Beacon chain that manages the Casper Proof of Stake protocol for itself and all of the shard chains. Being a Phase 0 only, we won’t have all the new features of Ethereum 2.0 just yet. For example, there is currently no way to withdraw deposited Ether from Eth2 as it is effectively burned in Eth1. However, although the transfers weren’t planned in Phase 0, this is still open to discussion and changes.

Once Phase 0 is complete, there will be two active Ethereum chains – Eth1 chain (current) and the Eth2 chain (Beacon chain). They will operate in parallel during the Phase 1 and Phase 2 as well. However, the Eth1 to Eth2 transition is planned.

For the Beacon chain to start, there will be a minimum amount of ETH stake needed. It is defined in the deposit contract and currently this is set to 16384 validators (524,288 ETH).

It may seem that this Phase is not that significant as we won’t be available to use everything from Ethereum that we got used to but this is the foundation of the entire system. If we compare this phase to the beginning of the mining period, then we can certainly draw conclusions about advantages and profits in being the first in the line. However, there are all kinds of risks but seeing the community around this and efforts of the core developers, it’s only possible to be positive about how things will roll out.

Source: https://www.nodefactory.io/blog/how-to-become-a-validator-in-the-new-ethereum-2-proof-of-stake-system/

“The stock-to-flow approach originating in commodity-market analysis serves to quantify the ‘hardness’ of an asset. Applied to Bitcoin, an unusually strong correlation emerges between the market value of this cryptocurrency and the ratio between existing stockpiles of Bitcoin (‘stock’) and new supply (‘flow’),” they say.

Source: https://www.bayernlb.com/

Das Bundeskabinett hat heute (Anm. 18.09.2019) die Blockchain-Strategie verabschiedet. Das Bundesministerium für Wirtschaft und Energie (BMWi) und das Bundesministerium der Finanzen (BMF) haben sie unter Einbeziehung der übrigen Ressorts erarbeitet.

Bundeswirtschaftsminister Peter Altmaier: „Die Potenziale der noch jungen Blockchain-Technologie sind hoch. Deutschland ist dabei weltweit unter den führenden Standorten. Mit der Blockchain-Strategie wollen wir dazu beitragen, diesen Vorsprung zu halten und auszubauen. Ein Fokus liegt dabei im Energiebereich. Hier können wir doppelt punkten, indem wir in Pilotprojekten die Chancen der Blockchain-Technologie nutzen und gleichzeitig die Digitalisierung der Energiewende vorantreiben.“ Weiterlesen

Ameen Soleimani – 8 min read

You’ve probably heard of Compound. They built compound.finance on Ethereum which allows you to lend and earn interest on your ETH, DAI, USDC, and several other ERC20s.

Today, the interest rate offered to DAI lenders is 10%, which is high enough to turn EthHeads’ heads (see cover photo).

As the CEO of SpankChain, it’s my job to manage the company reserves, which also includes nearly half a million DAI. At 10% annual interest, that’s ~$4,000 per month that we’re leaving on the table by not moving our DAI into Compound. That’s quite the opportunity cost. But the thing to remember when investing is that there is no free lunch. All investments have their risks and lending on Compound is no exception.

I spent some time over the last month evaluating several categories of risk when lending on Compound:

  1. Contract Security Risks
  2. Centralized Points of Failure
  3. Bank Run Risk

I break my investigation down by category below, but the most important things to know are:

  1. The smart contract security seems legit.
  2. Compound is a CUSTODIAL system, all lending pools can be trivially drained if their admin private key is compromised.
  3. When you lend on Compound, you are NOT guaranteed to be able to withdraw whenever you want. If you try to withdraw your funds and all the money is locked up in outstanding loans, your withdrawal transaction will fail.

I hope these lenders understand the risks… source: https://defipulse.com/compound

Contract Security

Compound has been audited by several reputable smart contract security firms.

  1. OpenZeppelin Audit Report
  2. Trail of Bits Audit Report
  3. Certora Audit Report

In addition, Compound was offering a private bug bounty of up to $250,000 for critical vulnerabilities (defined as 1% of funds stolen or 10% frozen), and to my knowledge no independent security researchers have been able to claim the bounty.

The contracts have also held $20M+ for over 6 months, $50M+ for over 2 months, and currently hold $100M+. For me personally, the most important metric of contract security is total funds held in contract * time held in contract, and Compound has been secure with quite a large public bounty thus far.

Based on the above factors, I presently believe that the Compound smart contracts are secure.

Centralized Points of Failure

I’m not a smart contract security expert myself, so I enlisted the assistance of the one and only samczsun who famously found a critical bug in the 0x contracts (despite multiple audits from top firms) and was paid $100,000 for it. He had the following to report about centralized points of failure in Compound (emphasis mine):

Weiterlesen

OpenLaw will be launching the first limited liability for-profit DAO, named the LAO. The LAO will enable members to invest in Ethereum new ventures and generate a profit. A new era of DAOs is beginning.

The LAO: A For-Profit, Limited Liability Autonomous Organization

Since first proposed in 2013, the notion of decentralized autonomous organizations (DAOs) has animated the dreams of blockchain developers. For many, these Internet-native organizations represent the next step in the evolution of social and economic coordination, with blockchain technology and smart contracts streamlining voting, decision making, and the allocation of digital assets.

The notion of a DAO did not emerge in a vacuum. Instead, these organizations build on a long lineage of technical and legal innovation. The Romans devised a variety of commercial entities, such as the societas peculium and societas publicanorum, that enabled parties to share in an enterprise’s profits and losses while also providing limited liability. During the Middle Ages, Italians pioneered early versions of a limited partnership to finance maritime trade. Joint-stock companies emerged in England and the Netherlands in the 1600s, providing organizations state-granted monopolies to engage in productive commercial enterprises. The modern corporation took root in the United States in 1811, when New York granted private parties the power to form their own corporate structures without an extensive approval process. Weiterlesen

by Koh Wei Jie · 8 min read

Railway semaphore signals. Source: WikiMedia Commons

This year, Ethereum has undergone a privacy renaissance of sorts. Encouraged by prominent members of the community, researchers, programmers, and DAO funders have collaborated to accelerate the ideation and implementation of privacy solutions, particularly those which employ zero-knowledge proofs. We are now at a stage where a key privacy building block is emerging from research and entering production: Semaphore, a means for anonymous signalling.

Semaphore is the basis of an ETH and ERC20 token mixer named MicroMix. In the near future, it can be used for other privacy-enhancing applications such as anonymous login, anonymous DAOs, anonymous voting, and journalism.

This technical blog post will explain how Semaphore and MicroMix work, and how Semaphore enables MicroMix to provide users with transaction privacy in a noncustodial manner. It will also describe its performance and tradeoffs, and finally outline how Semaphore can enable other zero-knowledge applications which would be otherwise impractical.

Readers should understand how Ethereum smart contracts work and some basic cryptography, but do not need to be familiar with zero-knowledge proofs. Weiterlesen

Wouldn’t it be amazing if we didn’t have to waste so much precious space on our expensive and sensitive SSDs to run an Ethereum node, and could rather move at least some of the data onto a cheap and durable HDD?

With the v1.9.0 release, Geth separated its database into two parts (done by Péter Szilágyi, Martin Holst Swende and Gary Rong):

  • Recent blocks, all state and accelerations structures are kept in a fast key-value store (LevelDB) as until now. This is meant to be run on top of an SSD as both disk IO performance is crucial.
  • Blocks and receipts that are older than a cutoff threshold (3 epochs) are moved out of LevelDB into a custom freezer database, that is backed by a handful of append-only flat files. Since the node rarely needs to read these data, and only ever appends to them, an HDD should be more than suitable to cover it.

A fresh fast sync at block 7.77M placed 79GB of data into the freezer and 60GB of data into LevelDB. Weiterlesen