This thread is for gathering information for users who want to deal with the “airdrop coins” like Bitcoin Cash, Bitcoin Clashic or Bitcoin Gold.
Bisq will add those in the next release but we will not provide support for problems caused by using those (as we don’t give support on problems with other altcoins as well). Additionally to my introduction anyone is welcome to add further information.
Here is a short overview of the main issues:
- Potential loss of privacy
- Security risk because the public key gets revealed
- Lack of replay protection between Bitcoin Cash and Bitcoin Clashic can cause losses by sending one coin and unintentionally send the same coins on the other block chain
- Beside that there is the topic how to get out the private keys from the Bisq wallet to use the “airdrop” coins and how it deals with the coins from the trade process (MultiSig).
1. Potential loss of privacy
If you merge unspent transaction outputs (UTXOs) as inputs for a new transaction you reveal that you are the owner of all those UTXOs and related addresses. When selling airdrop coins users typically send all UTXOs to an exchange and in that process merge all their UTXOs and by that revealing that all those are owned by one entity. Connecting one single address to a real life identity or IP address leads to the situation to have de-anonymized all those Bitcoin UTXOs. To avoid those privacy issues users would need to control and spend their UTXO in a way to not reveal same ownership, either by spending them individually or taking other non-trivial and usually not convenient precautions. Beside that, the users who don’t care about the loss of their own privacy reduce also the anonymity set of all other Bitcoin users, making Bitcoin less fungible and thus less valuable.
2. Security risk because the public key gets revealed
Bitcoins addresses are the hash of the public key. This adds additional security because the unspent funds are not revealing the public key but only the hash of it. Brute force attacks on finding the private key from a revealed public key is a risk which you get exposed to when you spend your airdrop coins. The additional protection by having your Bitcoin behind a hashed public key (address) is lost because the public key got exposed when the airdrop coin was transferred.
3. Lack of replay protection
Bitcoin Cash and Bitcoin Clashic have no replay protection. Spending one coin can lead to a replay on the other chain and thus spending the coin unintentionally twice on the other chain.
Users have to investigate for themselves solutions how to deal with that risk.
4. How to get out the private keys from the Bisq wallet
To get access to the private keys use cmd+j (or ctrl+j) to open the wallet details window. If you have a wallet password set you need first to deactivate the wallet password then access your private keys and then re-activate the wallet password again.
Beside that, you can use the wallet seeds to use in a BIP 44 compatible wallet.
Be aware that your Bitcoin in the Bisq wallet can be stolen if the wallet which you use for the airdrop coins is compromised (the Bitcoin Gold wallet was a malware stealing users funds!).
The UTXOs of the multisig transaction at the moment of the fork cannot be easily redeemed because it requires both users to sign the payout. But the payout tx made on the Bitcoin blockchain can be replayed on the other chains (beside BTG) and so the payouts in the airdrop coin should end up on both users airdrop wallets. Bisq has no resources to support users running into issues and problems how to get out their airdrop coins.
The arbitrators of Bisq are no specialists for dealing with the complexity the airdrop coins exposes the users to and will not help for any issues caused by usage of airdrop coins. If users decide to trade those coins they are fully responsible for any issues caused by it. Be sure to really understand the involved risks and complexity if you use them!
My personal conclusion
Dealing with those “free” coins expose the user to potential privacy losses and security risks. Furthermore it takes considerable effort and expertise to understand all the implications and how to deal with them. All that should make it clear that those coins are not free at all. The hidden costs are not only applied to the user but also to the whole ecosystem (like Bisq) by forcing them to deal with those complex issues. I personally consider those coins un-ethical, abusing the “greed” of the users to trick them into privacy and security risks as well as burning developer resources for dealing with those issues.