Ideas on how to make decentralized trading more trustable amongst traders

I love the concept of Decentralized Exchanges but I’m not a programmer and I haven’t been involved in such projects before. I’ve just been reading about it today and thought I might throw in my two cents as far as ideas for development are concerned.

One of the proposed problems and solutions with a decentralized exchange seems to be, “how do you exchange fiat for bitcoin with a stranger if you have no third party mediating the security of the transaction?”

Some projects like Coinffeine propose that a deposit is made by both parties as arbitrator for a transaction so that if anyone tries to cheat the transaction, they lose their deposit. But some say that doesn’t protect against wealthy trolls who want to just see the world burn. This is true, and unfortunately there are people who are that way inclined, and it is often wealthy people who are usually of that inclination.

So how do we guard against that?

Automated track records of trading activity should provide a rating of trust like that on that can be requested by each party involved in a transaction prior to transacting with each other.

When two parties meet online to transact, the person with the lowest trust rating must go first in the “your turn, my turn” process of deposit A, deposit B, sell portion A, buy portion B, sell portion A, etc of the transaction process. This will encourage people to have a higher trust rating so they don’t always have to go first.

Once you reach a certain rating of trust, you go up to a new tier of trust, where you can now join and trade at higher volumes with other trusted traders who have achieved the same tier. Then the more trustworthy trades you do, the more people you can enjoy a trustworthy trading environment with.

Think of the verification process on The more verification you provide, the higher your tier level, the more access to trading volume and activity you can make use of. In this case, the more trust you prove, the more access to trading volume and activity you can access.

Therefore, when you first sign up to trade, you are on tier one, and can only trade in small amounts, eg: 0.1btc max or its equivalent fiat value per trade. After successfully making, let’s say twenty trustworthy trades, you move up to tier two.

At tier two you can now trade at a max limit of 1btc per or it’s fiat equivalent per trade. After another twenty trustworthy trades, you move up to tier three, etc. This way each decentralized trader will gradually get access to more trading volume the more trusted trading they do. Cheat just once, and you are locked out of the system, and will have to sign up as a new user and start the trust verification process again.

Essentially your first few trades on signup will be under scrutiny by those you trade with, but the risk of loss is minimal because your volume to cheat with is minimal, and as you progress to the next tier of trust based on “how many trustworthy trades you have made”, and then to the next tier of trust with “how much trustworthy volume of trade you have you made”, you will reach a tier where you will be amongst your trustworthy peers, and are less likely to have to deal with the risk of cheaters.

Of course this doesn’t eliminate the risk entirely because if someone suddenly lost their personal wealth after achieving this trust, they might turn to the dark side and sabotage their own reputation in one foul swoop, but then their rating is gone forever, and they will never be able to achieve status again, and the loss will only be a portion of a trade to one unlucky individual. The odds of being that unlucky individual is very slim compared to the likeliness of this concept working for the majority.

Kind of like saying, yes, people do die on the road, but we will still continue use vehicles
for the sake of it being very convenient compared to no transport.

Let’s talk about it :slight_smile:

Thank you for your comment.

In which step do you see an security risk when transacting via the bitsquare application?

You may find more info

Bitsquare doesn’t hold users funds. Only you hold the keys to your bitsquare wallet (which one doesn’t need to use to transact via bitsquare!

Who is logging all the data you suggest for e.g. verification
(some has to make sure that only you are using a certain instance of the bitsquare app; so one needs to generate/send out logins/password etc.; Why ? Where is the advantage to a centralized exchange that can loose funds and lock accounts as it likes resp. as big brother likes)
and who do you suggest is the ‘Big brother’ to decide ? Didn’t decentralization mean lets get rid of big brother/third parties and lets get back to the roots of p2p business? The notice of ‘automated’ doesn’t change much but ask for more overhead/risk and trust in an already advanced software project.


A common problem with P2P trading is “man in the middle attack”: Buyer is cheated by another advertisement to pay for something totally different, like an iphone

So the seller must be sure the buyer is fully aware of the transaction of bitcoin purchase. In order to achieve this, certain kind of communication is necessary between the seller and the real buyer, the buyer has to upload a relevant document that proves he really owns the account and is aware of the bitcoin transaction. Currently there is no such possibility

In one word, how do you make sure the guy who made the payment is the guy who were contacting you on bitsquare?

There was some discussion regarding that topic:

The reference text might get changed in future versions to something like that:
In the github issues we discussed tha tin the last comments of the thread.

Most of the banks here do not allow more than 12 text in the reference message, so a direct communication channel between buyer and seller before the trade is preferred. In localbitcoins, I would ask them to upload an evidence that they are the real owner of the account, like id card, utility bill etc. In fact that is the whole purpose of ID verification of various financial institutions (to prevent MITM attack)

Another problem is that when you receive the bank transfer, it typically does not show the buyer name, so there is no way to verify who has made the payment. Therefore I have since long ago stopped using those method that can not show the payer name on the bank transaction

As MITM seems so imminent to you would you spare some time and point us to the weak points in Bitsquare’s ‘trade process’. Especially how to capture the relevant information/data.

So you like to have a third party, big brother? What do you find then appealing of the Bitsquare project?

As you are less concerned with your privacy could you give us more data, which bank, which country, which payment method, etc. ? From a European experience, banks show all this information that one can verify transfer data with Bitsquare trade data.

One last question. How many problematic trades/experiences did you have using Bitsquare?


1 Like

I like bitsquare since it is the most closest form of P2P trading and it has big potential. But MITM is first thing you need to consider before your bank account is frozen due to a fraudulent payment

I’m an OTC trader since 2012 and I have been police reported numerous times since the beginning of trading on localbitcoins, and most of my bank accounts were closed as a result, leaving only 1 bank opening to my business. So this is a serious concern for any trader.

I don’t have problem doing trades with Bitsqure since we use only swish method, where it is a mobile payment method and you can directly call the payer to check the trade. But for bank transfer, no such luck, sometimes you can see the payer name but it does not mean that’s the same guy contacting you on bitsqure

Another experienced trader also had his account closed, he has put those common type of scams in a well written article (in swedish)

Put it simply, if you can not contact the real owner of the account and make sure the payer is aware of the transaction, the account can be cheated or stolen, there is no way to tell if the transaction is legitimate

I think at least in the open offers, there should be a field that I can specify my trade terms, so that buyers can understand that my verification requirement

Would you provide info how the man-in-the-middle gets the data within Bitsquare?

We can not verify this info :wink:

If someone buys BTC against fiat from you, you get the counterparts payment details. When you finally receive fiat in your account and the senders bank info matches the info you received w/in Bitsquare, how do you know that the person instructing the payment and providing the info w/in Bitsquare are not only the same but also real? One depends on info from people! Even with a phone call or all this government stamped paper.
What you describe looks rather like a flaw in the banking system, CHARGE BACKS, not an issue of missing ‘verification’, ID providing, etc. Another reason to get out of Fiat.

Anyway, use payment methods w/ a low charge back risk, as you do w/ Swish.

Proposal: Instead of asking for additional verification requirement, ‘advertise’ only with ‘charge back safe’ payment methods like OKPay/Perfect money, … If you know of additional safe payment methods, Bitsquare is happy to add them.

Why swimming with the sharks when you have a safe pool?! Wouldn’t that be the first choice of an experienced OTC trader?

MITM is very smooth with bitsquare: Scammer setup an advertisement on ebay to sell Iphone 6 at $300, at the same time buy $300 worth of bitcoin from a bitsquare seller. He just need to collect the payment info from the bitsquare seller and send it to Iphone buyer. And when the Iphone buyer paid, the scammer run away with bitcoins

And the swish account can be stolen or hacked.

For example, an old women set up a facebook account and the hacker pretended to be her daughter and asked for her to take out her code generator to generate a login code to install a mobile bank id, which is the authentication app used for online banking. Once she did that, the hacker successfully installed mobile bankid on hacker’s phone, and could access her account at will. Then the hacker immediately use her account to buy bitcoin from me, but he failed to provide id documentation for the old women and constantly change his words, then I call the women (through home telephone register in yellow page) and start to investigate the case

That’s the reason KYC rule usually require multiple documents to authorize the payment, since that reduce the impact of stolen account

So in bitsquare, there should be a function that makes buyers and seller chat and exchange documents before the payment is initialized

Localbitcoins was banned in Germany just because so many cheated/stolen accounts all sending money to careless sellers on localbitcoins

Again, its remains a flaw in the fiat banking system, charge backs.

I’m very sorry for the old Lady in your example but she needs to take care, not the rest of the world!
All this imagination makes me think if the old lady had money in her account, she would probably take better care of it.
This old lady must be very tech affine, opening a fb account and doing e-banking but is not able to call the customer service center to block her account to reduce the damage.
But finally she manages it just in time to initiate a charge back of a fraudulent transfer.

For the Ebay case, did you try it already? Wasn’t there an escrow service at Ebay exactly for that cases. What about the payment amount. its rather weird to send/receive even more money as the btc amount is to be defined and not the fiat amount @ Bitsquare. And many orders allow only All-or-Nothing.
Actually, it looks as there is also a timing issue. For listing on ebay you need the payment info, don’t you, which you only get after you bought the BTC. And if you buy the BTC first will someone buy the iPhone on time?
The raw picture is clear but the details may need some work.

Then why is ebay not banned? But anyway, the story is different. Seems operated without a license.

The germans get robbed by their state via taxes …

Its censorship resistance is a great feature of Bitsquare!! Voluntary interaction to achieve individual or common aims without a third party interfering !!

1 Like

The way to hell is paved with good intentions. If you get one security hole, no matter how small it is, all the scammers in the world will try to exploit it and typically the victims are women and old people, then the credit of the system will quickly get ruined, and bitsquare will become the home of scammers

Unfortunately, it seems all you do is trying to prove that you are right without giving a helpful solution for a real problem, just like Thymos in bitcoin forum, and I don’t think there is any meaning discuss this topic further

There are various interpretations … Especially when it comes to intentional misinformation to achieve some goal.

So far the Bitcoin space consists of 95% white male below 35. Some say that are all criminals …

Luckily nobody has to use Bitsquare but everybody can us it.

Please accept different opinions about what is a ‘real problem’. Resources are scarce. And before applying them to solve ‘issues’, the same need to be examined thoroughly.

The problem is here. So Bitsquare should write somewhere that banks that doesn’t allow to write more than X chars on the reason/motive aren’t supported.

If it isn’t possible to write something like this (from the github issue):

Payment from Andre Koster to Manfred Karrer (gdgk78dsf)

Then the bank isn’t supported.

Asaik in SEPA there is no limit regarding reference text lenght.
Internationally we need to expect anything as banks seem to have never heard about any standards or min. IT service requirements.

A global list of bad banks might be too long to process by modern computers :-).
Just kidding… a list of banks with certain requirements/special cases might be good to have. Maybe a rating tool for banks is something interesting to set up. Might become a business model for a small startup. Banks will unfortunately stay longer a painful element in e-commerce so useful tools to help users which bank you choose when setting up an account might have really some value. Anyone interested to make that his project?

In addition to above mentioned objections to johnyj’s case but in a attempt to address concerns in regard to MITM, Bitsquare could just stop publishing the onion addresses with each offer. This makes it more difficult to link account information received within an earlier transaction to actual orders.
The reason why onion addresses are published is as a reputation measurement. But as this addresses are easily changeable this is anyway under review and is only a disadvantage for honest peers.