Background

Hello Bitcoin – (More likely Alt-coin if you came here from Google Directly). I’m going to discuss my experiences unlocking my account with Cryptsy. TL;DR: it was not a terrible experience, but not necessarily a pleasant one either.

A long time ago (circa 2013) I used Cryptsy for a few different things, notably, to speculate on alternative cryptocurrencies. My original speculations of choice were: Litecoin, Megacoin, Terracoin, Peercoin, Potcoin, Doubloons, EZCoin, Gamecoin, and Infinitecoin – along with several others that I never really followed too much. From the list above, you should be able to tell that I was speculating, based on name, trading volume, and the market sentiment, of which are poor indicators to gage the future performance of alt-coins. June 2013 came around – June seemed awful because at the time, Cryptsy had instituted an auto-sell mechanism on inbound deposits. I was frustrated with them, wrongfully, because it seemed they were allowing miners to ‘dump’ the coins, thus crashing all emerging alt-coin markets that I had, weeks prior, speculated and divested my bitcoin into! From June till November, was brutal on my investing because I had blown through BTC and LTC recklessly speculating.

November Come Up

So around November 2013 when the big price ramp up occurred, I had seen a huge spike in some of my alts held – It was a wonderful time. My proudest feat for the time was investing about 2 BTC worth of LTC into AndroidTokens, for them to pump in value, to where I made a tidy 8.2 BTC valued exit and locked in the profit. I quickly traded the LTC into BTC and cashed out my newfound earnings. It was the 1st time in my life I really felt empowered by earning income from my own decisions. This small act, of using knowledge to earn, what was nearly 1/3rd of my income, ‘working a career job’ from speculating, had me determined that “I’d rather work for myself.” I left my previous employer 90 days later and have been involved with cryptocurrency ever since. Let’s continue further off topic:

March Wind Down

Fast forward my life to March 2014, was focusing on my full timing Bitcoin mining operations, with these mostly, and decide to focus towards looking ahead at various scrypt coins – at the time I had invested, poorly I might add, into scrypt hardware such as graphics cards, a 1st generation scrypt-asic PREORDER that is STILL not delivered – (only a deposit, not the entire balance), and even into failed hardware that ZoomHash refused to support – my hardware literally sparked one day from being plugged into the wall. No fault of my own could be determined, it was a Gridseed Blade that I paid $750 for, that never earned back $5 in LTC, I’d advise against buying this piece of hardware or doing any sort of business with that vendor for this very reason. I had stopped depositing into my main Cryptsy account so that I could more easily keep track of my trading activities while also keeping my earned mined coins. (I had at this point I had spent time multi-mining scrypt coins and some sha256 alts, like 21Coin or Unobtanium)

I didn’t keep a keen eye on my accounts and balances because at the time I was more focused on tuning GPUs, Dealing with 94 Degree Temperatures 24-7, and also wrangling my bread and butter to keep rent and the power bill money incoming. ( $700 power bill was no joke. 3+ TH of SHA 256 split among 19 diff connected devices and 70 block erupters hosted on one of the Scrypt rigs). It was around May 2014 that things started going to hell w/ the Gridseed Blades I mentioned above. Frantically, I had worked on trying to get them running up to speed – down to buying new ferrite beads from Digikey to repair the unit – I was only able to fix one half of my broken blade.

Also, crypto mining difficulty (which decreases income expected), a recessed altcoin market (my portfolio shrunk down to a 20% of its size in December 2013), a high power bill, and increasing outside temperatures caused me to put the portfolio (and eventually mining altogether), caused me to further relegate Cryptsy towards ‘deep storage’ rather than to actively trade with it. You see, my philosophy was this: modest martingale. I would find the coolest looking alts with the largest member presence on Bitcointalk as well as a high trading volume. From there I would buy up, perhaps .01 BTC worth of it or 1 million of it, whichever was cheaper. This strategy paid off nicely for SEVERAL of the coins I mentioned above (notably for Grandcoin, Quark, and AndroidTokens which were big winners for me during Nov-Feb run up of 2013) I had followed this strategy and now had accumulated over 30 different alt-coins on Cryptsy spread between a few BTC.

Deep Storage Incoming

My strategy was now to ‘trust’ Cryptsy to act as a custodian for my alt-coin balances – This is because I did not want to risk holding and maintaining all of my various coin balances on their own full node QT wallets, with their own complete blockchains to maintain. (Deep down, even STILL, I was paranoid about downloading alt-coin software on the guise that it’s an alt-coin BUT it’s ALSO a BTC wallet stealer). My case and point ‘bandaid’ was to break the golden rule (never trust the security of irreversible money to someone else – ALWAYS CONTROL YOUR PRIVATE KEYS!) and to ‘trust’ Cryptsy with my funds, long term. Like a digital time capsule, holding my potential retirement account 2040, I brazenly kept my old 2fa phone in good working order and ‘disappeared off the face of the earth’ to my Cryptsy accounts…That is…until Last week.

My expectations

Now, I knew in advance that Cryptsy had this policy of locking user accounts. But I put 2 and 2 together = this process protects both the User and Cryptsy from hackers by locking the account to begin with. While it makes dealing with coins inconvenient when wanting to liberate them from cold storage or even to check approximate account balances, it allows me a no-frills way to manage coin balances for 15+ alts, provided I: Log into my account every 3 months or so to check on activity. (though keep in mind, that step is only necessary to keep your account listed as active – All activities, including password change requests, Incorrect login attempts, even Coin withdrawals are all protected by either email verification and/or 2FA). I did not do this, as a result, all my deep storage accounts had been locked down with the stock response:

My Reality

Onward, we proceed to email support@cryptsy.com Wait 2 days, no response….okay….Lets try the popup ‘support tab’ window that appears on the left side of every page:

I entered in my information and received a strange reply requesting security information: manually!?! Yes folks that’s right, a person, had to ask me to verify my security questions in cleartext in an email response:

I noticed 3 things that immediately seem off:

They show a Trade Key in their email signatures (I’ve now had contact with at least 3 different Cryptsy support reps and can confirm that they all list their trade key, which in my eyes indirectly solicits that you should courteously send them money, aka ‘Tip them for their services’) They have no automated system in place by which to unlock my account – I am forced to interact with an individual to verify my identity, despite having the ability to successfully use 2FA, am able to verify my username and email, AND am able to reset the password on my account I cannot enter in some security verification questions to unlock my account?!? The support rep has the ability to ask me my security questions in clear plaintext, yes PLAINTEXT! which means I could presume they either decrypt the encrypted answer on their end or they go the easy route and also store them as plaintext – in some unsecured backup for any disgruntled employee to take. I would feel more at ease (even if the sense of security was false) if they at least gave me a secured link to where I had to fill in this information, the system hashed my answer into a base-64 string then compared the hash to my saved answer in the DB – instantly and automatically – rather than having me give my sensitive data to a ‘support person’ in unsecured email.

Okay so I’m upset because I don’t like giving away private information through the form of an email correspondence, but I do like my money split amongst precious alt-coins so I will play nicely to get my funds back. After another day of waiting for a response to my email, I begin to be fed up with the waiting game. Had those folks who complained before me above been onto something? Had Cryptsy indeed been the ‘Craptsy’ that the naysayers complained about? I decided to look into things a bit further.

I found out through trial and error that there is a separate ticketing system used by the Support Reps of Cryptsy. After sending my quick email complaint to Big Vern (@Cryptsy) and receiving no response, I had made the sensible decision to Login to the Cryptsy Support Portal, armed with my Ticket number in hand, to get down to the bottom of this and to get my accounts back. To my dismay, I saw my ticket, but none of my email replies! “Ah Ha!”, I exclaimed, getting to the bottom of things:

Their support system fails to append customer emails to correlated support tickets! Once I had determined this as fact, by sending a response via email, then sending the identical response in the support ticket, I was in business. Now when I submitted a response and it cleared, I got this reply:

So then I take a quick (slow) nap and in 4 hours I wake up to this wonderful note:

As I read it, my emotions stewed, like boiling lobster ready to rapid fire obscenities: ‘How dare they think it’s cool to send me a “2 hrs window, that’s it K!” message!!!’ So I cooled off for a moment, and decided to try logging in anyway…2FA … I haven’t seen this screen forever… Lets try the old code from the brick phone… it works…. IT WORKS…..my COIN BALANCES!!!!!

1st thing: I was very much pleasantly surprised by how well my EZcoin investment held up – so much so that I dumped a bit into Litecoin for the upcoming halving event, estimated to occur in about 67 days! Which brings me back to my original intention of using Cryptsy and how I now feel post dealing with the efforts to unlock my account for upwards of 5 days: Should I continue using it? I believe I left it March of last year and it was roughly just over 1 BTC in value, I come back today, and see it was touching over 4 BTC estimate with all my various combined balances. We know this number is inflated because the amount of coin capable to be driven from a market is only fueled by the supply and demand, not by the quantities available in ‘your’ portfolio. I lucked out and saw today that there was about 100 LTC available at the top of a sell wall in EZcoin…so I took it. I decided to put that aside and withdraw that from Cryptsy to hold onto, for long storage. I’ll perhaps look into trading again, and when I do, I’ll keep you guys abreast – or not 😏

Total Baller Balances Right 🎢

Speculation

I’ve read (and if you clicked through some of the links above, you too have read) that it could be possible that Cryptsy ‘Steals’ inactive balances. I think that word is quite too strong – steal is an act that occurs when someone knowingly refuses to return your property or purposely misleads you in the effort to help recover lost property. Though these complainers are not incorrect or mistaken – I too believe that Cryptsy removes the balances of all the coins from an account after six months. I’m speculating here so if you quote me, realize that this is based on my own opinion from the experiences I’ve shared with you: Cryptsy DOES remove balances from user accounts after 6 months – these equivalent funds are likely moved into pooled wallet that Cryptsy controls. From there, your account record is set to an inactive state – the equivalent of ‘frozen’. There is a feature where incorrect login attempts allow users to ‘lock’ their profile down, perhaps ‘inactive’ is a similar feature, but it also removes funds from user wallet and allocates the various coins to pooled wallet for each coin type. That explanation would cover why there is a manual step between verifying accounts and also would explain the time lag, required by Cryptsy’s support team – so they have the opportunity to look up your account record, and re-instate your various coin balances, and set your account back to ‘active’ on their DB. Take note of that 2nd email I got: The language: “I am asking for your patience and understanding as we are working to resolve this issue” – > I never once showed any signs of impatience, there was never an issue to resolve – I had a locked account as per protocol – ZERO resolution should be required to ‘flip’ a switch…unless…. ah of course….unless they have NONE OF MY BALANCES associated to my account anymore! If you observe the records shown to the customer by cryptsy – notice there are no internal transaction ids:

Only timestamps. Through not having transaction ids, we cannot view with any certainty what actually happens internally (likely that’s for the better as we really have no meaningful use for the data).

Through obscurity, Cryptsy staff can conveniently use inactive user funds as a reserved pool to continue operations as usual – through trading with no transaction ids on cryptsy. Hopefully, they have an internal policy that holds equivalent funds in offline storage to cover 80%+ inactive accounts at any one given time – expecting them to hold 100% of customer deposits offline through a separate process is a noble thought but is unrealistic from a practical standpoint – it is much easier from a managerial and implementation perspective to hold a reserve balance in one coin [btc] to cover all inactive balances, like an insurance fund) User transactions are software based only, no coin ever actually trades accounts – a pooled wallet holds all balances, likely when a withdrawal request occurs, a user is triple verified (1st login, withdrawal request which requires an email confirmation, then a 2FA final confirmation, if enabled) before the wallet sends an actual cryptocurrency transaction on the alt-coin to the address specified during the withdrawal procedure. Coin balances are surely pegged against deposits and are not on chain, in nature. Now that we have that bit of speculation out of the way, let’s move onto

The lessons learned:

Use their support portal, otherwise communication is one way!

Keep yourself Logged into cryptsy once every few months if necessary – To keep them as a very low cost option for holding investments in altcoins. Don’t hold your entire cache of coins on Cryptsy – I was certainly not using them as a bitcoin piggy bank! However, at the end of the day, I did have a sizeable bit of alt-coin that I decided to convert into LTC and hold in Cold Storage instead. There’s 8 top balances up there – I wouldn’t bother keeping those within their own core wallet, so imagine multiplying that by 4, now try 6…its insane to imagine a typical person who want’s to be productive holding that many different wallets – It’s contradictory right? Why did I bother investing in coins I didn’t believe in? Well, I looked at volume performance and held onto a few coins with the belief that few of them would skyrocket – I still have some Franko and some Diamond – the Franko has remained sluggish, the Diamond, seems to have retained its value since I last checked, surprisingly. Also, remember above how I said I made 8 BTC on ADT? I looked at the pricing – Its currently listed at 14 Latoshis – 0.00000014 LTC per 1 ADT, I bought them on the order of hundreds of millions of them between 12 and 40 latoshis in September and October 2013….I turned around and sold them at the runup in november and december instantly for a rebound between 60-89 latoshis – Keep in mind I was already broken even on several of these so I was rebuying back in with profits and simply profiting on profits – It really was an enjoyable experience, even recalling it now and looking at the trades…That’s why I don’t mind so much about the number of alts or the fact that I’m backing a coin named ‘kitteh’ by holding a few hundred grand of it. In my mind any one of them could could potentially boon again, if a niche market finds need or desire for them – Since writing this piece and reflecting on my past coin-trading days, I think I’d like to gradually swing my portfolio even more balanced, but truth be told, I’ve been out of balance with the alt-coin scene for a long time. I have developed a large cache of namecoin and florincoin – I mined a bit of betacoin, freicoin, and terracoin as well. I don’t feel the urge to build those from source and load their blockchains – I don’t want to necessarily trust an independent web wallet or a mining pool for these balances, which is why I resorted to keeping them in Cryptsy ala digital storage – Are you a coin developer? How would you propose storing coins in a manner such that they are not wholly backed up on paper storage, but that they are not dependent on an exchange or service to hold the coins? I could go into the details of protecting coins in detail, but am going to leave that to another day and perhaps will use your feedback in my upcoming guide for coin security, stay tuned!