<ofrnxmr:xmr.mx> PSA: everyone needs to remove your offers IMMEDIATELY, there is a protocol exploit being actively used

<ofrnxmr:xmr.mx> From woodser, re haveno/retoswap

<sadgirlava:catgirl.cloud> I was actually gonna ask here about RetoSwap, bc's the only method to get Monero without KYC. But people have warned me that (even without a protocol exploit), it's easy to get scammed when trying to trade. What are y'all's experiences with RetoSwap?

<gan:skhron.org> Scammed how - to be specific?

<monerobull:matrix.org> Fiat buyers are very safe, they don't really have any risks. The seller side is different with potential for chargebacks and rogue arbitrators or like today, exploits.

<pyratevevo:matrix.org> @ofrnxmr:xmr.mx: Ugh that's just great.

<sadgirlava:catgirl.cloud> @monerobull:matrix.org: Ok, I see. Is there any data besides individual anecdotes to help gauge how likely I am to get scammed while trying to buy monero on there? I'd probably be ok with a chance <5%

<monerobull:matrix.org> It's less than that

<monerobull:matrix.org> It's probably less than 5% even for sellers

<sadgirlava:catgirl.cloud> Ok cool. Then perhaps ill roll those dice once the exploit is patched

<monerobull:matrix.org> In the two years that it's been running I've seen 1 person complain about it, someone bough XMR via amazon giftcard from them and amazon later removed the credits because they were bought with a stolen credit card

<sadgirlava:catgirl.cloud> How does the chargeback work in that scenarios? Fiat buyers can charge back XMR that they trade for fiat after the transaction? > <@monerobull:matrix.org> Fiat buyers are very safe, they don't really have any risks. The seller side is different with potential for chargebacks and rogue arbitrators or like today, exploits.

<monerobull:matrix.org> if you buy xmr with fiat there is nothing that can really go wrong

<monerobull:matrix.org> if you are the xmr seller, someone could send you fiat and then do a bank chargeback after you released the XMR

<sadgirlava:catgirl.cloud> Ohh, ok that makes sense, ty

<monerobull:matrix.org> but i haven't heard of anyone this has actually happened to so far. Just stay away from paypal, that's the easiest to charge back

<hbs:matrix.org> you could be sent fake fiat though.

How?

Like, if it's cash by mail,Like, you mean fake cash via cash by mail, or invalid giftcards?

<gan:skhron.org> BlueyHealer: yes, that's rather easy to execute

Can the seller not verify this&

?

<pyratevevo:matrix.org> monerospace.org this looks great.

<gan:skhron.org> nonetheless that's why we have trader volumes an reputation systems in place, as Timothy May have intended

<gan:skhron.org> s/an/and/

<gan:skhron.org> Verify what?

Like, that the payment isn't fake?

<gan:skhron.org> With non-digital methods, that's rather hard

<gan:skhron.org> Can ya yourself think of any method to verify that? even with gift cards, a lot of systems don't exactly always support delaying the activation nor have systems for checking validation either

Like, I'm pretty sure the validity of giftcards can be checked on the respective websites (I recall at least the Visa ones having such). As for cash - I don't think about this because cash by mail is illegal here, but that's a problem for everyone dealing with cash and I don't see people worrying about this much.

Which "universal" giftcards don't support checking?

<gan:skhron.org> Not totally sure to be honest, my statement was more theoretical in its outline and somewhat generic because I have to assume a lot

<gan:skhron.org> BlueyHealer: Not like the state in your case cares in general, you can send cash via parcel lockers, and intra mailing isn't always properly checked, plus that'll be just an administrative fine

<gan:skhron.org> but that's beside the point

"Just an administrative fine"? wtf

I mean I'm unnerved at how casually you dismiss that

Like, when LM was around (rip), I haven't seen any cash by mail offers either.

<gan:skhron.org> Why I would not?

<gan:skhron.org> What exactly the issue with that?

<gan:skhron.org> LM wasn't really used in your state, as TG was always more popular for that, furthermore they applied sanctions at the end of their lifetime

Like, that'd still go on record. And I kinda assumed that if you're caught doing that repeatedly, punishments could get more severe...

Should check if it's like this though. Otherwise everyone would just treat fines like this in general as a potential extra cost...

<gan:skhron.org> That's what exactly drugs users do in fact

I've heard that Western drug users use mail, but don't understand that, this seems risky AF and relying on a pinky promise not to look too closely and open. Also there you can receive parcels without signing a form, while here you basically have to acknowledge "yes I was expecting this to come".

Drugs are instead delivered by couriers doing, ahem, "geocaching". Saw some of those fuckers doing their job, they were so shameless they weren't even bothered by my presence :/

<gan:skhron.org> Personally I have some administrative penalties, you're aware that you can murder a person and find a job afterwards after you'll be freed, do you actually think that administrative penalties that's so controlling of your employment status in the future?

Also I have seen the results of their "activity" right in our building. And it seems like this problem is EVERYWHERE. A lot of the buildings around even have warnings not to let strangers in for this exact reason.

Sorry for venting I'm just mad at those fuckers.

<gan:skhron.org> BlueyHealer: kladmanning isn't the only option, grey area elements like sale of canna seeds could be delivered to parcel lockers easily

do you actually think that administrative penalties that's so controlling of your employment status in the future? <- I'd think yes. And do they not get bigger when you do it repeatedly?..

Sorry this dismissing of illegality feels just alien to me

<gan:skhron.org> BlueyHealer: eh, depends on the offense in all fairness

kladmanning is not the only option but it's apparently the most common, and I hate that I can see traces of it in daily life :/

Also, would they not confiscate the money in the envelope too? Or just return to sender and then fine them?

<gan:skhron.org> BlueyHealer: Uhh, if the daddy state will tell that it's le hecking illegal to use Monero, you'd depart yourself from here?

<gan:skhron.org> BlueyHealer: It's usually confiscated and counted towards the fine

oh

So if it's bigger than the fine, it's just confiscated in its entirety? And given that cash by mail offers tend to have INSANE minimums, who would risk that?

really rich people?

As for laws - I just don't understand willingly risking your arrest or fine, I just don't understand people living without a self-preservation instinct.

<gan:skhron.org> But I should re-read the law personally, it didn't happened to me even once, but it did happened to my contact in Arhangeljsk, as far as I recall, the fine was rather small

<gan:skhron.org> BlueyHealer: We live only once, sucking the state big time is quite uninteresting in my opinion

"Rather small" for some people can mean even like $100, some people are just rich

It's not "sucking the state", it's "being able to afford anything but the groceries" or "not being in prison"!

Like, prison terrifies me because PTSD is NOT CURABLE. So, like, that's only a tier below rabies in the scary disease chart.

<gan:skhron.org> BlueyHealer: You get paid ~400 USD working at Ozon, sure, somebody who lives in real Russia, they should move already

<gan:skhron.org> BlueyHealer: You'll be jailed for such offenses, not imprisoned

But jail is still more than capable of giving PTSD to a normal, if very soft and gentle, person. So no difference.

<gan:skhron.org> I doubt such people will be dealing with Monero in general

depends

Anyway, I feel there's just a fundamental mismatch in how our brains work in terms of risk assessment, so I guess discussing that is kinda unproductive.

Like, I just don't understand thrillseekers, but am fascinated at how they're real.

Like, can't believe there are people who think they could survive *jail* without PTSD. Are they just that strong or do they not know PTSD currently has no cure?

<gan:skhron.org> I was jailed for participating in a protest, still alive as you can see

Not about "being alive", more like "having trauma and never being the same afterwards"

Which is, like, horrifying

<gan:skhron.org> You should read about the Network Case, despite being tortured, the guys still survived it just alright

<gan:skhron.org> anyway, this is very offtopic, I think that at least abusing parcel lockers for exchanging Monero was somewhat on the topic

Yeah I know about that, but not read in detail because I want to sleep at night

Just alright? No trauma at all?

I just know people get it for less

But yeah, 100% agree about it being offtopic. And I don't think there's much point to a discussion either. Like, I know I'm not crazy resistant to trauma like this, I know I'm risk-avoidant and will always be, I don't comprehend how people operate in any different way, and thus there isn't really anything that can be explained or reasoned.

<pyratevevo:matrix.org> @gan:skhron.org: How do you believe you got made ?

<gan:skhron.org> @pyratevevo:matrix.org: Huh? to answer literally - I'm made out of the pretty weak flesh

<gan:skhron.org> Also as much as I have a habit of commenting-in-place, this is rather offtopic :P

<reaster:matrix.reaster.dev> i think modern society made a lot of people that they're more mentally weak that they actually are > <BlueyHealer> Like, can't believe there are people who think they could survive *jail* without PTSD. Are they just that strong or do they not know PTSD currently has no cure?

<reaster:matrix.reaster.dev> same as ganza i was attacked by riot police and taken into custody during a protest and even if for some month after that i had a lot of fear issues when seeing riot police, well i'm still alive and it went off

"alive" =/= well tho

<gan:skhron.org> I mean, I'm openly queer in Russia 🚎

Like, I can't imagine being "ok" after that. Because, like, I know that trauma can't be cured, only treated.

<gan:skhron.org> Those who are afraid will never taste the fruit of true liberty 🧌

<reaster:matrix.reaster.dev> people online get "attacked" and "damaged" for texts, i don't know how wild it is, and saying you get ptsd for light stuff (jail is not a light stuff, i just say it's not at hard as the original concept of the ptsd) when you compare the concept of ptsd that originated in the war veteran, man that's clearly a different concept

<reaster:matrix.reaster.dev> @gan:skhron.org: kinda true, like, since i accepted the idea that it's better and actually easier to not get caught than to try to follow all of the rules, life has never been easier

<gan:skhron.org> Eh, I was grabbed and thrown into a clown car, if I've resisted that could've been a lot worse of course

<eddie:oblak.be> I am pretty average, don't do illegal stuff, but I will almost always avoid passing police

<eddie:oblak.be> Maybe that's trauma, idk, but I just don't trust police at all

Anyway, I don't think there's anything to explain. Some people are just thrillseekers and mentally tanky.

I was under the impression that jail could give a really meek, soft person PTSD for real

<eddie:oblak.be> I don't think anyone is the same person coming out as they were going in.

Like, that's just different brain frequencies, metaphorically speaking

<eddie:oblak.be> soft/hard.. doesn't matter

<reaster:matrix.reaster.dev> like for example you could take a very old vehicule, heavely modify it yourself, make it run on "special" fuel that cost waayyy less, pay government workers to manage to get papers in order, and what would happend?

<reaster:matrix.reaster.dev> or you could go get a loan that will chain you, buy a new vehicule that would break down in 4year because one security thingy in plastic decided to brake, and if you don't give it the official government approved fuel it will not start

<eddie:oblak.be> losing your freedom like that is probably the most traumatic one can experience.

Anyway, my point was that most people aren't like this and thus mostly interested in normal people way

<reaster:matrix.reaster.dev> idk about most people, i also think that most people will not end up in jail nor wake up, nor have to face anything hard

<reaster:matrix.reaster.dev> beside obviously the collapse of the western society economically

<reaster:matrix.reaster.dev> that will hit a bit most people

Wake up from what? Like, you can be aware of the ills going on, and just as aware of the limitations of your own agency, and make peace with that.

<plowsof:matrix.org> daily reminder to preform your reality check to confirm this is not a dream and we're reading the Monero matrix chat

<plowsof:matrix.org> brb enjoying my lucid dream

Thanks, I've been doing that a while ago. Kinda miss having lucid dreams consistently.

<pyratevevo:matrix.org> I personally don't mind topics that are directly related to Monero's mission like internet privacy and freedom etc.

true, although I have led the convo away from that and into being puzzled about self-preservation in general

Does anyone know when the next payout batch is? How often is the intervals?

payout batch of what?

For bounties

maybe you say hello while joining the room

pardon?

np

:D

<plowsof:matrix.org> for bounties, there was a core software release, and then some issues with gitlab - so availability to organise/perform bounty payouts has been effected

Thanks for the info. Do payouts usually happen on a fixed schedule/batch interval, or is it usually just manual depending on maintainer availability?

btcdwed my mistake haha

if you say hello, or show socialized behaviour

someone will answer your question faster

:P

yep, that was my mistake, understood

hi plowsof o/

i'm very new to libera chat

np burh, yw

bruh

any idea as well for the "CC all points of contact", is there suppose to be more than just luigi1111, I don't think I'm missing anything, am I? github.com/monero-project/meta/blob…ints-of-contact-for-security-issues

I would just assume that luigi1111⊙go is the proper email to send it to, it's weird that the pgp email isn't aligning though.

i was getting a recipient's key validation failure. the defined sending key on the public key is `luigi1111w⊙gc`.

ro1m: did you submit it on hackerone? or only per email?

email

and did you receive a reply?

or why do you think you are getting a bounty?

No, I forgot to clarify that it's only been 1 business day so far. Documentation says to expect 3 business days, as for your bounty question, what do you mean? Email is the place to submit possible vulnerability findings, along with hackerone as an alternative option, am I correct?

we are receiving a ton of low quality AI subissions on both hackerone and email

Lots of programs are having that issue, unfortunately.

<ofrnxmr> This is false. Nohello.net > <btcdwed> if you say hello, or show socialized behaviour

<ofrnxmr> ro1m, your report will be looked into and you will receive a response. Hackerone is preferred, and the gmail is a better place to send to. The getmonero email is flooded with spam

ofrnxmr, interesting, should I still send pgp encrypted or no? and could you verify the gmail?

I would assume pgp encryption still 😅

can you send the report to me over IRC? my gpg key is in the repo

if you just send it to the email it might get lost due to regular spam and nonsense vuln submissions

<ofrnxmr> ^^ selsta is the one to talk to right now

(i handle reports submitted to hackerone, not email usually)

okay, thank you, I have to help my kid, be right back

selsta what's your fingerprint?

29A5 B386 FB94 3B68 4FBF 7BBD 2EA0 A99A 8B07 AE5E

Hi btcwed 0/ , ah its hackerone selsta thanks

we have a gmail account? lol

<eddie:oblak.be> I was thinking it, you're saying it 😅

yes please don't send vuln emails to getmonero email addy. It's really unusable

ofrnxmr: HELLO :P

<eddie:oblak.be> luigi1111: Maybe update the page to reflect this preference?

I can assure you that would help a lot of people

<eddie:oblak.be> At this point method "a" to submit something is by email, but it seems here it should be "b"

<sadgirlava:catgirl.cloud> Perhaps it's a filter for low-effort AI spam

<eddie:oblak.be> that's just anoying if you're a legitimate researcher

<eddie:oblak.be> there should be other methods to combat spam

<eddie:oblak.be> you could scrap email altogether if it's unusable

I just want to put the thought inside your head to make sure to stop receiving reports over email, but make sure to check every one after that ;)

hackerone is definitely preferred. email to gmail is possible (can encrypt) since their spam handling is much much better

the problem with hackerone is your reporters are frequently "afraid" of reporting.

since reputation and signal requirements for newer hackers.

that doc def needs updating. Selsta should be on there and maybe others(?). Moo I don't think is active around there either

Is forum.getmonero.org/8/funding-requi…d/87597/monero-bounty-for-hackerone suppose to be working?

supposed*

no

doc needs updating

<eddie:oblak.be> Is the spam flood because of normal people using AI to find hallucinated vuilns and then report it via email. Or because of automated spam emails that have nothing to do with vulnerability disclosure?

<ofrnxmr:xmr.mx> No, it just from automated bulkshit emails

<ofrnxmr:xmr.mx> But you can add ai garbage to that now too

<ofrnxmr:xmr.mx> Its been flooded with trash for a long time. The getmonero repo has 5 million spam accounts. You can imagine how many emails are sent to the getmonero email

<gan:skhron.org> @eddie:oblak.be: "normal people", an interesting way to phrase blatant stupidity

<eddie:oblak.be> Yeah, I am trying to think how this can be solved without having to rely on google

How about get AI to process the AI generated report, to judge if it's AI or not. Sounds like a really good idea.

<eddie:oblak.be> My first thought is to have a submission form with a proof of work captcha

"Selsta should be on there and maybe others" <-- i don't like having my contact in that doc, maybe we can find a different solution

<eddie:oblak.be> @eddie:oblak.be: libroot.org/posts/project-nojscap I found this recently and I like the concept

<gan:skhron.org> it cannot be solved without other operators and client sharing

<gan:skhron.org> client?

<gan:skhron.org> what the fuck

<gan:skhron.org> how I wrote that

<gan:skhron.org> sharing lists*

<gan:skhron.org> ro1m: No, even more shitter idea

Sarcasm :]

<gan:skhron.org> @gan:skhron.org: Anyway, creating garbage with abominable Intelligence is always easier since its the main purpose of bullshit generators than creating something of value, defining what's valuable is even harder

<eddie:oblak.be> selsta: Ideally you have something like "disclosure⊙go" where the relevant people have access to

i thought about that but we all have different gpg keys

so i guess there would be one master key

<eddie:oblak.be> selsta: would that be a big problem?

<eddie:oblak.be> it doesn't solve the spam problem of course

You lose accountability that way, along with offboarding is a terrible process and then there's no redundency under any circumstance of a compromise

redundancy*

I'm not selsta though

<gan:skhron.org> selsta: Encrypted data could be addressed to multiple recipients

<gan:skhron.org> see the output of "gpg --encrypt", it explicitly asks for "recipients", and in my experience neomutt supports setting multiple of them just fine, can't say much about clients

<gan:skhron.org> ro1m: what?

<gan:skhron.org> How a fucking master key would provide more redundancy? not to mention that somebody being "accountable" could just use their fucking key?

offboarding, as in you don't want a maintainer to have access anymore, you would have to rotate the whole key and tell all researchers to use the new one, along with if one machine gets malware (as in private key leak) all encrypted reports can get exposed

and for accountability with one shared private key, you cannot tell who decrypted/read what.

<eddie:oblak.be> so you could send to 1 generic email address, while still addressing several public keys? > <@gan:skhron.org> Encrypted data could be addressed to multiple recipients

does that make sense?

that's just my thought like I said

<gan:skhron.org> @eddie:oblak.be: gnupg.org/gph/en/manual.html#AEN111

<gan:skhron.org> > To encrypt a document the option --encrypt is used. You must have the public keys of the intended recipients. [...]

<eddie:oblak.be> well that seems like clean option, you don't have to share personal emails on the internet, only the keys (which are public anyway)

<gan:skhron.org> ro1m: you can't tell that with a master key either

<gan:skhron.org> Sorry to say, but some trust is always expected

<eddie:oblak.be> @gan:skhron.org: yeah, it is so common to have for example a "support@bla" email that is being managed by a team of people.

<eddie:oblak.be> the dispatching is another mechanism

Yeah I think we're agreeing. I worded that badly, I meant a shared master key doesn't provide good redundancy/accountability. Multi-recipient encryption to individual maintaner keys seems much cleaner.

one public disclosure address, reports encrypted to several public keys

so if someone leaves you remove their key going forward instead of rotating one shared private key

<gan:skhron.org> oh fuck, I'm a dumbass probably, ro1m is probably responding to the other person (i.e., selsta) commentary

<gan:skhron.org> ah shoot

Yeah exactly, I was responding to the master-key idea, not arguing against multi-recipient encryption

i guess multiple recepients would work if it's documented

Is there a reason why it says I'm banned from #monero-pools?

#monero-pools *

<plowsof:matrix.org> moved to Rizon network

ah okay

<sbt:nope.chat> nitter.net/OrangeFren/status/2057121431159181679 is this number correct? $2.7M stolen from retoswap.

<kiersten5821:matrix.org> he was the mediator and the counterparty? how did he become the mediator?

the exploit was there since 18th march 2025

woodser identified the issue and created a PR here haveno-dex/haveno #2315

but it appears he also introduced the bug during a large refactor

That's terrible.

<sbt:nope.chat> > why in the world was it even possible to just tell clients "well, trust this new arb here: xxx.onion"

<sbt:nope.chat> Wtf was is that easy?

<sbt:nope.chat> It*

flick through the volume graph since 18th march 2025 @ haveno.markets , it could have been much, much worse if it was exploited earlier

arbs draining the order book is a well known down side to the haveno network, without some bug, it could still happen

<assholeorangecat:matrix.org> I remember reading about this here: openmonero.com/knowledge/haveno-retoswap-smells-like-a-honeypot

<assholeorangecat:matrix.org> "These funds can potentially be frozen or seized because the admin can easily have two keys required to sign a transaction. The haveno FAQ suggests that the admin/arbiter only has one key, but in practice, anyone can become a taker, there is practically nothing preventing the admin from possessing two keys. "

Am I reading this wrong? $XMR is trading at $399.15 right now not $430

<kiersten5821:matrix.org> where is the 7000 quote coming from? this website doesn't show it

the statistic from haveno api are delayed and obscured somewhat for privacy reasons. im not sure if the exploit will show up on the volume graphs (probably an ATH!)

kiersten5821 some poeple have came forward sharing amouts they have personally lost and know of others losing

plowsof: the statistic from haveno api are delayed and obscured somewhat for privacy reasons. im not sure if the exploit will show up on the volume graphs (probably an ATH!), was this over the year os all at once?

or*

the draining event? (several hours from start to finish, not all at once). the statistics you are looking at? you can look at the year / or daily

<pyratevevo:matrix.org> plowsof: That's fucked up.

ofrnxmr noted a plausible reason as to why the offers where not drained at once in the haveno room

I mean, none of the XMR was sold...

not due to incompetence : due to collecting enough xmr slowly from trades with no deposit amounts or low deposits : you need a small amount of xmr to seed the drain - until eventually yo have 100 xmr to place a deposit to being a trade with sellers who where offering the max amount for a crypto trade , 528 xmr IIRC

working your way up the chain until theres nothing left at the top

<kiersten5821:matrix.org> so it can be concluded he had less than 100 xmr in the beginning, otherwise he would have just taken the biggest oens?

that is plausible - but ofc, whoever committed it could want you to think that, who knows

<ofrnxmr:xmr.mx> @kiersten5821:matrix.org: This OR that they wanted to test it first

<ofrnxmr:xmr.mx> And thought small offers would be less likely to panic over some inconvenience or "bug"

<ofrnxmr:xmr.mx> But it does look like they collected deposits before hitting the big offers

<ofrnxmr:xmr.mx> Once the big offers were git, the small ones were already gone

<pyratevevo:matrix.org> Hey maybe this'll make RetoSwap come back stronger than ever with LocalMonero levels of low volume liquidity and fair rates !

<pyratevevo:matrix.org> /s

the marketing department are already assembling a team of ai agents to promote the return of the Now battle tested haveno network

fiat offers where not effected ? retoswap mentioned this in a series of tweets , (imo haveno has and will be garbage for crypto-crypto trades)

<pyratevevo:matrix.org> It'll actually return as an even more whale focused dex..

they could recoup losses by selling NFT's

i have a mtgox nft apparently somewhere

<ofrnxmr:xmr.mx> plowsof: Fiat offers had a much lower max

worth at least 0$ so thats something

not worth the effort then

need to get to the 100xmr deposits

<ofrnxmr:xmr.mx> Yeah. Especially if it was a script kiddy

<ofrnxmr:xmr.mx> Took 6hrs to drain a handful of offers. So must have been done manually

someone has a link to that retoswap "story" ?

<ofrnxmr:xmr.mx> And probably played some video games while waiting for their deposit change to confirm

<ofrnxmr:xmr.mx> nitter.net/RetoSwap/status/2057092914677785046#m ?

<ofrnxmr:xmr.mx> This one?

<ofrnxmr:xmr.mx> I didnt click the link

If you have been affected by today's incident please back up the following folder ASAP and keep it safe. It will be required for potential recovery plans:

that is inside the link :P

if you are sitting on piles of wealth that you/friends/family are not personally benefitting from - you can take it to the grave , or donate it willingly to e.g. ccs.getmonero.org/funding-required :D

;D

<pyratevevo:matrix.org> There's an article by Sam Bent > <btcdwed> someone has a link to that retoswap "story" ?

<pyratevevo:matrix.org> sambent.com/haveno-brought-back-the…isig-and-attackers-just-hijacked-it

i researched retoswap/haveno back in the days, but never tradet there

thx

we forgot to seed weird info so ai sloppers would pick it up, next time

78 exchanges delisted monero after the haveno drain

<assholeorangecat:matrix.org> btcdwed: I researched it some time ago and came across the post from 2025 that I posted a few messages ago decided not to give it a chance

<eddie:oblak.be> plowsof: that's all the exchanges?

assholeorancecat: i agree on "dont give it a chance" :P

ignore the 78 comment - thats a call back to some ai slop news site mentioning "78 exchanges delisted"

xmr is delisted everywhere, but traded like a premium coin

-a +the ;P

What do you mean delisted?

"potential recovery plans:" is marketing / hopium

i personally expected a lot from reto/haveno idea

there's only one "recovery plan", which is to accept it.

sad to see what happened till today

btcdwed what do you mean a lot of exchanges delisted XMR?

i said nothing, plowsof is guilty

:P

xmr is known for getting NOT LISTED ANYMORE on exchanges with heavy KYC/AML

or just business fear

:P

I mean, it's goal is to be private.

<assholeorangecat:matrix.org> Big exchanges should relist monero then delist it the next day for infinite fud glitch

ro1m exactly :P

its*

anyone tested serai DEX?

<eddie:oblak.be> is that live yet?

<eddie:oblak.be> maybe I 'm late to the party

idk tbh

so reto/haveno dead for "now".... which service should i use?

serai could be not live yet....

is haveno just for converting XMR to other currencies?

<eddie:oblak.be> btcdwed: get some bitcoin or ltc or whatever, use trocador to swap into xmr

i did that for a while, but regulations rekt me

Why don't you just do XMR -> Coinbase -> Bank

lets talk in offtopic pls

#monero-offtopic

<eddie:oblak.be> ro1m: because it should be the other way around, bank -> coinbase -> xmr

oh, for buying xmr?

<hbs:matrix.org> serai is not live yet and doesn't do crypto-fiat > <btcdwed> anyone tested serai DEX?

<eddie:oblak.be> ro1m: why would you want to swap xmr for fiat

<eddie:oblak.be> the point is to get xmr and then spend xmr

Spending?

I mean, it can be also just an investment. Trading.

yea, both

but spending my daily things with xmr is kinda hard, but possible

<eddie:oblak.be> ro1m: most traders are spending xmr 😂

except rent and some stuff

Not enough people support spending things in XMR

i can buy gift cards-> buy food, things

@eddie: most traders are spending xmr, what do you mean by that

cause xmr has no fiat-off-ramp

<eddie:oblak.be> ro1m: they're trading at a loss

<eddie:oblak.be> it's a joke

btcdwed does visa virtual gift cards support buying in XMR?

they're trading at a loss: I thought so haha

I do a little bit of trading

<hbs:matrix.org> context was RetoSwap which allowed crypto-fiat > <@eddie:oblak.be> why would you want to swap xmr for fiat

Primarily $INTC though.

<eddie:oblak.be> xmr cards , I use it to charge my phone

<eddie:oblak.be> works quite well

Not necessarily cryptocurrencies. Even though the volatility is something I've always found interesting.

via virtual gift cards? i meant card like amazon, or my local food store cards

I'm lost.

i buy a amazon gift card with xmr and spend that card at amazon for item X

<eddie:oblak.be> you can buy gift cards indeed for xmr, then buy your nike shoes with the gift card. It's a proxy, but it works

ah, but the fees will be the end of you.

unless it's fee-free, which I highly doubt

<eddie:oblak.be> it's doable

1-3% + 'what are you gunna do about it?'% usually

yea

<eddie:oblak.be> for a 20 eur phone charge, I pay 21 eur in XMR

thats ok for privacy

<eddie:oblak.be> it's worth it to me

just 1€ :D

<pyratevevo:matrix.org> Some cards are actually at a discount.

"1-3% + 'what are you gunna do about it?'% usually" that sounds like Stripe, haha, they are like "just so you know, we take 50 cents out of every one of your transcations, along with 3%, deal with it kid"

thats how the eco system works rn

It's called freemium but without a choice

you gotta pay for everything :D

most of the time the proxy you are giving your xmr too for 3% is trading the xmr and buying the giftcard from someone else in e.g. LTC/BTC

<eddie:oblak.be> I used to pay pizza with bitcoin, years ago

<eddie:oblak.be> not as crazy as the actual btc pizza day

It's pretty genius marketing though.

<eddie:oblak.be> but still, expensive pizza

<eddie:oblak.be> in hindsight

very expensive

tastes better done private

:P

if you want to save a euro or 2 you could just buy it from the guy theyre buying it from with oranges or apples

<eddie:oblak.be> btcdwed: indeed it's not about the money at that point

Same concept: why do you think wood at Home Depot is expensive as hell?

<eddie:oblak.be> plowsof: if you want to save money you can just use fiat

Last time I checked, wood was wood, not gold.

The margins on wood are probably insane.

<eddie:oblak.be> but that's no why we're here

if you want to save money while spending xmr just use fiat?

plowsof how bad is the GitLab problem?

"if you want to save money while spending xmr just use fiat?" fees are everywhere!

or do the same task your proxy is going to do

The margins are against you.

mo money, mo problems

<eddie:oblak.be> plowsof: no If you want to save money don't touch xmr (or just accumulate)

when bitrefill was offline a month? or two ago - it was eye opening to see all the proxies also severely reduce their offerings

interesting view

"@plowsof  how bad is the GitLab problem?" you were the one who mentioned it earlier, right? About the bounty payouts being delayed?

that question is too incoherent and i would waste too many tokens trying to figure out what yo umean

mo tokenz, mo problemz :D

gitlab. bounty payouts delayed. that is chatlogs pasted into an LLM and ask plowsof a related question

plowsof I thought I was pretty good! But, regardless, what I mean is: iirc you mentioned there being a delay in the VDP bounty payouts?

a vague summary of recent events

hahah

I don't have history, and I apologize for moving the conversation off of pizza and gift cards.

ah yes, i wasnt meant to answer as you where talking about the other bounty department (hackerone)

There's more than one? I just mean in general.

I'm not talking about the spam emails.

*thinking*

....

I'm as confused as you are.

I hate when I ask a question, and I get a response that confuses the hell out of me.

Especially when that response was them being confused along with me. It never ends well.

Sounds like marriage.

i have no purview over the VDP bounty process - but am aware that bounties are paid out after confirmed - registering on the hackerone instance will likely give you a clearer idea of whats going on as people comment on your report and such

Oh, I just meant from my knowledge the wallet is only accessible on a certain rotation, no?

Anyways, got to go

upgrading to plowsof 3.4 model

*thinking*

what?

anyways, bye

I have no purview over the VDP bounty process (including the wallet(s)). would you like some other random information instead?

Understood. That could wait until tomorrow, I'll be sure to ask.

i feel threatened now

he said bye, come on

:P