What a terrible leak - med records and marijuana use, especially in some circles - could be very useful blackmail material. :/
For the same reason, health & wellness apps are not generally covered by HIPAA, and in fact quite a few of those exist solely for the purpose of selling medical data to data brokers. Especially ones related to women's health.
[0] https://www.hhs.gov/hipaa/for-professionals/covered-entities...
(new account online, new coinbase account online, stuff new account with cash, transfer to coinbase, transfer onchain, swap to monero, wait, access all with new mac address, new wifi, new browser session, or Tor if the services allow)
daily reminder that KYC is a joke, the institutions and enforcement agencies that think it works, don’t know when its not working as long as a real id and ssn and address is used
This isn't meant to be a gotcha or a takedown, as I appreciate that you're one of the few HN users knowledgeable about crypto who isn't a shill or dismissive of crypto out of hand.
For those who aren't familiar with this industry, there are folks whose job it is to solve these problems with KYC being less effective than it ought to be. Many work in industry as devs, and many do the same as part of the Department of Justice or an affiliated agency or approved third party contractor. There are relevant working groups that bring all relevant parties together for operations. I don't want to assume that you don't know this, but you should not make it out like crime is easy, or that it pays. That said, government salaries are criminally low across the board. I can only assume the private sector of this niche pays better, as it can't very well pay much less than the public sector. Why this is the case is absurd, as it is mostly to do with pay scales and levels, and the near-impossibility of paying workers more, even when it's ready money that is already allocated.
the baked xmr funds are once again swapped into virgin addresses that all buy your memecoin, with your clean funds you sell your position into the liquidity pool of the pumped coin
it looks the same as any other launch. are they bots, are they retail degens? who knows, pay capital gains tax and move on.
you can modify this by having the virgin addresses with dirty funds launch and pump the coin too, as long as your clean address buys near the beginning and sells into liquidity
this can all be scripted and done with unlimited amounts, a “bundler” can manage many virgin addresses with a nice GUI now, specifically to be multiple buyers and sellers of a launch
you can unlink your clean funds in less (or equally) restrictive ways for other reasons and privacy, but its clean enough to pay taxes on and be free and clear
The liquidity pool will get you back into mainline cryptos, but then what?
Sidenote: The GP's point was an Aha! moment for me about memecoins. I never got why anyone ever bought into these at all, but money laundering makes perfect sense.
but one thing you’re missing is that people dont know which ones will be money laundered - or attract gobs of capital for unknown reasons - and go up in price wildly. so people play at all levels depending on their risk appetite since the profits from a coin being pumped are so wild.
these things launch with a marketcap in the low thousands, and run to marketcaps in the millions and billions for tens of thousands of % gains. its what retail has always wanted from the IPO market, but instead of waiting decades for every rule to slowly change with no sign of the private sector using those rules, they have the crypto ecosystem now and its been a hit.
as far as financial market innovation goes, the liquidity pool code is pretty novel and an active area of research and competition, a candidate of something to graduate to - or intertwine with - the traditional markets
I appreciate your explanation for me and for everyone else. I’m glad that crypto is being legitimized. It’s a cool technology and I think it should be profitable because it’s a technology whose time has come. I think its usage for money laundering is unfortunate, but ledgers offer introspection that is an opportunity for enforcement. I think it’s just another cat and mouse game, same as it always was. Most folks aren’t doing anything underhanded and just want to use the technology to do cool things. The law is catching up, but it had to be dragged to the table. This should have happened years ago in my opinion.
I think the previously hostile regulatory environment has caused a lot of innovation, that is more resilient and useful for capital formation, new sectors, industries. the cryptosecurities market in 2012 was really ghetto, the ICO market in 2017 was baaaad but working around securities regulations since registration+liquidity was impossible. 2024’s pump.fun should be for entertainment only, but it does standardize the token issuances in ways that werent there before
the bad stuff should be ignored by consumers or cleaned up
but at the end of the day it will always be up to consumers and investors to be more discerning, for critics to criticize bad organizations individually instead of indict all of crypto when something goes wrong. the lack of discernment allows for most bad actors to act with impunity, and encourages the ones that do eventually face consequence
Like the thnickles guy, for example. Good old weird internet salt of the earth folks. I don’t even know if he’s associated with crypto, but the more people doing neat things as investments, the weirder the internet gets, and I’m more or less okay with that within the bounds of reason and complying with applicable laws and regulations.
For the uninitiated:
Uniswap’s liquidity pool concept changed crypto forever and there are infinite code branches from that at this point. Pump.fun is a homegrown version of the same blueprint, with scripted automation and gamification built on top of it.
What used to be separate processes and cost teams tens of thousands of dollars to code and review (creating a token, getting it audited), is now rolled into a click of a button for pennies free.
Pump fun creates your token, fills it in a liquidity pool, initiates the initial purchases for price discovery, and locks the dev into a game where the it stays in the pump fun smart contract until the token hits a certain marketcap, then it transfers the liquidity pool (which is a bearer asset itself) into a more open trading smart contract called Raydium. This is an important goal because people provide liquidity with their own capital to raydium liquidity pools, increasing the collective respect and liquidity depth. These marker makers earn basis points from trades through the liquidity pool. (I so wish this was available on the stock market, coming soon I hope). Pumpfun keeps all their trade volume earnings to themselves.
Look at how much pump fun has earned over the past year. Launchpads are lucrative.
https://www.cnbc.com/2025/07/02/openai-robinhood-tokens.html
They also are doing a lot of stuff with prediction markets, which is pretty interesting even if I think the issue there is one of deferring trust to an oracle, but that’s kind of the gambit with most gambles, so it sort of comes with the territory. I think there have been some bad calls by oracles there, and I think there’s a brand risk to Robinhood if RH users identify strongly with the RH brand when placing prediction wagers even when they are outsourced to a third party.
https://www.theblock.co/post/367417/robinhood-launching-spor...
A step in the right direction, more competition needed, liquidity pooling this way will be so good
In fact its more like every unincorporated idea and general partnership and incorporated business all thrusted into visibility and publicly traded status all at once, right along side private equity backed corporations and ones that have actual institutional underwriters and IPO’d, issued and trading 24/7/365 with no circuit breakers or halts of any kind!
If the respected traditional market didnt have its layers of filtering via syndicates and the exchanges, it would look just as scammy
you can filter for stronger crypto projects, more consumers and investors simply need to, and crypto skeptics need to become more discerning to levy a more equivalent standard
can take a few minutes from liquidity pool to your bank account, to a few hours. several days in the worst case.
Bullish's $1.15B in IPO Proceeds Entirely in Stablecoins in Public Market First - https://news.ycombinator.com/item?id=44957496
its been like this for over a decade.
you can get out of volatile coins and into stablecoin onchain.
you can buy goods, services, and investments whether with the volatile coins or with stablecoins.
stablecoins also have a redemption mechanism, so when you move them to an exchange, the conversion isn’t “selling for usd” (which has a fee) its just redeeming them for free. Coinbase can take USDC straight to your bank account for example, removing one step.
when I was running a small hedge fund half a decade ago, our third party fund administrator could take investor funds in crypto for us that would be accounted for on our books in usd for further investment.
a lot of crypto ETFs are taking funds in crypto right now too, there is a tax advantage that Bloomberg wrote about a month or two ago
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing SSNs, and other internal potentially sensitive information.
Anyways, there are a LOT of little fly by night outfits that "help" you get a medical card in many states. It's a joke, and all it does is empower the same type of person who used to be a pill doctor to rent seek, and it's not at all a surprise one had poor data practices.
Then it's a societal choice between the benefits of easier access to it for medical use (non-OTC drugs are harder to get when you need them) plus lower burden on law enforcement when it does not have to deal with this anymore, and the opportunity cost to society when some people don't use it responsibly and waste their chances. I see positives and negatives for both choices.
(I don't believe other drugs being legal is an argument, alcohol and tobacco wouldn't be legal if discovered today but because they have widespread use it's impossible to forbid them)
Citation needed on that one.
I don't have strong opinions on this, I was mostly a bit triggered by the parent's comment weird theory that "cannabis was only forbidden because of criminal big pharma". (I assumed "only reason" implied that they thought it was a safe drug without side-effects or risks; all (medical/non-medical) drugs have side-effects and risks so not being 100% safe isn't a reason for banning by itself, but that's a factor in the risk/benefit balance).
I think they meant more that the negative effects don't seem that big because most people are ok even with such a large proportion of people already being experienced with it.
> triggered by the parent's comment weird theory that "cannabis was only forbidden because of criminal big pharma".
I don't believe it was either but I'm not sure your counter evidence really works. The science that you alluded to about long term effects all significantly post-dates the ban so couldn't have played a role in it.
Basically, they only pretend it's "medical" in order to gatekeep and rentseek care. Since they are interested in profit rather than actual services, their systems tend to have many issues.
I mean, fun story time; back in 2014 my dad's house was broken into, and among other things they stole was a bottle of a benzo, and while most of my dad's medications were untouched they stole his blood pressure meds.
As I was opining this to a colleague, another employee that was within earshot explained that no, for certain things it can 'enhance' the high... go figure.
(Sadly mostly through dealing with others navigating it, in case anyone is jonesing for judgement.)
Those same people are the ones contracting out these systems with local governments.
I'm all for freedom, but there has to be some limits to protect the general public from complete marijuana anarchy.
If the dots are connected they will lose their jobs. Full stop.
I think I wasn't clear, I wanted to know which database system people were using (i.e. Postgres, Mongo, etc). You can't even run Postgres in a container without a password these days, how could someone do a whole production deployment without a password.
And that should be treated as a massive liability, where one breach wipes out your company with lawsuits. And the wronged parties can go after the assets of executives and maybe even investors, due to willful criminal negligence.
If there's any justice, the "greed is good" techbro industry will finally be told that the sociopathic combination of systemic surveillance/stalking and gross indifference about even basic security is over.
hacker_yacker•5mo ago