One of the things I’ve received the most requests for is an article about NXT, aka nextcoin. Billed as the “descendant of bitcoin”, it has set some pretty high expectations for itself. Does it live up to them? Let’s find out.
I’ll start with one of the most essential elements: security. Bitcoin addresses are 34 alphanumeric characters. NXT addresses are 20 numeric characters. The difference might be made more apparent when I show you the total number of possible addresses for each:
BTC: 1461501637330902918203684832716283019655932542976
NXT: 18446744073709551616
Address collisions with bitcoin are all but impossible to occur. With NXT, they are much more likely. Now to be fair, NXT supposedly has some sort of built in protection, such that if a passphrase generates an address that is already in use on the network, it will inform you that you can not use it. That’s great and all, but it only solves half the problem.
One of the littler known things about bitcoin is that addresses have varying levels of security, depending on how they have been used. In order to receive bitcoins, all you need to expose is your address. Your public key is not exposed until you decide to spend coins from that address. Now that the public key is known, the address becomes less secure. This is the reason why it is recommended that an address be used only once. Note that “less secure” still means “secure enough” for right now, but that could very well change going into the future. Because only an address needs to be known by the network, it allows us to do cool things like generate offline paper wallets, which are the pinnacle of secure storage.
NXT doesn’t have this luxury. If you were to generate an offline address and send coins to that address, you do not have explicit ownership of that address. Someone could come along with a passphrase that has a collision with yours, announce his public key to the network, and then have explicit ownership over your coins. This means that to claim ownership over an address, you are forced to expose your public key to the network. As mentioned before, doing this decreases the overall security of that address. You just can’t win. NXT is inherently less secure that Bitcoin. It is a total step backwards in that department. Also worth mentioning is that Bitcoin addresses have a 4 byte checksum that prevents you from sending to an invalid or incorrect address. NXT addresses do not.
Now let’s talk about block generation. The method NXT uses for block generation is radically different than bitcoin. Essentially, the system cycles through all known stakeholders, and if that stakeholder is online, they can generate a block. There are some built in protections, but this implementation is not entirely invulnerable against Sybil Attacks and DDOS attacks, two of the most basic types of attacks.
Since NXT is a pure proof of stake cryptocurrency, there was the matter of the initial distribution. This is the most damning factor of it all, and why I think NXT is not even worth consideration. NXT was the first of the “IPO coins” that we’ve seen so much of lately. This IPO had a lot of issues surrounding it, and closed earlier than initially stated. In total, 23 BTC was raised, and 1 billion NXT was distributed amongst ~70 investors. Amongst these ~70 individuals, the top 10 held 50% of all NXT. This makes it the most centralized and unfairly distributed cryptocurrency ever devised. These individuals each command tyrannical power over the price of NXT, and due to the low market depth, could crash the price on a whim.
With a current market cap of 87000 BTC, NXT is currently trading at a staggering 3,800,000% more than it was initially offered for. This immediately throws up red flags, and reeks of market manipulation. There’s currently 1 billion NXT in existence, and the majority of these are being hoarded by the initial investors. In reality, there’s probably well under 100 million NXT that have been introduced to the market, and even that’s being generous. This means that the price is artificially high, and can easily crash down to zero if an initial investor decides he wants out. In that sense, all the initial investors are playing a high stakes game of Chicken.
How high can the price go before one of them decides to cash out? We’ve seen it happen once already. It’s taken weeks, but the price has finally started to recover. I foresee another dump in the not too distant future. You’ll notice a few individuals over at bitcointalk pushing NXT extremely hard. Make no mistake – these are the initial investors, and they have a lot to gain at your expense. They’ve essentially turned 23 BTC into 87,000 BTC. The caveat is that they need to find enough people to dump onto.
I’ll close this off by saying that there is no such thing as “investing” in NXT. It is better described as gambling. You are gambling that price will go higher before an initial investor decides to dump. Frankly, I’d rather play satoshidice.
Sounds like author is mad he didn’t buy Nxt. Make no mistake, stakeholders have already distributed a majority of Nxt. And yes, I invested in Nxt just recently because of the advanced features you won’t see with other alts, and I don’t think mining with data centers is the future we want. To me, Nxt had very fair distribution and almost all stakeloders sold at 1mil Nxt – 1btc, the creator wasn’t concerned with some huge IPO like every other alt. Check it out and decide for yourself, or continue to be a slave of corporate miners like the author. Nxtcrypto.org
Provably false. The top 30 addresses alone still control 60% of all NXT.
http://87.230.14.1/nxt/nxt.cgi?action=34
How many of those top holders are exchanges? I believe the distribution is amazing, given that NXT is only a couple of weeks old.
Seeing as there’s only 2 exchanges that have any sort of volume… Not many.
The address security issue is a purely theoretical one, as these addresses are in practice 100% secure.
>NXT is currently trading at a staggering 3,800,000% more than it was initially offered for.
Do you own BTC? At the beginning, people were using it literally like gold in WoW in online games. Bitcoin has risen much more than NXT.
> In reality, there’s probably well under 100 million NXT that have been introduced to the market.
That’s 10%. What do you think the free float of BTC is?
>There are some built in protections, but this implementation is not entirely invulnerable against Sybil Attacks and DDOS attacks, two of the most basic types of attacks.
Translation: I have no idea at all, but I know some words.
Either write how you would attack NXT using a Sybil attack (by faking what? amount of nxt held? not possible) or delete this misinformation. The security regarding ddos attack is directly equivalent to bitcoin’s, if you knocked out all pools you could mine new blocks much more cheaply.
It’s sad that your ‘in depth analysis’ is really ‘my 5 minutes with nxt’.
>Do you own BTC? At the beginning, people were using it literally like gold in WoW in online games. Bitcoin has risen much more than NXT.
BTC grew to it’s current value over the course of many years. NXT came out of nowhere, was distributed to an extremely limited number of people, and got a 60m market valuation overnight, with little to no supporting services surrounding it.
There’s really only two types of people in the NXT ecosystem. The initial investors trying to squeeze as much profit out of their holdings as possible, and the frenzied investors who are scared that they’re missing out on the next big thing, and buying into this crap without doing their research.
>That’s 10%. What do you think the free float of BTC is?
Are you seriously trying to say BTC is as centralized as NXT is? Hahaha.
>Either write how you would attack NXT using a Sybil attack (by faking what? amount of nxt held? not possible) or delete this misinformation. The security regarding ddos attack is directly equivalent to bitcoin’s, if you knocked out all pools you could mine new blocks much more cheaply.
NXT works by cycling through what it believes are unique individuals. By nature, this opens the door for a Sybil attack, no matter what sort of preventative measures they try to implement. I linked the wikipedia page specifically for people like you. Please read it.
As for DDOS, NXT is particularly vulnerable to this sort of this, far more so than bitcoin. Hell, it’s already happened. Read: https://nextcoin.org/index.php?topic=1921.0
>It’s sad that your ‘in depth analysis’ is really ‘my 5 minutes with nxt’.
I understand that you’re a NXT holder and that I threaten your investment, but please… Spare me the nonsense.
how does NXT now being open source play into all of this? clones coming?
Expect many clones to come once people are done picking through the source code. A properly managed, well done fork of NXT with a fairer distribution I would say stands a decent chance at penetrating the market. There’s really nothing unique or special about NXT. There’s little infrastructure built around it. Given how centralized NXT is, I could definitely see people rallying behind a fork of it.
Nothing special? First POS currency, 1000tps, decentralized exchange, markets, and voting. Borderline troll stuff here.
And those are all features that a fork of NXT would have. Are you truly this daft?
The main feature that a fork of NXT would never have – is developers and community.
I wrote a longer post in response to this based on a snippet posted at Bitcointalk. I’ll paste it below, but since I was responding to just one short quote I didn’t address many of the things you brought up. With respect, I think your analysis is a little shallow, even though your criticisms are fair. Contrary to your view, Nxt is NOT vulnerable to Sybil attack (if you know of a method to pull this off, I’d love to hear about it!), and while there were effective DDOS attacks in the early days of the network, these were actually used to develop methods of overcoming them that are now built in to the code. A longer-term project, called Kharon, proposes to protect the network using neural-net AI.
Your criticism of the addressing is ALSO fair, but I believe this was a problem that BCNext left for the community to solve.
As of tonight (January 24), Nxt is exactly eight weeks old. It has a LONG way to go, but the length its come is admirable. I don’t know yet how it will all turn out, but I’m willing to invest some time and energy to see. I AM a Nxt stakeholder, but I’m also a Bitcoin enthusiast. I have nothing to gain by bashing Bitcoin, because it has made Nxt possible. And if Nxt crashes completely, some of its more interesting innovations will survive and appear again in somebody else’s crypto, or maybe even on top of Bitcoin.
As long as the overall yardstick is moved forward, it’s a good thing. So I’m actually really glad you’re looking at Nxt and offering a critique. Don’t let other folks’ emotional reactions bother you at all.
Anyway: here’s the full text of my Bitcointalk post, which specifically addresses the security of addresses. https://bitcointalk.org/index.php?topic=345619.msg4722598#msg4722598
*EDIT* I just read the rest of that fella’s post and realized I only scratched the surface of his “in-depth analysis”. I welcome the debate, because criticism is healthy, but his accusations of Nxt being vulnerable to Sybil and DDOS attacks show his knowledge is quite shallow. Some of his accusations are fair (distribution will always be an issue, but it’s a tired old argument in the face of data like this [bitcoinrichlist.com], which shows Bitcoin faces the *same* issue) but on the whole, it’s just ignorant. And I’m not using that word in a “mean” way — he just isn’t as “in-depth” as he claims.
Please check your facts.
NXT coins addresses are 256-bit. Bitcoin addresses are 160-bit. So chances of random collision with Nextcoin is far lower than with Bitcoin.
BTC: 1461501637330902918203684832716283019655932542976
NXT: 18446744073709551616
This publicly displayed Nxtcoin address only shows first few bits. The rest of the bits are hidden but they are still there. You can’t spend someone else’s coins if you just by chance get the same first few public bits. You will get error message, but you cannot spend that person’s coins as the rest of the bits that are hidden in GUI would be different. The complete (address) 256-bit, higher than Bitcoin’s 160-bit is required to spend the coins.
Yes, if someone makes exact same passphrase, then they will get all 256-bit same, but the solution to that is easy. Make a long random passphrase that would be impossible to brute force or get a conflict by chance.
This doesn’t fundamentally change the fact that real (hidden) address for NXTcoin is 256-bit — longer than Bitcoin’s.
You are never going to get a conflict (or brute forced) as long as your pass phrase is long, random and secure.
Actually, what I posted above comes straight from the source:
http://nxtcoin.blogspot.com/2014/01/nxtmyths-5-unsafe-password.html
They clearly state that “Nxt supports 10^77 different account numbers”
2^256 is about 10^77
That’s 256-it — much much higher than Bitcoin’s 160-bit. The difference between 256-bit and 160-bit means 2^96 (big number) more addresses for Nxtcoin
False. You are confusing the public key and the account number. They are not the same. The public key is 256 bit long. And yes, there can be 10^77 of these. But there can only be 18446744073709551616 total account numbers that refer to these public keys. That is the limiting factor. After that point, every single new account created will have a collision, and be unusable.
Here is how it works:
SHA256(secret_phrase) gives private key.
Curve25519(private_key) gives public key.
SHA256(public_key) gives account id.
First 64 bits give VISIBLE account id.
So that visible ID can be easily increased in future software tweak as it’s just first 64-bit of account ID.
However, there is absolutely no need or urgency to change anything. There are no security implications for the original user if there is a conflict and 64-bit is not a small number.
If there are 8 bilion humans on earth, each of them will have to create 2 billion accounts each …
Plus the visible part of account ID can be increased with one line of code.
It’s not even an issue.
I’m fully aware of how it works. The point is, if you wanted to use an offline address (a paper wallet) you would be forced into using only 64 bits of encryption due to how the address system works. 64 bits is not a suitable level of security. The developer behind Electrum has made some great posts in regards to this very topic. Not directly in the context of NXT, of course, but just 64bit vs 128bit.
You either didn’t read, or didn’t understand. The issue I describe makes it impossible to securely use offline storage. In NXT, your coins are less secure while offline. This is a very poor design decision.
You the man Hazard! community? what community are they talking about? all coins have a huge spike when they first come out. Nxt had a big day…39 people. crickets…crickets…NEXT! Yes sarcasm NXTers, a poor mans wit, but only a nitwit would buy into this scamcoin!
Excellent post Hazerd. Most of the current coins are not more than pyramid schemes. As you said NXT went from 0 to 50 mil in matter of days.. Plus you couldn’t buy the coin anywhere except from nxt`s own exchange. So security is flaky, no services, no real exchanges until recently (once it got cap of 50 mil) and yet 50 mil? Someone even said that the towers would buy and sell to themselves on the exchange seeing there was no fee to pay. So they created a lot of activity whilst it was just going back and forth to the owners.
Well you don’t go as in-depth as you say. If you had taken the time to look at the numbers you would see that distribution of nxt not that different from bitcoin.
How is NXT distributed?
28.9% is owned by 0.07%
21.5% is owned by 0.14% : 2x
24.8% is owned by 0.55% : 7.9x
20.7% is owned by 99.76% : 1425x
vs: Bitcoin
28.9%: 0.005%
21.5%: 0.087% : 17.4x
24.8%: 0.98% : 196x
20.7%: 98.928% : 19786x
http://nxtcoin.blogspot.ru/2014/01/nxt-myths-2-very-fair-distribution-of.html
More falsities from the nxt camp… The majority of the “rich addresses” in bitcoin do not represent single owners, but cold storage accounts of exchanges and other services that have to hold thousands of people’s money. NXT can not say the same.
Nice comeback. I have only recently gotten into crypto so I have still much to learn. Out of all that altcoins nxt pts and ethereum seem to be the most interesting since they are radically different from bitcoin and therefore in my opinion have a greater chance of success than the other clones.
The initial distribution of nxt seems to be its weak point, but with pure pos I don’t see how they could have done it differently. It is a risky coin, but isn’t it a very interesting one as well?
Initial distribution with PoS is a tricky matter. While it certainly is up to debate what the best method would be, I will go on the record by saying that an IPO that closed early with only 72 people involved is most definitely NOT the proper way to handle it.
Personally, I’d love to see an IPO of sorts that destroys bitcoin and converts them into the new coin, by sending them to a non-existant address. Of course, that’ll never happen. All these IPOs are greed driven.
If you spent months trying to write code like this, would you really be whiling to ask people to invest money and throw it away?
Capitalism at it’s finest!
the biggest nxt account is also an exchange
Wow, 1 exchange… That really makes the distribution better… Not.
did i say 1 exchange , i dont think so i only said that the biggest acoount is an exchange an that amount belongs to a lot of diffrent people
It doesn’t change the overall distribution at all.
So Hazard,
How much NXT have you bought so far…. the masses are speaking
Zero.
Hazard did get some free NXT but wasn’t that happy with the amount he got, so he decided to write an article about it.
Hazard if you had any credibility left it is all gone now.
Nothing to read here.
Haha, what?
Hazard is right, NXT is a scam. Rich people trading money and pumping the value as much as possible before the government shuts them down. These are not new, but age old scams from the earliest days of the stock market. (although not with the draft of Bitcoin pulling the suckers in)
I feel sorry for the poor suckers that are not rich and go all in on this sort of thing. I don’t own any nxt either, one of the worst investments possible. You can always tell by the number of shills *exactly* how bad it is. This one is epic… (that and the centralized distribution, and I trust hazard on the tech stuff) Full disclosure, I also review cryptos, and I have had some trust issues with a coder reviewing coins, but Hazard gets more crap than he deserves. Especically for exposing the truth. (He is right about feathercoin as well, lol…)
Don’t feel sorry.
I’ (and a lot more people) made a lot of BTC/money from NXT and I got my initial investment out already
Great short middle-long opportunity, just trade with caution and get your investment out a.s.a.p.
They do have some nice tech though and whatever survives, a lot of their innovations seem promising.
‘Full disclosure, I also review cryptos…’
So you say. Where’s the proof?
Real experts are never so categoric in their assessments as you and Hazard are being. The truth is that at this stage it’s still far too early to know with any degree of certainty what will happen.
Best advice: only invest (or, if you prefer, gamble) what you can afford to lose and that goes for bitcoin and all the other cryptos as well.
Oh and when doing your due diligence check out the expertise of the so-called experts. They may not be so impartial as they seem
You can always tell by the number of supports how bad it is?
So isn’t Bitcoin the biggest scam of them all the coins because lots of people support it? Not the most logically statement ever…
I really love Nxt! The possibilities, features and the great community will take Nxt very high in cryptocurrency land. I don’t agree with the author of this article. Just have faith and be active now the price is low.
First, thanks to Hazard for this article. All publicity is good (specially the constructive criticism) and I appreciate that it went deeper than many articles I’ve read. Some objections are correct, some are incorrect. Should be said that they were already addressed on some specific nxt threads but not yet implemented or refused as invalid:
1) Public account ID – yes I agree it should be much wider to avoid confusion between two accounts. I’ve addressed this as soon as I’ve started with NXT. This can and should be improved within NXT and I assume it’s possible. Anyway so far I didn’t experienced any conflicts reported by NXT users but it’s a valid issue IMHO.
2) Distribution – during the beginning I had similar feeling. But after some time and comparison with BTC numbers NXT is total winner here (even in this very short time) related to distribution. Can be proved with numbers if you wish. And I’m even quite surprised how NXT distribution waves went very fluently. So very optimistic here.
3) Security and vulnerability – some DDOS attacks were experiences during the past and as written above much improvements (and security related projects) are experienced from week to week. So NXT also superior crypto candidate from this point of view.
4) Related to investment – gambling it can be but no more gambling than BTC or other cryptos. So “don’t put your savings you cannot loose into crypto” is still valid statement.
Anyway thank you once more for this article. I appreciate you did some homework here but still not all of your arguments are precise / up-to-date enough.
I’ll admit there are some interesting points brought up but I also believe that there are valid reasons why Nxt is doing well and that it has a lot of potential, it’s significantly more energy and cost efficient, and you make interest on your loan from transaction fees and fees earned by other services powered by Nxt, and transaction confirmations can be faster.
Also the reason why the initial investors have only sold about half their coins, is because they all believe the price will go up, because they believe it is or will be worth more in the future.. not a game of chicken. Do you really think they wouldn’t be slowly cashing out more and more if they thought it was going nowhere. They actually believe in it or else last time the price tumbled from 0.00012 to 0.00003, wouldn’t they have all cashed out, out of fear? No.. some sold some bunch, which helps redistribute it but many held onto some because they believed that it would be worth more in the future.
Security is a potential issue but at least people have now looked through the code, there are propsed solutions to the DDOS attacks.
Obviously I’m a believer in Nxt but I guess time will tell.
The security level is higher than 64-bit . Please note there are three things:
(1) private key (same as bitcoin)
(2) public key (same as bitcoin)
(3) Account ID (bitcoin doesn’t have it)
It goes like this:
(1) SHA256(secret_phrase) private key.
(2) Curve25519(private_key) public key.
(3) SHA256(public_key) account id.
Now if you brute force 64-bit from step 3 (account ID) by doing something like this:
SHA256(random public key)
that will give you some random public key that hashes to account ID (first 64-bit)
How are you then going to find the private key of that public key without breaking Curve25519 (which I assume is 128-bit) in step 2?
You aren’t even reading what I’m posting. Let me put it in big bold letters for you:
OFFLINE WALLET SECURITY IS LIMITED TO 64 BITS DUE TO THE NATURE OF HOW THE SYSTEM CURRENTLY WORKS.
You don’t need to break a private key, you just need to find another private key that has a collision and announce it to the network first.
Great analysis! Thanks. It’s fun to buy low and sell high with about 50$ of nextcoin. Other than that a java client always reeks of garbage implementation.
There was so many issues about NXT I left out just because the article was over 1000 words already.. Ponzi scheme involvement of the developers was one, java was another… Can you imagine if this shit ever went mainstream? Oracle would be tripping over themselves trying to claim ownership over it.
Java is a programming language. Oracle does not own it. They own Java libraries, but before Oracle bought Sun micro system, most of Java libraries were released under GPL
http://en.wikipedia.org/wiki/OpenJDK
Most popular sites (ebay.com, Hi5.com, Amazon.com, 99% of bank sites, including most likely yours) run on Java on server side.
If Amazon can do billions of dollars of sale on Java based site (server side), why do you think Java is bad for NXT?
Java as plugin (for web applets) is bad with security holes, but that is not what we are talking about.
There is nothing wrong with Java as a programming language — and oracle does not own a programming language.
It was pretty smart to write Nxt in Java as it can be run on any machine (Max, Windows, Linux) without recompiling for particular platform.
Besides, you can create C++ native clients that can communicate with Nxt server . That is already happening. We will start seeing native Windows/Mac clients. The server side in Java is just fine.
They think they do.
http://en.wikipedia.org/wiki/Oracle_v._Google
I am not familiar with exact facts on Oracle vs Google, but you can run software written in java using OpenJDK (GPL license) without downloading anything from Oracle site.
Java is a programing language, like C++, or C.
Orale owns some library code and Java web browser plugin (with all the security holes) but Java is also a programing independent of Oracle
Anazon, Ebay and 99% of banks all run on Java (server side) even if you don’t see it on your side on Webvrowser, on server side the pages are generated by Java servlets.
http://en.wikipedia.org/wiki/Java_Servlet
Seriously….
Jan. 24:
“One of the things I’ve received the most requests for is an article about NXT….”
Great. I am actually looking forward to learn about Nxt.
Jan. 28:
“There was so many issues about NXT I left out (…) the article was over 1000 words already.. Ponzi scheme involvement of the developers was one, java was another… Can you imagine if this shit ever went mainstream?”
You have wasted my time. I will never return to this site. Comments made me check out Nxt myself, and you are either trolling for some reason or straight up stupid. Read up on the topic before posting an “article”, please.
I would like to thank the commenters for making me check out Nxt for myself.
Good for you, buddy. You stumbled into the maw of the beast and were fed a mouthful of NXT propaganda from it’s largest holders. Now be a good sheep and give them money.
If you want to read articles that talk nicely about every garbage cryptocoin that comes out, then this website is not for you. Goodbye.
Ok so I made my money off of nxt and thats all great but really I was there when the price started shooting up and it only happened because the only exchange at the time dgex, started to cap how you can bid. You were only able to bid +/- 30% of the current bid (or avg bid over the day; something like that) so it was extreeeemely easy to manipulate the price at that point. Im not sure if they still have this cap but putting something in effect for altcoin exchanges you will see how easier they can be manipulated. Im surprised no one has mentioned this. Also plz excuse the grammatical errors writing this on the phone.
I understand this article completely. Great analysis Hazard.
After giving NXT coin the benefit of the doubt I tried NXT coin for a couple of weeks.
There is no way you could forge a coin by jumping into NXT without spending huge amounts of cash.
Plus the ‘fees’ will ALWAYS go back to the original stake holders or should I say accounts with high amounts of NXT in. The NXT will pyramid and spiral back to where the high amonts of NXT are. This is just trying to make the maker and founders rich.
The best thing is they can sell the NXT over and over, because it comes straight back to them through transaction fees. Palming off just the right amount of NXT so it can slip right back into their wallet through the fees. This is centralized, they control it. Anyone that cannot see that should really take a look how it works. Maybe check the addresses that are receiving the NXT and their balances. In fact most move their NXT to remain anonymous, though you can still check how many tokens/coins that address has received.
You will see founders/high NXT investors tell you this is not the case. You should learn how it works yourself.
So good luck if you still believe NXT is the way to go, thats fine. Though just remember that you’re making someone richer.
Now go invest in some NXT.
Nice article, well written.
Great discussion for the most part.
I have been looking for more information about NXT as I was skeptical about this coin. What made me even more skeptical is how hard some people try to push NXT to the masses.
My main problem with NXT is the whole IPO thing. with BTC the generation of coins is gradual and predictable while on NXT it was a huge bump of 1bn coins into the market with 1 genesis block. I might now know what I am talking about since my economical experience is rather limited but I think if you suddenly push all the coins with 1 click to a limited number of users that could spell disaster for the near/mid future of the coin.
P.S: I have a thing against all the IPO-based crypto coins.