Cypherpunk Labs, hard truths, and exposing lack of journalistic integrity
This is a response story in regards to the following story about me.
A journalist should spend time to investigate the full story before jumping down and writing an article with misinformation. I had planned to release an article at the end of the week discussing what went wrong with Cypherpunk Labs and the other “cofounder”. But since CasPiancay decided to not contact me about anything or inquire when i would be publicly disclosing things, let’s go over some information.
First and foremost let’s take a look at sources, in this case Henrik Andersson, aka LordKek, aka flatearthhacker, aka the “cofounder”. Now, the source of the information comes from Telegram. Lets also not forget that a user can delete messages and such that you send from one to the other. If you need to read up on that you can find that here. Several messages sent to me from him have been deleted including images. So before we begin further discussing these items, let’s look at what happens when you only get partial details and not a full scope. Again, at no point was I ever asked anything prior to Cas writing the article, also note Henrik never asked for records from anything other than business filing which will be covered. Note the reason my name is in quotes is because of bad journalism performed by CoinTelegraph, this information can be found here. Similar to Cas’s article, they did not reach out to me.
The pattern in today’s journalism is that there is a lack of thorough research and I used to believe Cas would do just that, however he has proven in the case in which me and a mutual he refused to inquire directly to the other source. This implies lack of journalistic integrity. For that I am about to expose the realities of Cypherpunk Labs and the lack there of any effort from the other “cofounder”, who by the way refused to ever be a part of anything other than the site. More on that later.
Cypherpunk Labs began as an experiment per a direct messaged received from me by Henrik on how to make supporting Tor easier in regards to an article about bad exit nodes. This was a great brainstorming exercise, between the two of us some ideas went further into well how could this be done. This all occurred on a Wednesday, by Thursday I had already begun talking to Henrik in depth and working on some code I written years ago about taking some transactions and using confirmations as a trigger to do “something”. Now, this code was written in Perl back in 2013. I decided to rewrite the same process in Rust. To which this was done, Henrik was to own and do the website I would take care of any and all backend work, the notion of a vending machine was coined by a friend of mine I had discussed the idea with.
We launched on that Friday August 14th, with a simple site and PayPal only support. The site was very basic and that was fine the goal was to get the Proof of Concept out there. We received our first order from a friend of mine on the 15th of August. On the 18th of August we started accepting bitcoin, also from someone that I knew and that transaction can easily be found on the blockchain by looking here. This is where things become very interesting for the story and this is where “red flags” for Henrik should have been dealt with then but were not.
As we began to gain traction, it is important to remember I was in the process of getting this to be filed as a company but I had contacted an attorney to do registration I have used in the past, there was complications with a number of things that I had to deal with. Now, you may ask why I had to deal with them and not with “cofounder”, well Henrik refused to be publicly involved and refused to be a part of any of the discussions, this would be a trend that carries throughout . The complications were first related with me wanting to put down a cofounder agreement between us, to which originally on the phone Henrik did not want to be a part of. However, just as he often did he would change his mind. This would be a recurring theme, also note that these things cost money and so do running servers. To which all came out of my account, not Henrik’s also important to understand as we proceed. Will cover the filing later, first let’s cover the servers as that covers majority of the issues Cas wanted to improperly report on without doing any research or asking me for any information and literally took things from face value from someone that it was “not their problem”. Understand that there is two sides to everything and I will spend this article demonstrating just that. The only thing I ever spent company money on was my phone, since I had to literally deal with everything and was on calls, zoom calls, and et al for hours a day and was not using it for personal reasons and was all business this is more than fine to do. So for the entire duration this would be a cumulative $416.00 including this month.
Nothing in life is free, especially in cloud networks. You often pay for bandwidth, cpu, and disk. This was also the point of us first using OVH, and no one else. However, as best practice with any network or service never put your eggs into one service provider. This is because sometimes there can be issues such as outages on their end that could wreck your entire service and cause an extreme inconvenience on your customers if you are starting a company or running an application, ask anyone in the industry. Also running your own infrastructure has extreme costs and overhead as you will need dedicated server space and network. This is just the cost of doing things, cloud service providers provide an easy to entry model on this. OVH was our best bang for buck, this was a great start. As mentioned previously we needed to reach beyond one provider. So Digital Ocean became the choice because reasonable price and bandwidth usage. Important note here, OVH provides unlimited bandwidth but at capped speeds. Digital Ocean does not, this was something I failed at researching. Mistake on my end.
I began launching servers in Digital Ocean as well as OVH, this allowed us to be in multiple regions and not just isolated to the United States. OVH does offer international server hosting, you will need to KYC to them and you need to be in the region or go through an extensive approval process. It would have been easier if the “cofounder” had helped here, but refused, so I had to apply and it was told it could take a week or a month or two to get approvals as it is up to the provider. Also note we are a small project at this point and there is other discussions going on as I utilized my personal relationships with people in the industry to get those conversations. Going back to international OVH, the other “cofounder” refused to KYC to allow that to happen and ease that. Which posed a serious concern I had later realized after further research on Digital Ocean after servers were launched, you are responsible for overages on the cap. In our case this was 1tb on some and 2tb on others. This may seem like a large capacity, but if you understand how network services actually work this is not much. I will go over that in understanding what exits and relays actually do later on.
As we began to grow and splitting capacity into OVH and Digital Ocean for the customers things were good at first. Understand, that OVH does their billing in the sense that you pay for X and you get X. Digital Ocean is a start service and pay as you hit certain limits they put on the services. In a nutshell when some condition like bandwidth usage is met you are billed. This is great, we got everything under control, but I should not use we here, as again the other “cofounder” was simply only working on the website and refused any and all other responsibilities. As this goes, let’s break it down real simply, each crypto payment would be converted via Coinbase and then sent to the account so that we could pay for more services. At this time, it was on my personal account and I stopped using that BofA(Bank of America) account to be specifically for use with business so that there would be no issues with accounting and auditing of it. Understand that this is not spot selling, but market selling. This means that when you send to sell, you are losing fee, plus the fee of the Coinbase service, and transfer fees to your bank. As well as delays to get there based on whatever they choose. If you have used Coinbase before you know it can say next day but it can take several days. It has gotten better in recent weeks from what I have researched but Cypherpunk Labs has not sold a server since early October.
That being said at no point is the other “cofounder” responsible for any of the tax liabilities, fees, or issues. However, he was asked to help as the account would be depleted as we spun up servers or get hit with bandwidth costs. In comes the real fun, DDOS. As any Tor operator will tell you and you can again quickly look this up, tor services and nodes get DDOS’ed quite a bit. There is a cost for this once it goes over your bandwidth cap on Digital Ocean. While it does not seem like much, $386.47 here, $481.44 there, and $496.84 hits are just a few that we got for some attacks. Where as on the OVH side total even to this day in cost has only been $1272.22, excluding the cost of $452.25 I paid on Sunday. Again going back to the costs, let’s also consider that total Digital Ocean costs have hit $2,400.69 and we are no longer using them and all balances closed. So let’s now do a little math on this so that means that we are at a grand total of $3672.91 in server costs from purchases and operations of running our exits for paying customers. Let’s now take a look at the other cost of operations for the company per month which were only $141.50 total for infrastructure, site, a few hidden service projects and we are looking good. Now let’s add up a few servers that were “needed” by the “cofounder” to which we originally paid for which totaled around $885.72 for setup and pay, to which he shelled into once. Also important to note that one was requested originally in another region and since he never would help out by KYC’ing to OVH this transaction was later refunded. Again so lets add that into the equations and we are looking at this for a total on server costs: $4700.13. Again, had anyone(even Henrik) actually asked me I would have went over this and all of the invoices but the “journalist” / “whistleblower” did not do their research and have the data, because the source was not the source of this information and was not directly involved in most things.
With selling of any commodity such as cryptocurrency there is a tax associated it with this process. The same applies for sales and making sure that you have this information for audit and taxes. There is also a few other factors to consider with converting one type of cryptocurrency to one that is able to be converted through a service like Coinbase to fiat. One there is a fee and often times there will be a KYC process, I was responsible for this and as always I had to KYC and manage this. These services like Changelly often take a cut, now there are ways to do this without a cut however, we have to stay legal on the tax side. The average tax for a commodity sale can be between 30–35% as you are market selling and not spot selling, For this section let’s just do a flat rate, 30% and we know this has to be saved. After doing all the books and checking everything that went to Coinbase and was made into cash, I received $4,723.60. Out of this total, $1417.08 was placed into savings for the taxes to be paid when I get the 10–99 from Coinbase next year. No matter what the taxes have to be paid and that is unavoidable when using these KYC services that you would for your company. Net crypto: $3306.52
Let’s move on to PayPal so we can get some full disclosure going on here, so total inbound from PayPal was $1,235.08, sales tax was already deducted from this thanks to PayPal, however, we will need to keep a 30% reserve on this for tax purposes. This total comes out to: $370.52. The net from Paypal then becomes: $864.56. We also need to make sure that we deduct our total sales tax from the crypto sales, as that too is required as part of this whole project to as we need to be safe and it is not from the net, it is from gross. Mississippi state tax is sales tax is 7%, so the amount from the crypto is: $330.65. We now have a good idea of what was made and spent, so lets break this down. We spent a total of $4700.13 on servers and after taxes we $3840.43 in revenue split up over the time so that leaves us with -$859.17 and we are not done just yet. We also had another crypto purchase that had to be made for an illustration so that becomes another $200. We are now at -$1475.17 for funds in the company. Also note, for each time negative hit over these periods the account was deducted an additional $35.00 per overdraft, but that is neither here nor there. Let’s keep going shall we.
When you begin working with someone on a project there is a clear understanding of roles, the role of a cofounder is that you both work for the success of the project. This includes some burdens in financial, time, efforts and the like. This is not an easy road, at no point will you be enjoying the good life without sacrifices that are ahead of you at any point you start a venture. There are always that first day of yes let’s do it! There are also days and weeks of being downtrodden and disappointed in some failures. This is the roller coaster of being in a cofounder position. It is important to understand that there is also a trust that needs to happen within the cofounders in order for it to be successful. There also needs to be some equal workload handling and dealing with the ups and downs. This is where public ownership and teamwork comes into play heavily. This is where things get really interesting at Cypherpunk Labs.
As you all know, I have long been the face and the voice of Cypherpunk Labs. Since the start the “cofounder” Henrik refused to be publicly involved and or involved in any of the meetings with regards to the project. At first, I just thought this was for the anonymous aspect and I respect that as we knew each other and I trusted that this would not become an issue in the future. As the weeks went by he increasingly would not be involved. This ranged from not wanting to join calls with anyone, or any organization. This also included not being known in GitHub to be associated to the project. This should have been a red flag and it is to most other founders, this is important when you start talking to investors and others about the project. Keep this in mind as I put this all out there and explained this would be problematic, his response “not my problem”.
There were times that help was needed from financial side, Henrik did help. With accordance with Cas’s article you may ask why I did not foot the bill for everything, this was to be a joint venture with the two of us, I am KYC’ing, I am running infrastructure, I am writing the backend, managing all the conversions, and handline all the calls and everything else. The least the “cofounder” can do is assist with liquidity for the company here and there as I too would need to have this as I could not always drop what I was doing because they were critical for things such as sales and such. Keep in mind that a large percentage of our sales were directly due to my involvement, this was also directly stated by Henrik. Now there is a personal element to some of this and so based on the books, meaning actual documents that exclude anything between he and I that is purely business Henrik is out $1,360.00. This still puts the company in -$115.17. Oh that is total and we have not hit the other costs like email, counsel discussions, other expenses that were taken as part of the agreement we were working together, and a few overdraft fees on the account. At this point no need to include them, it is just important to know where the money went with regards to the cofounders. Now, I am spinning up the servers to which I will be eating the costs, no one else and will average at about $385.75 a month for next 11 months for a total of $4243.25 and that will be on OVH only. I am doing this because it is the right thing to do to honor the orders we received.
Let’s get back to that cofounder scenario though, Henrik wanted the sole responsibility to be the site and to that it was great news for me as I am not a web developer. I mainly work in system development and I prefer it that way. There are some lovely illustrations on the site but not much content, there was content provided to be placed into the site but it was never done. There is a number of other things to which we paid for assets and things and never got for a hidden service website, to which I wrote. Notice the backend engineer wrote the website for the hidden service but the web developer did not. Understanding roles and where you work together in such a project is important. This also applied for him requesting console access to OVH and Digital Ocean, I explained if I gave him access he would have to help in offsetting my workload, he declined. My request is not uncommon in organizations, you have a separation of who access to what due to expense management and for security reasons. This is not to imply Henrik was insecure this is just a precaution every organization takes. There was to be a mobile friendly site as well that never happened. There was some drops in the ball on that side as well as on mine.
Trust with a cofounder is incredibly important, some disinformation was sent to Henrik so that in the case of leaking of our discussions I would easily be able to point out certain things. Like for Pokkst, the reason i used him was because Henrik begged and pleaded with me to use him to get to Roger Ver to get some big deals going on. To this I did not want to do. The other reason for Pokkst was so that if this blew up I could call him out on his exit scam, but I will refrain from that at this time. Remember, do research before jumping to conclusions and I would advise everyone to do so.
I did set expectations high and I busted my ass to get there. I fell short in not filing properly, this is true. However, also it is important to understand this was not going to be as easy as me just filing. Henrik later decides he wants to be a part of things so there needed to be some documents made. They were to be made but there was some issues as to where to register and how to handle things. As I was no longer in California, to which my attorney was used to and able to handle things I was in Mississippi. Filings are different, and I wanted to follow the Valley standard and use Delaware like most American companies. However, some things happened and this did not happen. I was dealing with quite a bit on a personal level. Henrik did offer once for me to take two weeks off to get a break, but the issue was I was in talk with an investor and other things going on that prevented this. As per usual, Henrik refusal to be a part of conversations would lead to a problem. The investor wanted to invest in the project but if the other cofounder would not become public he would not do this. He wanted to invest in me as being the only founder to Cypherpunk Labs, however I did not want that and Henrik was my partner in this. Where I failed here was not continuing to file after other events, which I have since resolved yesterday. Note, nothing illegal about that and there has been nothing wrong done in this regard and Cas’s statements come from not understanding the law or doing any research on the subject matter. Keep in mind just as everything has been my liability since the start of this, it still is.
So then there was now going to be a transaction from this investor, however, he retracts. There is some discussions, keep in mind Henrik is only just asking for updates at this point every couple of minutes during my day and constantly pinging me so i am providing updates. Again he refuses to be a part of things including discussions so he did not sign an NDA, and you got to honor those in this country. I am also talking to counsel and spending money not from the company, but from me. As you learned there was nothing to be spent from the company it was barely getting by, combination of DDOS, doubling big orders, and other things add to this as pointed out in servers section. so what happens next is me being overwhelmed. Discussions continue, Henrik demands I pay him back and threatens drama, a DDOS on October 24th, Hurricane Zeta, and then a Sybil attack on November 1st, the Tor project removes all the servers from metrics pages and network. Each of these items as Henrik would say “not my problem” and I guess he was right he was only responsible for the site even though it needed improvements. I began to isolate and took a dark path on a personal level with all the just mentioned items my grandfather’s health was failing. A cofounder should have stepped up but wasn’t his problem. On the 7th of November I announced an extended downtime, why? It was needed to recover from Sybil attack and I had been busy the week prior with clean up and other things related to the services. The announcement can be found here.
As Cas wanted to discuss me, let me discuss some things Cas did not actually get right and some things taken out of context. Regardless of how much bitcoin I have, I can choose to do as I wish with it. You need to understand that mixing coins requires more than just throwing a full coin in a mixer, you should split it up and follow best operational security practices. Something that you need to research more on before coming up with an article to which you did no research. I refused to sign any transaction to you or to Henrik, for what purpose? I have signed messages before and those people are the only ones that can confirm that, and it is up to them to disclose those events. Keep in mind that your approach was terrible on this part and you should understand the dangers of just stating a bunch of things without contacting the person you are writing about. Journalism is dying because of this type of writing.
On to Satoshi, so yes we all know who satoshi is if you write software. Now, do not go in bringing in something I have disclosed privately with you with your distinct promise not to disclose that I know her. Yet you want to breach that trust and not do any research before posting your article. I think that was in rather bad taste to be honest. Do a few moments and research the information i gave you once before and it is pretty much public now so I can elaborate a little. What is the primary component of bitcoin? Public key cryptography but it is based off a particular implementation of public key cryptography which is PGP. Another primary component of bitcoin is Proof-of-Work, which has roots prior to bitcoin. Keep in mind it was used to prevent email spamming. Then a little thing called reusable proof of work came about. Use your journalistic abilities to really dive in there and there is one common thread, keep in mind that compromises the very important core aspects of what makes up bitcoin.
With regards to exploits on bitcoin, there have been and will continue to be exploits. Unless you are paying me, there is no reason for me to disclose them. Bitcoin was hacked before, lightning has been exploited. Do not talk about things you do not understand.
Our meshnet consists of some operators of amateur radio and software defined radio enthusiasts. I have discussed this with many on Twitter and you again are proving your lack of investigation in your article.
For one, I never worked for the FBI/NSA, I did work with the Department of Defense on a project and that is all I can say. If you look at a recent Github commit from me you might can derive more. I will not say anymore, also again you did not confirm with this information for accuracy with anything else so it would be expected you would be wrong again on this.
Keeping power on in emergency situations is a real thing. You wouldn’t understand it unless you had to live through it. Again lack of some quick searches.
Now on to the hiring of full time developers, so as pointed out above the “cofounder” was not developing and progressing the site. The money was going to come from my out of pocket investment to pay them or from the investment. As also disclosed in this giant tell-all the “cofounder” wanted nothing to do with any of the working on the business, only working in the business. On to the subject of running the number of exit nodes, the project could and would be running a large percentage of them if trajectory were to continue. Keep in mind there is a direct relation of sales and me promoting things for the service. This was important to be able to have this information and data, to further show where the work was being done. Sales were not coming from the impressive website(it is not good and that is being nice), they were coming from my direct involvement, updates, and busting my ass in making things happen.
My intentions have always and will always remain to do what I said I would, to provide the servers and to clear up any and all issues. I had stated in private group chat that I needed a couple of days to do things, and it has been less than 72 hours since I came back online froma much needed break and things are getting done. I am slowly spinning up the servers and will have to regain trust with Tor. You also speculated how does the Sybil attack effect customers, this again proves you did no research so I will be providing that in the next section so that you no longer have to grasp at straws to try to find some kind of inkling of wrongdoing without reaching out to me. You have my phone number, email, Signal x 2(personal and Canadian one), and you have me on Twitter. The reason the account was negative was the bills, to which I explained. There was also a personal message that was leaked, to say that you are trustworthy is a fallacy.
Sybil, DDOS, Tor, and Customers
A Sybil attack can be best defined as follows:
In a Sybil attack, the attacker subverts the reputation system of a network service by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder.
Sybil attacks occur on Tor with operators when you do not do multi point validations for each host. What happens is someone is pretending to be you or your service and can and often run nefarious software to harm users. This is a problem and Tor delisted us over this. To resolve this I would need to rebuild each and every exit and setup validation keys not only on the servers themselves and fingerprint but also on the site so there was a two factor model to verify the hosts. This takes time and work to do, I had some basic automation but it needed to be improved. Hence, after Tor project had removed us from metrics page and descriptors list. I scheduled a downtime to begin this work, I was having to do it solo just as everything else within the project.
How this happens in the Tor network is that there are fingerprints to each and every relay. There are three types of relays, a guard, an exit, and a bridge relay. A guard/middle relay is how you normally connect to Tor if it is not censored. If Tor is censored you would connect directly to a bridge relay, from here you would then be able to use Tor. Bridges are truly the fights against oppression and censorship. An exit relay is your exit point out of the Tor network out into the regular internet. This used to obfuscate your public IP address and to protect your privacy. You should read on this at the Tor project website. Someone can pretend to be you with mimicking your servers and configurations with the names, contact information, as well as mimicking even your MyFamily configuration. A nefarious actor can and will often disguise themselves as improper or poorly configured hosts and run proxy services or tools like sslstrip to compromise tor users.
A DDOS or better known as a Distributed Denial of Service attack is essentially flooding a server with traffic. Keep in mind that in running relays of any kind you also have traffic of the Tor users. This means their browsing traffic is running through your system, there is constant bandwidth use here. So you have this data adding to your cap and then an attacker can easily look up who you are using as a provider and find IP addresses to do targeted attacks to cost you money.
What does all this mean for the customer? Well a Sybil attack resulted in us being delisted, so servers were still online just not able to be used with default settings and were considered harmful until resolution. DDOS attacks hit on the costs. What this translates into was downtime, and a massive fix needed. Only way to mitigate DDOS costs was to move all the way out of Digital Ocean which impacted the ability to be in multiple regions outside of the United States, however, this is where we are now to further things are done.
Just as with all startups and projects things went well for a while then went downhill a bit. Unlike most good cofounder relationships one decided to start calling someone a scammer and never even asked for any information regarding the finances before bringing it up to other people. Instead his anger took control and he had threatened drama before. I knew that it would come if things did not go his way, things happen and here we are. Instead of anyone reaching out to me and asking for specifics and documents, they decided to run on this information without ever having the other side, which has all the documents and records. Keep in mind that in starting a project scope and goals should be outlined. Also, things need to get into writing before any work is done, that mistake was made in this case for sure. At this time I have and will remain liable for all the services and costs incurred. Henrik has made it clear he plans to attempt to discredit the company and me. The sad truth is at no point did he want to help out with running anything. I have reached out to talk to him on Telegram so we can iron some things out and close up loose ends on our interactions. I would much rather remain civil, others chose not to so I had to respond in a thorough write up with facts and data.
To Cas, you disappointed me and showed me that you were not my friend. You never asked anything directly to me, you instead chose to write your piece without doing research, one day you will learn that research is important. I did not want to bring up Henrik and refer to him as a mutual but you went on a let’s talk about Daniel rant, so I provided the hard truths of what went on. Again, no one, not even Henrik had asked me about the financial records or anything. Phone calls were not in those screenshots, messages had been removed I can confirm by him, and the source material was not everything. Before going on such direct attack work against a friend of yours, I would advise you to do a little digging. I will not publish private direct messages except for the origin one I posted here, private direct messages are just that private.
To Cypherpunk Labs supporters and customers, I will continue to be spinning up servers slowly. Things are coming back online and I am making them more manageable. At this time I will not be enabling orders until all things are resolved with the “cofounder” and those issues can be laid to rest. I hope you all have a wonderful holiday, I will be spending it with my family that I am grateful to have. I hope that you and yours are able to spend time together and enjoy precious time you have with each other. Thank you.