The CHEQs Crypto-Quiz Answers

Last week we set a crypto-quiz over at CHEQs to give people the chance to test their crypto-security knowledge. The questions become increasingly difficult as the quiz progresses.

If you haven't tried the quiz already, and want to have a go, visit this page.

I will now add a picture of a unicorn and some garlic for spoiler prevention purposes, as it should push the questions and answers off the bottom of your screen.

Those of you who want to see the answers can scroll down to reveal them.

Question 1

The answer is B. There are clearly other things you need, for example, crypto in the wallet that you're transferring from, and the ability to digitally sign the transfer transaction with the private key of the public address you're transferring from, a brain to command your fingers to initiate the transactions on your keyboard or phone touch screen, and so on.

But from the options given you definitely need a public blockchain address of the receiving wallet, otherwise there is no destination for the funds being sent.

Some people might think that you also need a seed phrase: that's not a compulsory requirement, because you could have imported just a private key to your wallet, and that would mean no seed phrase was involved.

Question 2

The answer is D. Stablecoins are digital tokens that represent a fiat currency or (relatively) stably priced commodity. The EU Markets in Crypto Assets regulations call them EMTs, or Electric Money Tokens.

Question 3

The answer is D. I suppose it could be argued that there are specific conventional methods that are sometimes faster and cheaper (for example a Bitcoin transfer on a busy day with a transaction that has too low a transaction fee will be slower than a SEPA transfer that has been processed quickly by your bank), but there is a reason why central banks are paying attention to the properties of blockchain when researching their CBDCs (central bank digital currencies).

However, in my experience as a consultant who has received many payments over the last three years through both conventional banking channels and through stablecoins and cryptocurrency, all of the latter have been significantly faster than all of the former.

And as an added advantage, I can verify using a blockchain explorer that the payment has been made. With the conventional banking system I have to take the payee's word for it until the payment turns up in my account.

Question 4

The answer is C, although thinking about it, as the private key is used to derive the public key that then derives the blockchain address against which ownership of digital assets is recorded, A could be argued to be a secondary answer to the question. But I would still claim that the primary purpose is to provide proof of ownership and hence control of those assets through digital signatures, making C the best description of the role of a private key.

Although a private key can be used for encryption through an asymmetric key cryptography algorithm, blockchain transactions are not usually encrypted in that manner.

I hope you all found answer D as amusing as I do.

Question 5

The answer is B. If you have significant crypto holdings it is a good idea to keep most of them in a cold wallet, because every time you interact with a blockchain using a wallet you are taking a risk. It is the same as using your credit card at different online and real-world merchants - the more you use it, the more likely the possibility that a scammer will try to abuse it.

Some of you might argue that A is also a valid answer, however it is possible to use the same type of wallet for both hot and cold wallets, and therefore the same private key encryption and storage method, just with the cold wallet being on an airgapped laptop.

Question 6

The answer is A. If you use a custodial wallet, you are relying on the provider to manage your assets, and they can refuse to process your transactions or give you the private key to an address holding your assets, which is a significant difference. Custodial wallets are connected to the internet (otherwise how would you log in to them), and non-custodial wallets such as MetaMask or Electrum do not require KYC to be used.

Question 7

The answer is E, as the best way to defend yourself against a phishing attack is to hide under a pile of leaves in the forest and never use an electronic device or talk to anyone.

More seriously, installing antivirus software is a good idea, but will not defend you if the phishing attack is an attempt to get you reveal your seed phrase or make a bank transfer to the scammer when you think you're sending money to your daughter who is stranded in Bangkok during her gap year world travels.

Question 8

The answer is D. This one is a bit tough, as we have not yet released all the details about the CHEQs platform yet. But if you know Richard Piacentini and me well, you should be able to work out that a) our platform is compliant with regulations so will have KYC, b) in previous posts we've talked about how CHEQs allows you to send the means of transactions off-chain, and c) we would of course ensure that there are standard methods for ensuring security.

Question 9

The answer is A. The access to a blockchain node may be through a third party, but any synchronized Ethereum blockchain node will transparently hold the data and state for all smart contracts, allowing them to be examined.

B is wrong, because the function may allow you to inspect the smart contract in question, but it is the asset instantiating smart contract that holds the data registering assets against the address of the Ethereum smart contract we are considering. That last sentence is rather confusing, so let me try again: to find out if an address, for example, the address of a smart contract, owns an asset, you need to inspect the smart contract instantiating the asset.

If a smart contract is destroyed, then technically, as it no longer exists it no longer holds any assets.

Question 10

ChatGPT gives the wrong answer to this question. The answer is D.

The reason for this is because there are many different ways in which wallets may enact transfers. Some wallets will reject the transaction because the destination address is the incorrect length, or possibly because the address checksum check fails.

Other wallets, for example if you are using Hardhat and Javascript to create the transaction, or if the wallet has been implemented without sufficient error checking, will interpret the address as a hexadecimal number and will pad it with a 0.

It's a bit like sending a letter with the wrong street number in the address. If you're lucky, the post delivery person will spot the mismatch between the name of the recipient and the address and deliver it to the right person. If you're unlucky, they may return it to sender. And if you're very unlucky they'll deliver it to that neighbor who hates you and who throws it in the bin.

Ultimately, it's best to ensure you use the right address.

Question 11

The answer is B, but will probably never happen these days. However, it is not completely impossible, and so the answer is not A.

In June 2016, a smart contract known as the DAO was hacked, and 3.6 million ETH were transferred out. The Ethereum network was hard forked and rolled back to the point before the hack, thus returning the funds to their rightful owners (or not their rightful owners if you support the proponents of Ethereum Classic, which is run by the community of people who disapproved of the rollback).

The rollback remains controversial to this day.

Question 12

The answer is D, although in hindsight we should have made it clearer that the question was about an Ethereum transaction, because for a Bitcoin transaction B is not relevant, and hence there would be no correct answer. You can decide whether you got it right or not.

For Ethereum, once a transaction has been added to the blockchain, you can't replace it.

However, if the transaction is still "sitting in the mempool", which means it hasn't been added to a block yet, you can send out a second transaction with the same nonce (a kind of sequence number), and if you give it a higher transaction fee, then the odds are that the current block validator will pick that transaction over the original one.

If the validator is not concerned with maximizing their profit, or if they don't see the new transaction in time, they could still add the earlier transaction instead, hence the "bit of luck" part to the answer.

Conclusion

If you provided all the answers shown in bold above, you will have received a 100% score, and well done you!

If you didn't get 100%, you may want to sign up to use CHEQs when we launch, as it is a system designed to provide additional security for your crypto transactions, while ensuring your assets are held non-custodially. And a whole bunch of other things such as improved accounting and recurring payments, plus more that I can't talk about just yet.

You can sign up here.

Feel free to now start arguing with me about the questions and answers in the comments.