Integrating, Mining and Attacking: Analyzing the Colored Coin “Game”

[Note: Below is a guest post from Ernie Teo, a post-doctorate researcher at SKBI (where I am currently a visiting research fellow).  It is referenced in a new paper covering the distorted incentives for securing public blockchains.]

Integrating, Mining and Attacking: Analyzing the Colored Coin “Game”

By Ernie G. S. Teo, Sim Kee Boon Institute for Financial Economics,
Singapore Management University

The research in this post came about when Tim Swanson invited me to look at colored coin providers and their incentives from a game theory perspective. The results are based on a number of phone conversations with Tim; I would like to take the opportunity to thank Tim for his insights on the matter. For an introduction to what colored coins are, refer to Chapter 3 in Great Chain of Numbers.

The initial question Tim wanted to know was if colored coins can be identified will miners charge excessively high fees to include these transactions. The led to a discussion of the possibilities of the colored coin issuer becoming a miner; and of an attack on the network to take control of the colored assets.

The problem proved to be very interesting as there could be many implications on the success of the system given the potential costs and benefits. Entities or players within the “game” could strategically choose to sabotage themselves if the incentives were right. In this post, I will attempt to explain this using a “sequential game” format. I will explain the various stages where choices can be made and the players involved in each stage. This will be followed by an analysis of the various outcomes and the strategic choices of each party given the incentives involved.

Before we start, I would like to disclaim that the model that follows is a simplified version of the problem and helps us to think about the potential issues that could arise. They are based on various assumptions and in no way should the results be taken at face value.

Stage 1: Before the colored coin issuer (CCI) starts operations, we assume that they will consider if they will choose to become a miner (Assuming that they can include their own transactions into blocks if no one else would). The decision maker (or player) here is the CCI, the choices available are to integrate or to not integrate.

Stage 2a: When the CCI starts issuing colored coins, it would have to decide on the fees it would pay for the transaction. We assume that the CCI is a rational entity and will choose the optimal fees. However as there are two possibilities in stage 1, there will be 2 possible fees quoted; one for a CCI whom is also a miner (integrated) and another for a CCI whom is not a miner (non-integrated). The decision maker here is the CCI and the choice is the fee quoted.

Stage 2b: This is immediately followed by the miners deciding to include the transaction in the block or not. For simplicity’s sake, we assume that there is only one miner in this game (this can be the CCI). The decision maker here is the miner and the choice is to mine the transaction or not.

If the decision in Stage 2b is not to mine, the game ends (End 1).

Stage 3: We next assume that the miner can choose to fraudulently attack the system and transfers the colored coin to itself. The decision maker here is still the miner and the choice is to attack or not.

This gives us 2 alternative endings (End 2 and End 3). The game can be described by Figure 1.

Colored Coin Teo

Figure 1: The stages of the “game”

If we consider the game, there are only 2 decision makers or players: The CCI and the miner. Next, we consider what are the possible outcomes or payoffs for each possible ending described above. This is described in Figure 2 below, there are actually 6 possibilities as there are 2 types of CCIs, integrated and non-integrated. When there is integration, there is really only one player.

Colored Coin Teo 2

Figure 2: Payoffs of the game

Having setup the game and determined the payoffs, we analyze the possibilities of each outcome. This is subject to the comparative magnitude of each payoff. Let’s start with the non-integrated outcomes, there are 3 possibilities:

  1. Not Integrated. Mined. Attacked.
  2. Not Integrated. Mined. Not Attacked.
  3. Not Integrated. Not Mined.

An attack happens if M3>M2 (this will happen if the net benefit of the attack is positive).

If M3>M2, the transaction will be mined if M3>M1. This is because the miner expects the attack to take place, the miner will thus only mine the transaction if it the payoff from mining and attacking is better than not mining. Since we assumed that M1=0, M3 will be always larger than M1. Thus When M3>M2, mining always takes place and an attack happens.

If M2>M3, the attack will not happen (this would indicate that the net benefits of the attack is negative). The transaction will be mined if M2>M1 or if the transaction fees are positive.

The transaction will not be mined if M1≥M2. Since M2 (the transaction fee) has to be at least zero, if M2=0, the transaction will not be mined.

To summarize, there are 3 scenarios:

  1. M3>M2≥M1: The transaction is mined and an attack takes place. The CCI gets CC3NI.
  2. M2>M3 and M2>M1: The transaction is mined and an attack will not take place. Note that the inequality between M1 and M3 does not matter for this outcome. The CCI gets CC2NI.
  3. M1≥M2>M3: The transaction is not mined. The CCI gets CC1NI.

In stage 1, the CCI is making the decision to integrate. To analyze this, we need to compare the non-integrated outcomes with the integrated ones. We thus have to look at the integrated outcomes first before we discuss stage 1. The outcomes are:

  1. Mined. Attacked.
  2. Mined. Not Attacked.
  3. Not Mined.

An attack happens if CC3I>CC2I. (This again will happen if the net benefit of the attack is positive).

If CC3I>CC2I, mining will occur if CC3I>CC1I. Similar to the non-integrated case, CC3I is always larger than CC1I . In fact this case is stronger as CC1I is at most zero and is likely to be negative as it is a cost. Thus if the CCI is willing to launch an attack against itself, it will definitely mine the transaction.

If CC2I>CC3I, no attack happens. For mining to occur, CC2I≥CC1I (the CCI will prefer to mine if they are indifferent). CC2I will always be larger than CC1I unless mining fees are zero (in which case it is equal), mining will always occur if CC2I>CC3I.

For mining to not occur, CC1I>CC2I or CC1I>CC3I needs to hold. To summarize, there are 3 scenarios:

  1. CC3I>CC2I and CC3I>CC1I: The transaction will be mined and an attack occurs. CC3I is the final payoff.
  2. CC2I>CC3I and CC2I>CC1I: The transaction is mined and no attack happens. CC2I is the final payoff.
  3. CC1I>CC3I (we had determined that CC1I>CC2I could not be possible): No mining occurs. CC1I is the final payoff.

Note that we have determined that mining will always occur if the CCI chooses to integrate. Thus there are only 2 relevant scenarios instead of the 3 found in the non-integrated case. The main assumption is that the CCI miner will be able to get its transaction included on the blockchain; this could be either because it is the only miner or it has invested in sufficient computing resources to ensure it.

There are a total of 9 combinations of events detailed in Figure 3. Figure 3 also shows the conditions required for integration to occur under each scenario.

Colored Coin Teo 3

Figure 3: Analyzing the Integration Choice.

Colored Coin Teo 2

Figure 2: Payoffs of the game

Referring back to figure 2, we can make the following assumptions:

CC1NI is always larger than CC1I

CC2NI is always larger than CC2I

CC2NI is always larger than CC1I

Thus the 3 inequalities highlighted in red in Figure 4 are never possible, no integration will occur in scenario B+E, B+F and C+F.

In the other 6 scenarios, integration could occur given the right conditions. We can make some predictions on what is likely to occur.

  1. In all scenarios with event A (A+D, A+E and A+F) where the non-integrated miner attacks, it is likely that the CCI prefers to integrate.
  2. In scenario B+D, there are two possibilities. If the cost of attack is large, the CCI will not integrate. Otherwise, it will integrate and reap the benefits of launching an attack on itself.
  3. When event C occurs and no integration takes place, the transaction will not be mined and the CCI gets nothing. Integration will thus occur as long as the cost of integration is small enough. This will be relevant for scenario C+D and C+E as we has ruled out C+F earlier.

One may ask if the CCI would want to attack itself. Well, if the benefit of attacking is large, a colored coin issuer may want to attack the network to derive a onetime benefit even though the company will never be trusted afterwards. However, this is unlikely as the cost of integration has to be extremely large for the CCI to be able to successfully attack the network.

Finally to answer our initial question, let us consider the issue of whether a non-integrated miner (in the event that a colored coin transaction can be identified) will force the CCI to quote high fees in order to get the transaction included. This is only relevant in the scenarios where the CCI initially chooses not to integrate. However, if colored transactions can be identified, miners can choose not to include these transactions unless the transaction fees are high enough. The fee can only be so high that it does not force the CCI to choose integration instead. In general, we can say that this fee cannot be higher than the cost of integration (this would refer to the per transaction cost of integration on average).

Based on this “game”, will colored coins be able to exist on a network such as Bitcoin? If colored transactions can be identified, there could be 2 issues. 1. The colored assets are so valuable that the non-integrated miner would want to attack the system, 2. The fees do not incentivized non-integrated miners to include the transactions. To overcome these issues the CCI could chose to integrate (or become a miner with sufficient computing power to be able to ensure that its transactions gets recorded). However, if the cost of doing so is too high to be justifiable, the CCI is better off not operating at all.

Send to Kindle

What are a few direct and indirect costs of the “block size debate”?

About six weeks ago I mentioned a dollar figure during a panel at the Consensus event in NYC: $6 million. Six million USD is a loose estimate — for illustrative purposes — of the amount of engineering time representing thousands of man hours over the past 7-9 months that has gone into a productivity black hole surrounding the Bitcoin block size debate.

A little recent history

While there had been some low intensity discussions surrounding block size(s) over the past several years, most of that simmered in the background until the beginning of 2015.

On January 20th Gavin Andresen posted a 20 MB proposal which was followed over the subsequent weeks by a number of one-and-done counterpoints by various developers.

About four months later, beginning on May 4, Gavin posted a series of blog articles that kicked things up a notch and spurred enormous amounts of activity on social media, IRC, web forums, listservs, podcasts and conferences.

The crescendo of public opinion built up over the summer and reached a new peak on August 15th with a post from Mike Hearn, that Bitcoin would fork into two by the beginning of next year.

The passionate enthusiasts on all sides of the spectrum took to social media once again to voice their concerns.  During the final two weeks of August, the debate became particularly boisterous as several moderators on reddit began to ban discussions surrounding Bitcoin XT (among other forks and proposals).  There was even an academic paper published that looked at the sock puppets involved in this period: Author Attribution in the Bitcoin Blocksize Debate on Reddit by Andre Haynes.

Ignoring the future evolution of block size(s), with respect to the opportunity costs of the debate itself: investors and consumers have unintentionally funded what has turned out to be a battle between at least two special interest groups. 1

So where does the $6 million figure come from?

Of the roughly $900 million of VC funding related to Bitcoin itself that has been announced over the past 3 years, about half has been fully spent and went towards legal fees, domain names, office rent, conference sponsorship’s, buying cryptocurrencies for internal inventory and about a dozen other areas.2

At the current burn rate, Bitcoin companies collectively spend about $8-$10 million a month, perhaps more.  And since the debate is not isolated to development teams, because upper management at these companies are involved in letter writing campaigns (and likely part of the sock puppet campaigns), then it could be the case that 5-10% of on-the-clock time at certain companies was spent on this issue.

Consequently, this translates into about $400,000 to $1 million each month which has been redirected and spent funding tweets, reddit posts, blog posts, conferences, research papers and industry conferences.3

What about specific numbers?

For instance, with around 150-200 attendees the Montreal scalability conference likely absorbed $250,000 from everyone involved (via travel, lodging, food, etc.).  Similarly, one independent estimate that Greg Maxwell mentioned at the same Consensus event was his back-of-the-envelope projection of the opportunity costs: a few hundred thousand USD in the first couple weeks of May alone as engineers were distracted with block sizes instead of shipping code.

While a more precise number (+/-) could probably be arrived at if someone were to link individual developer activity on the dev mailing list/reddit/twitter with their estimated salaries on Glassdoor — since this past spring roughly $6 million or so has probably gone towards what has amounted to basically two diametrically opposed political campaigns.

And the issue is still far from resolved as there are more planned scalability conferences, including one in Hong Kong in early December.

Why is it a black hole though?  Surely there is utility from the papers and projects like Lightning, right?

It’s a money pit because it doesn’t and cannot resolve the coordination problem that decentralized governance creates.  I have an upcoming paper that briefly touches on this issue (in Appendix A): the key point is that any time decision making is decentralized then specific trade-offs occur.

In this case, due to an intentional power vacuum in which there is no “leader,” special interest groups lobby one another for the de facto right to make decisions.  Some decisions, like raising the minimum transaction relay fees involve less tweets and downvotes and are for various reasons considered less important as others.  Yet ultimately, de jure decision making remains out of reach.

Not the first time to a rodeo

Because decentralized governance (and external social consensus) was/is a key feature for many cryptocurrencies, this type of political activity could happen again with say, increasing the money supply from 21 million or if KYC becomes mandatory for all on-chain interactions.

Again, this was bound to happen because of the tragedy of the commons: because the Bitcoin network is a public good that lacks an explicit governance structure.  Anytime you have a lack of formal governance you often end up with an informal power structure that makes it difficult to filter marketing fluff from sock puppets like Cypherdoc (aka Marc Lowe) from actual fact-filled research.

And this subsequently impacts any project that relies on the Bitcoin network as its security mechanism.  Why?  According to anecdotes, projects from new organizations and enterprises have reconsidered using public blockchains due to the aforementioned inherent governance hurdles alone.

After all, who do they call when the next Mexican standoff, block reorg or mutually assured destruction situation arises?  There is no TOS, EULA or service-level agreement and as a result they look at other options and platforms.4

  1. It is probably too simplistic to say that, with $6 million in funding, these same developers could have simply created a new system, like Ethereum, from scratch that factors in scalability challenges from day one.  It is unlikely that these same developers would have come to agreement on what to spend those funds on as well. []
  2. See What impact have various investment pools had on Bitcoinland? and Flow of investments funds in Bitcoinland []
  3. The academic term for this is single-issue politics. []
  4. For instance, Tezos was designed specifically with a self-amending chain in mind due to this issue. []
Send to Kindle

Some housekeeping of events and interviews

It has been a little while since I posted the events, panels and presentations I have been involved with.  Below is some of the public activity over the past 5-6 months.

Interviews with direct quotes:

Indirect quotes:

Academic citations:

Presentations, panels and events:

Send to Kindle

The great pivot? Or just this years froth?

smjmeAbout a year ago I briefly explored the PR and branding challenges of Bitcoin, a topic that has been independently discussed by others.

Over the past 6 months there has been a visible trend in the overall “Bitcoin” space to rebrand or not use the term “Bitcoin” on corporate material.  This has been done for a variety of reasons.

Some startups simply are no longer touching or interfacing with bitcoins or the Bitcoin network.  Others do not want to be affiliated with the term preferring the alternative “Blockchain” as a catch-all euphemism.

For instance, below are 10 companies which raised their Series A (and sometimes more) and were originally affiliated with “Bitcoin” in some manner but are no longer publicly positioning themselves as such:

  • Abra ($14 million): originally launched as a “rebittance” company, still claims to use the Bitcoin network but the word Bitcoin does not appear on its homepage
  • BitGold ($5.3 million): pivoted from Bitcoin last December
  • Bitreserve ($14.6 million): rebranded as Uphold and now vocally moving away from Bitcoin
  • ChangeTip ($4.25 million): removed the word Bitcoin from its frontpage, now focused on USD-denominated tips
  • Chain ($43.7 million): after closing its recent B round, remarketed from Bitcoin-only and removed the word Bitcoin from its frontpage except in the headlines of past news articles
  • Circle ($76 million): rebranded after receiving a Bitlicense; neither its frontpage nor its new 60 second ad use the word Bitcoin
  • Cryex ($10 million): the word Bitcoin does not appear on its frontpage
  • Mirror, formerly Vaurum ($12.8 million): the word Bitcoin does not appear on its frontpage (but does on some older blog posts)
  • Peernova ($19 million): originally a Bitcoin mining company that is no longer affiliated with Bitcoin at all
  • Vogogo ($21 million): the word Bitcoin does not appear on its frontpage

A few others who have done marketing changes (some more substantive than others):

  • BTC China ($5 million): still focused on its virtual currency exchange renamed itself as BTCC to move further abroad into the international marketplace
  • itBit ($28.25 million): in addition to running its virtual currency exchange, they also launched the Bankchain initiative this past summer
  • DAH: originally planned on using the Bitcoin blockchain but broadened its scope during the summer after acquiring Hyperledger; the word Bitcoin does not appear on its homepage although it still uses the network for product launches (like Pivit)
  • Symbiont: originally used the Counterparty platform and the Bitcoin network as part of its financial service, but has now built a permission-based system
  • Align Commerce, Serica and many others do not use the word Bitcoin on their homepages yet still use the Bitcoin network for some lines of business
  • Coindesk renamed their quarterly report: “State of Bitcoin and Blockchain”
  • Inside Bitcoins (the conference circuit) added “with Blockchain Agenda” prominently at the top of their homepage

What about venture capital itself?


Source: CB Insights

As visualized in the chart above, Bitcoin-related investments have declined the past two quarters.

However, the chart is not fully accurate as CBI includes 21inc funding as “one” round in Q1 2015.  According to Nathaniel Popper, 21inc did not raise its war chest in one round but rather over the course of 3 rounds.  So it is likely that Q1 2015 probably was altogether around $175 million as the other ~$60 million were raised in 2013 and 2014.  Similarly Q3 2015 should be less as is no longer a Bitcoin-specific company.

What about other changes in the VC world?

Crypto Currency Partners: renamed itself Blockchain Capital

Boost VC: while the word Bitcoin does appear on its homepage, in his most recent writeup of its portfolio, Adam Draper does not use the word Bitcoin but instead uses “block chain” to describe his investments

Pantera: while it remains publicly committed to Bitcoin, based on its most recent newsletter the team likely views the word “blockchain” as more palatable to investors and LPs.

For instance, the year-over-year comparison of word frequency between two Pantera Capital newsletters:

DCG: launched its website during the summer, prominently display the word “blockchain technology” instead of Bitcoin, despite the fact that nearly all of its portfolio is Bitcoin-reliant or Bitcoin-specific.

In fact it appears that the trend by some VC-backed Bitcoin-heavy portfolio’s adopting the term “blockchain” is a marketing gimmick as neither DCG, Pantera nor Boost have purposefully invested in non-Bitcoin blockchain companies.  In fact, individuals such as Barry Silbert (founder of DCG) are outspoken in their dismissal of non-Bitcoin blockchains.

What are some reasons for the decline shown in the CBI numbers?

Part of it has to do with the fact that consumer-facing Bitcoin companies have found muted traction, if any at all.  For instance, BitPay (which raised $32.5 million) recently laid off most of its staff, liquidated a large portion of its bitcoin holdings, raised its fees in order to stay afloat and did a (non-pivot) pivot towards catering to other enterprises.  This looks bad for other Bitcoin-branded companies looking to try and raise funds for consumer-facing products.

Another reason is that some of the buzz and froth simmered down with the price of bitcoin itself.  It seems common parlance to hear people at conferences say “the price of bitcoin doesn’t matter” but that is very untrue for fundraising.  If prices were on a tear into orbit or were managing some stability higher than it was 2 years ago, it’d be easier for entrepreneurs to convince new investors (not just the same 4-5 funds) to deploy new capital in Bitcoin-specific products.  Maybe Gemini will change that?

So where has some capital been deployed instead?

Into that amorphous catch-all term: “blockchain.”

There are just over a dozen “blockchain” / distributed ledger startups collectively trying to raise $200 million at over a $1 billion valuation.

And incidentally, there are a couple companies in each of the VC portfolio’s above that have now built non-Bitcoin blockchains or ledgers.

Some of them are currently raising while others recently closed funding rounds.

This includes: Symbiont, Chain, Peernova, Ripple, Eris, Setl, Credits, Tradeblock, itBit, Tembusu, Clearmatics, MultiChain, BlockStack, DAH, Blockstream (via Liquid) and a few others in stealth that well, are in stealth.

What does being a “blockchain” company mean?

blockchain search google

January 2009 – October 2015. Source: Google Trends

The term “blockchain technology” is basically a catch-all term at this point.

In many cases, when someone at a fintech conference now says they’re interested in “blockchain technology” it typically means they are interested in common elements like public/private key signing, resolutions to double-spending and permission-based multitenancy environments.  Bitcoin, as described by Gwern Branwen, was not the creator of those elements.

What will next year look like?  Will there be a new term that is co-opted?  Or are we stuck using a word that never appeared in the original Satoshi white paper (it had a demarcated space between “block chain”) and has now become an umbrella term for many different neat ideas?

See also: Needing a token to operate a distributed ledger is a red herring and also A blockchain with emphasis on the “a”

Send to Kindle

Designing a Global Fabric for Finance (G3F)

Over the past two weeks there have been a number of news stories related to R3 — a fintech startup that I now work at.  The first of which was from the Financial Times, entitled Blockchain initiative backed by nine large investment banks.  Today we announced an additional 13 banks have joined our effort.

Although I cannot speak for the whole team, I can give you the vision I have with the aim of bringing clarity to the various bits of information that have been circulating.


Over the past year, the R3 team has spent copious amounts of time conducting due diligence on the greater “distributed ledger” or “shared ledger” space.  I joined as an advisor in January when they were already knee deep in the task; I am now Director of Market Research.

What I and several others on the team found is that while there were a number of orthogonally useful pieces floating around (such as multisig and ideas like Engima), none of the publicly available technology platforms that has been funded by venture capital provided a flexible, holistic base layer with the specific functional requirements for secure, scalable enterprise use.

This includes incorporating non-functionals that globally regulated financial institutions must adhere to such as: compliance, privacy, reporting and reconciliation.  Similarly, many of the venture funded projects also failed to address the business requirements of these same institutions.

In sportsball terms, the nascent industry is 0-for-2 in their current approach.

Some of that is understandable; for example, Bitcoin solves a set of problems for a niche group of individuals operating under certain security assumptions (e.g., cypherpunks not wanting to interface with banks or governments).  Regulated financial institutions do not operate under those assumptions, thus axiomatically Bitcoin in its current form is highly unlikely to be a solution to their problems at this time.  As a consequence, the technology solutions pitched by many of these startups are hammers looking for nails that do not exist in the off-chain world.

R3 is not a Bitcoin company nor a cryptocurrency company.  We are not seeking to build a “better” or even a different type of virtual currency.  Why not?  Instead of starting with a known solution, such as a spreadsheet, we are starting with the problem set which continually influences the customized solution.  This is one of the biggest reasons I was attracted to this specific effort: R3 is not a re-enactment of Field of Dreams.  Build it with the hopes that someone will come is the siren song, the motto even, for throngs of failed startups.

But weren’t the original shared ledgers — often called blockchains — robust enough to protect all types of assets and a legion of use-cases?

Many public ledgers were originally designed to secure endogenous, on-chain information (e.g., the native token) but in their current incarnations are not fit for purpose to handle off-chain titles.  For instance, Bitcoin was not initially designed to secure exogenous data — such as transmitting high-value off-chain securities — vis-a-vis pseudonymous miners.  And it appears all attempts to mutate Bitcoin itself into a system that does, ends up creating a less secure and very expensive P-o-P network.

What are we doing then?

Rather than try to graft and gerrymander our business requirements onto solutions designed for other problems, we are systematically looking at a cornucopia of challenges and cost-drivers that currently exist at financial institutions.  We will seek to address some of these drivers with a generalized agnostic fabric, with layers that fulfill the critical infrastructure specifications of large enterprises and with services that can be run on top in a compliant fashion.

What is a Global Fabric for Finance (G3F) then?  If you had the chance to build a new financial information network from scratch that incorporated some of the elements and learnings of the shared ledger world, what would it look like?

For starters, a fabric specifically built for and by trusted parties does not need something akin to mining or block rewards.  In fact, not only is there is no Sybil spoofing problem on a trusted network but there are already many known, existing methods for securely maintaining a transaction processing system.  Consequently, needing a block reward may (or may not) be a red herring and has likely been a costly, distracting sideshow to other types of utility that this technology represents.

If trust is not an issue, what use (as Arvind Narayanan and certain high profile enthusiasts have asked) is any part of the shared ledger toolkit?  There are a number of uses, many of which I touched on in a paper back in April.

What about specific use-cases?

While a number of ideas that have surfaced at conferences and media events over the past summer, R3 remains focused on an approach of exploration and ideation.

And while there will likely be some isolated tests on some use-case(s) in sand boxes in the coming year, it is important to reflect on the G3F vision which will be further elaborated on by Richard Brown (our head of technology) in the coming weeks.  If the fabric is only capable of handling one or two specific asset classes, it will fall short of the mandate of being a generalized fabric used to secure financial information for enterprises.

Why directly work with banks during this formative stage?  Why not just raise money and start building and shipping code?

To be frank, if financial institutions and regulatory bodies are not involved and engaged  from the beginning, then whatever fabric created will likely: 1) fail to be viewed as an authoritative and legal record of truth and 2) fall short of adequately address their exacting needs.  It would be a non-starter for a financial institution to use technology that is neither secure, or whose on-chain record is considered non-canonical by off-chain authorities.

What does that mean?

While some in the shared ledger community would like to believe that dry, on-chain code supersedes off-chain wet-code, the facts on the ground continue to contradict that thesis.  Therefore, if you are going to create a non-stealth fintech startup, it must be assumed that whatever products and services you create will need to operate under existing laws.  Otherwise you will spend most of your time hiding out in remote Caribbean islands or Thailand.


The R3 team is comprised of pragmatic thinkers and doers, experienced professionals who understand that a financial system cannot be built with up and down votes on reddit or whose transaction processors may reside in sanctioned countries.


Source: XKCD

While nothing is finalized at the time of this writing, it is our aim at R3 to make the underlying base layer of this fabric both open sourced and an open standard.

After all, a foundation layer this critical would benefit from the collective eyeballs of the entire programming community.  It also bears mentioning that the root layer may or may not even be a chain of hashed blocks.

Furthermore, we are very cognizant of the fact that the graveyard for building industry standards is deep and wide.  Yet, as I mentioned to IBT, failing to create a universal standard will likely result in additional Balkanization, recreating the same silos that exist today and nullifying the core utility of a shared ledger.

It is a pretty exciting time in modern history, where being a nerd — even a cryptonerd — means you are asked to appear on stage in front of decision makers, policy makers, captains of industry and social media influencers.  Some even get to appear in person and not just as a telepresence robot.  Yet as neat as some of the moon math and cryptographic wizardry may be, failing to commercialize it in a sustainable manner could leave many of the innovative forks, libraries and github repos no more than starry-eyed science fair projects.

To that end, we are currently hiring talented developers keen on building a scalable, secure network.  In addition, rather than reinventing the wheel, we are also open to partnerships with existing technology providers who may hold key pieces to building a unified standard.  I am excited to be part of this mathematical industrial revolution, it’s time to strike while the iron is hot and turn good academic ideas into commercial reality.  Feel free to contact us.

Send to Kindle

Cryptocurrency KYSF: Know Your Source of Funds part 2

ecommerceA few days ago I was asked a number of questions from a reporter at CoinDesk regarding on-chain trade volume; this was a follow-up from some questions back in early May.

A few of my responses were published in a new article today: Dark Web Markets ‘Processed more Bitcoin than BitPay in 2014’

Below are my unabbreviated comments:

Q: How have the recent posts from Coinbase and BitPay impacted the diagram you outlined in that previous post? Has it had any impact at all?

A: The most striking data point from the Coinbase and BitPay posts was what was missing: actual real user numbers.  Neither one of them is willing to publicly say how many monthly active users (MAU) they have which stands in contrast to other fintech companies, financial institutions and “social media” startups they like to compare themselves to.

For instance, even though Coinbase claims to have 2.4 million users/3.1 million wallets, what does that mean?  Are these all fully KYC’ed accounts?  What percent have logged on in the past month?  What percent have actually used Coinbase’s services?  How many simply create an account, deposit $10 and never log on again?

Similarly, BitPay numbers are actually pretty sobering.  We know demographically from both the CoinDesk report and the leaked Coinbase pitch deck that the over 80% of all bitcoin holders/owners are males between the ages of 18-45.  And that the majority of the overall users reside in North America.  Yet according to the BitPay charts, North American volume has been relatively flat the last 6 quarters.

So if the largest group of bitcoin owners are not using their holdings despite a marked increase in available merchants, that is probably not an indication that they are interested in spending their funds and probably see bitcoins as an investable asset than actual money.  BitPay also does not disclose aggregate USD or euro volume.  Startups like to make noise when they are doing good or can show growth; if the value of their volume was actually growing, they probably would say.

And while transaction count in Europe and Latin America appear to be growing, perhaps the collective value has stayed the same (the Latin America numbers are also a bit misleading; it’s easy to show large growth percentages when you start from 0).

Another point about BitPay’s post is that they don’t really say what “IT services” is.  Notably absent from this post, compared with their post in April, is what “mining” related activity is.  Recall that some miners, such as KnC and now defunct BFL were (are) using BitPay as their payment processor.  In fact, in BitPay’s post earlier this year, “Bitcoin Mining” — by volume — represented the largest share of volume processed.  Does “IT services” now include this previously large segment?

Lastly, one number they do not include is the total aggregate transactions by each quarter.  Eye-balling it, it appears for Q2 2015 they processed about 180,000 transactions.  Divided by 60,000 merchants comes to around 3 transactions per quarter or 1 transaction per month per merchant.

In all likelihood usage follows a power law or a 80-20 rule, that 20% of the merchants account for the majority of transaction volume.  My understanding is that Gyft uses (or used BitPay) as their payment processor and since 9% of all bitcoin-related transactions last quarter were related to gift cards, it is likely that the lionshare of this “gift card” activity in the power law distribution is represented by just one or two companies (e.g., FoldApp and are a couple potential ones to look at as well).

Startups like Blockseer, Sabr, Coinalytics and Chainalysis have APIs and address labeling that may be able to tell us more about specific merchant/payment processor activity,

Q: Also, are clearnet tx outweighed by darknet tx with bitcoin? Silk Road and other marketplaces were the first use case for bitcoin, but are they still the biggest?

A: According to a new paper (Soska and Christin 2015), if you look at Figure 5 and the discussion involved, prior to Operation Olympus, six large dark net marketplaces collectively accounted for more than $600,000 in sales per day.  It is unclear how much of that activity was expressly illegal, although the paper does attempt to break down the amount of illicit drugs being sold on the same sites.

dark net market volume

Source: Soska and Christin

During the same time frame (most of 2014), volume at payment processors such as BitPay and Coinbase were relatively flat with a few outliers during days with speculative and media frenzies as well as ‘Bitcoin Black Friday.’

As of today it is unclear what activity is the “biggest” — we would need to aggregate all of the dark net marketplaces and compare that with the reused addresses BitPay uses plus the self-disclosed numbers from Coinbase.

In the chart above, illustrating off-chain activity between August 14, 2014 – August 13, 2015, it is also unclear from Coinbase’s number what a “off-chain” transaction is.  Is it only related to merchant activity?  Does it also include movement between users or with cold storage as well?

Therefore based on past historical trends (above) I do not think that “clearnet” or on-chain “licit” activity outweighs illicit transactions.  One darknet market alone — Evolution — processed roughly the same amount of bitcoins last year as BitPay did.

Q: Do you think consumer volumes will change significantly in the next year – what would it take for this to happen?

A: It depends on what we mean by “consumer volume.”  If this includes both illicit and licit activity, sure, maybe.  If it also includes “off-chain” transactions, then yes, probably as well.  But it is important to note you are not using Bitcoin (or bitcoin) when you go off-chain.  The transparency and auditability trail disappears and a user is now reliant on a trusted third party — many of whom in the “Bitcoin space” have a checkered past on financial controls — to protect and secure your privkeys.

I think we have already largely witnessed what the “killer apps” that incentivize increased usage of on-chain bitcoin activity are: censorship-resistant activities.

If the goal of Bitcoin was to provide a censorship-resistant payment processing platform (the word “payment” appears 12 times in the white paper) then it is safe to say that: dark net markets, casino sites, ransomware and other activities that require censorship-resistance and cannot be globally accessed on permissioned networks will continue to attract users towards it.1

It is my view that the following two laws explain the on-chain phenomenon we observe on a regular basis.  Folk law: “Anything that needs censorship-resistance will gravitate towards censorship-resistant systems.”  In contrast is Sams’ law: “Anything that doesn’t need censorship-resistance will gravitate towards non censorship-resistant systems.”

As far as other “apps” such as sites like Zapchain, while boasting growth numbers, appears to recreate a trusted third party system (e.g., facilitate deposit-taking and MSB activities like other hosted wallets) all while simultaneously scraping content from other sites.2

So Buzzfeed, but with bitcoins.

Does it have legs?  Porter Bibb would probably say no.

In closing, one last comment related to real on-chain trade (as opposed to spam-like “long-chain transactions“) is the recent announcement / non-announcement from TigerDirect.  Jorge Stolfi, a computer science professor in Brazil, probably best summarized the nebulous responses from the electronic retailer:

  • How much have you been making in bitcoin payments? “While Expedia has seen a decrease in bitcoin payments, TigerDirect shared a different story.”
  • How many customers are paying with bitcoin? “46 percent of customers purchasing with bitcoin are new users”
  • Sorry, how much did you say you made with bitcoin payments? “the average order placed with bitcoin is 30 percent larger than the average order.”
  • Yes, but, how much are you selling with bitcoin? “TigerDirect sees the highest volume of bitcoin orders during periods of volatility for bitcoin price.”
  • We would really like to know how much, roughly, you are getting from bitcoin payments. “TigerDirect has still seen consistent bitcoin transaction volume.”
  1. According to Kotov and Rajpal, bitcoins are now the most common method of payment for ransomware.  See Understanding Crypto-Ransomware. []
  2. Zapchain uses Coinbase as a wallet provider for deposits — the tipping of transactions is done via via BlockCypher. []
Send to Kindle

What is permissioned-on-permissionless?

As of this writing, more than half of all VC funding to date has gone into building permissioned systems on top of a permissionless network (Bitcoin). Permissioned-on-Permissionless (PoP) systems are an odd hydra, they have all of the costs of Sybil-protected permissionless systems (e.g., high marginal costs) without the benefits of actual permissioned systems (e.g., fast confirmations, low marginal costs, direct customer service).

Thus it is curious to hear some enthusiasts and VCs on social media and at conferences claim that the infrastructure for Bitcoin is being rolled out to enable permissionless activity when the actual facts on the ground show the opposite is occurring.  To extract value, maintain regulatory compliance and obtain an return-on-investment, much of the investment activity effectively recreates many of the same permission-based intermediaries and custodians that currently exist, but instead of being owned by NYC and London entities, they are owned by funds based near Palo Alto.

For example, below are a few quotes over the past 18 months.

In a February 2014 interview with Stanford Insights magazine, Balaji Srinivasan, board partner at Andreessen Horowitz and CEO of 21inc, stated:

Thus, if the Internet enabled permissionless innovation, Bitcoin allows permissionless monetization.

In July 2015, Coinbase announced the winners of its hackathon called BitHack, noting:

The BitHack is important to us because it taps into a core benefit of Bitcoin: permissionless innovation.

Also in July 2015, Alex Fowler, head of business development at Blockstream, which raised $21 million last fall, explained:

At Blockstream, our focus is building and supporting core bitcoin infrastructure that remains permissionless and trustless with all of the security and privacy benefits that flow from that architecture.

Yet despite the ‘permissionless’ exposition, to be a customer of these companies, you need to ask their permission first and get through their KYC gates.

For instance, in Circle’s user agreement they note that:

Without limiting the foregoing, you may not use the Services if (i) you are a resident, national or agent of Cuba, North Korea, Sudan, Syria or any other country to which the United States embargoes goods (“Restricted Territories”), (ii) you are on the Table of Denial Orders, the Entity List, or the List of Specially Designated Nationals (“Restricted Persons”), or (iii) you intend to supply bitcoin or otherwise transact with any Restricted Territories or Restricted Persons.

Is there another way of looking at this phenomenon?

There have been a number of interesting posts in the past week that have helped to refine the terms and definitions of permissioned and permissionless:

Rather than rehashing these conversations, let’s look at a way to define permissionless in the first place.

Permissionless blockchains

permissionless blockchainA couple weeks ago I gave a presentation at the BNY Mellon innovation center and created the mental model above to describe some attributes of a permissionless blockchain.  It is largely based on the characteristics described in Consensus-as-a-service.

DMMS validators are described in the Blockstream white paper.  In their words:

We  observe  that  Bitcoin’s  blockheaders  can  be  regarded  as  an  example  of  a dynamic-membership multi-party signature (or DMMS ), which we consider to be of independent interest as a new type of group signature. Bitcoin provides the first embodiment of such a signature, although this has not appeared in the literature until now. A DMMS is a digital signature formed by a set of signers which has no fixed size.  Bitcoin’s blockheaders are DMMSes because their proof-of-work has the property that anyone can contribute with no enrolment process.   Further,  contribution is weighted by computational power rather than one threshold signature contribution per party, which allows anonymous membership without risk of a Sybil attack (when one party joins many times and has disproportionate input into the signature).  For this reason, the DMMS has also been described as a solution to the Byzantine Generals Problem [AJK05]

In short, there is no gating or authorizing process to enroll for creating and submitting proofs-of-work: theoretically, validating Bitcoin transactions is permissionless.  “Dynamic-membership” means there is no fixed list of signatories that can sign (i.e. anyone in theory can).  “Multi-party” effectively means “many entities can take part” similar to secure multi-party computation.1

Or in other permission-based terms: producing the correct proof of work, that meets the target guidelines, permits the miner (block maker) to have full authority to decide which transactions get confirmed.  In other words, other than producing the proof-of-work, miners do not need any additional buy-in or vetting from any other parties to confirm transactions onto the blockchain. It also bears mentioning that the “signature” on a block is ultimately signed by one entity and does not, by itself, prove anything about how many people or organizations contributed to it.2

Another potential term for DMMS is what Ian Grigg called a Nakamoto signature.

Censorship-resistance, while not explicitly stated as such in the original 2008 white paper, was one of the original design goals of Bitcoin and is further discussed in Brown’s post above as well as at length by Robert Sams.

The last bucket, suitable for on-chain assets, is important to recognize because those virtual bearer assets (tokens) are endogenous to the network.  DMMS validators have the native ability to control them without some knob flipping by any sort of outside entity.  In contrast, off-chain assets are not controllable by DMMS validators because they reside exogenous to the network.  Whether or not existing legal systems (will) recognize DMMS validators as lawful entities is beyond the scope of this post.

Permissionless investments

What are some current examples of permissionless-related investments?

zooko permissionless

Source: Twitter

This past week I was in India working with a few instructors at Blockchain University including Ryan Charles.  Ryan is currently working on a new project, a decentralized version of reddit that will utilize bitcoin.

In point of fact, despite the interesting feedback on the tweet, OB1 itself, the new entity that was formed after raising $1 million to build out the Open Bazaar platform, is permission-based.

How is it permission-based when the DMMS validators are still permissionless?  Because OB1 has noted it will remove illicit content on-demand from regulators.

In an interview with CoinDesk, Union Square Venture managing partner, Brad Burnham stated that:

Burnham acknowledged that the protocol could be used by dark market operators, but stressed the OpenBazaar developers have no interest in supporting such use cases.  “They certainly won’t be in the business of providing enhanced services to marketplaces that are selling illegal goods,” he noted.

Based on a follow-up interview with Fortune, Brian Hoffman, founder of OB1 was less specific and a bit hand-wavy on this point, perhaps we will not know until November when they officially launch (note: Tor support seems to have disappeared from Open Bazaar).

One segment of permissionless applications which have some traction but have not had much (if any) direct VC funding include some on-chain/off-chain casinos (dice and gambling games) and dark net markets (e.g., Silk Road, Agora).  Analysis of this, more illicit segment will be the topic of a future post.

What are some other VC-funded startups that raised at least a Series A in funding, that could potentially be called permissionless?  Based on the list maintained by Coindesk, it appears just one is — ($30.5 million).

Why isn’t Coinbase, Xapo or Circle?  These will be discussed below at length.

What about mining/hashing, aren’t these permissionless activities at their core?

Certain VC funded mining/hashing companies no longer offer direct retail sales to hobbyists, this includes BitFury and KnC Miner.  These two, known entities, through a variety of methods, have filed information about their operations with a variety of regulators.3  To-date BitFury has raised $60 million and it runs its own pool which accounts for about 16% of the network hashrate.  Similarly, KnC has raised $29 million from VCs and also runs its own pool, currently accounting for about 6% of the network hashrate.

What about other pools/block makers?  It appears that in practice, some require know-your-customer (KYC), know-your-business (KYB), know-your-miner (KYM) and others do not (e.g., selling custom-made hardware anonymously can be tricky).

  • MegaBigPower gathers KYC information.
  • Spondoolies Tech is currently sold out of their hardware but require some kind of customer information to fill out shipping address and customs details.  They have raised $10.5 million in VC funding.
  • GHash allows you to set up a pseudonymous account with throwaway email addresses (or via Facebook and Google+), but they have not published if they raised any outside funding
  • Most Chinese hashing and mining pools are privately financed.  For instance, Bitmain has not needed to raise funding from VCs (yet).  The also, currently, do not perform KYC on their users.  I spoke with several mining professionals in China and they explained that none of the big pools (Antpool, F2pool, BTC China pool, require KYM at this time.  Over the past four days, these pools accounted for: 21%, 17%, 10% and 8% of the network hashrate respectively — or 56% altogether.  Update 7/29/2015: a representative at BTC China explained that: “Yes, we do KYC the members of our mining pool. We verify them the same way we KYC all registered users on BTCC.”
  • 21inc, not much more is known publicly at this time but if the idea of a “BitSplit” chip is correct, then what could happen is the following: as more chips are flipped on in devices, the higher the difficulty level rises (in direct proportion to the hashrate added).  As a result, the amount of satoshi per hash declines over time in these devices.  What this likely will lead to is a scenario in which the amount of satoshi mined by a consumer device will be less than “dust limit” which means a user will likely be unable to move the bitcoins off of the pool without obtaining larger amounts of bitcoin first (in order to pay the transaction fee).  Consequently this could mean the users will need to rely on the services provided by the pool, which could mean that the pool will need to become compliant with KYC/AML regulations.  All of this speculation at this time and is subject to changes.  They have received $121 million in VC funding.
  • As explained above, while individual buyers of hashing equipment, Bob and Alice, do typically have to “doxx” themselves up to some level, both Bob and Alice can resell the hardware on the second-hand market without any documentation.  Thus, some buyers wanting to pay a premium for hashing hardware can do so relatively anonymously through middlemen.4  This is similar to the “second-hand” market for bitcoins too: bitcoins acquired via KYC’ed gateways end up on and sold at a premium to those wanting to buy anonymously.

Notice a pattern?  There is a direct correlation between permissionless platforms and KYC/AML compliance (i.e., regulated financial service businesses using cryptocurrencies are permissioned-on-permissionless by definition). attempts to skirt the issue by marketing themselves as a software platform and for the fact that they do not directly control or hold private keys.5

This harkens back to what Robert Sams pointed out several months ago, that Bitcoin is a curious design indeed where in practice many participants on the network are now known, gated and authenticated except the transaction validators.

What about permissioned-on-permissionless efforts from Symbiont, Chain and NASDAQ?  Sams also discussed this, noting that:

Now, I am sure that the advocates of putting property titles on the bitcoin blockchain will object at this point. They will say that through meta protocols and multi-key signatures, third party authentication of transaction parties can be built-in, and we can create a registered asset system on top of bitcoin. This is true. But what’s the point of doing it that way? In one fell swoop a setup like that completely nullifies the censorship resistance offered by the bitcoin protocol, which is the whole raison d’etre of proof-of-work in the first place! These designs create a centralised transaction censoring system that imports the enormous costs of a decentralised one built for censorship-resistance, the worst of both worlds.

If you are prepared to use trusted third parties for authentication of the counterparts to a transaction, I can see no compelling reason for not also requiring identity authentication of the transaction validators as well. By doing that, you can ditch the gross inefficiencies of proof-of-work and use a consensus algorithm of the one-node-one-vote variety instead that is not only thousands of times more efficient, but also places a governance structure over the validators that is far more resistant to attackers than proof-of-work can ever be.

This phenomenon is something I originally dubbed “permissioned permissionlessness” for lack of a better term, but currently think permissioned-on-permissionless is more straightforward and less confusing.

What does this mean?


PoP blockchainThe Venn diagram above is another mental model I used at the BNY Mellon event.

As mentioned 3 months ago, in practice most block makers (DMMS validators) are actually known in the real world.

While the gating process to become a validator is still relatively permissionless (in the sense that no single entity authorizes whether or not someone can or cannot create proofs-of-work), the fact that they are self-identifying is a bit ironic considering the motivations for building this network in the first place: creating an ecosystem in which pseudonymous and anonymous interactions can take place:

The first rule of cypherpunk club is, don’t tell anyone you’re a cypherpunk.  The first rule of DMMS club is, don’t tell anyone you’re a DMMS.

The second bucket, neither censorship resistant nor trade finality, refers to the fact that large VC funded companies like Coinbase or Circle not only require identification of its user base but also be censor their customers for participating in trading activity that runs afoul of their terms of service.  Technically speaking, on-chain trade finality hurdles refers to bitcoin transactions not being final (due to a block reorg, a longer chain can always be found, undoing what you thought was a confirmed transaction).  This has happened several times, including notably in March 2013.

For instance, in Appendix 1: Prohibited Businesses and Prohibited Use, Coinbase lays out specific services that it prohibits interaction with, including gambling.  For example, about a year ago, users from Seals with Clubs and other dice/gambling sites noticed that they were unable to process funds from these sites through Coinbase and vice versa.

brian armstrong coinbase

Source: Twitter

The tweet above is from Brian Armstrong is the CEO of Coinbase, which is the most well-funded permissioned-on-permissionless startup in the Bitcoin ecosystem.  For its users, there is nothing permissionless about Bitcoin as they actively gate who can and cannot be part of their system and black list/white list certain activities, including mining (hashing) itself.6  It is not “open” based on common usage of the word.

In other words, contrary to what some Coinbase executives and investors claim, in an effort to extract value in a legally palatable manner, they must fulfill KYC/AML requirements and in doing so, effectively nullify the primary utility of a permissionless network: permissionlessness.  Furthermore, Coinbase users do not actually use Bitcoin for most transactions as they do not control the privkey, Coinbase does.  Coinbase users are not using Bitcoin on Coinbase, they are using an internal database.7 Or to use the marketing phrase: you are not your own bank, Coinbase is — which leads to a bevy of regulatory compliance questions beyond the scope of this post.8 However, once your bitcoins are out of Coinbase and into your own independent wallet where you control the private key, then you get the utility of the permissionless platform once more.

What are other permissioned-on-permissionless platforms?  Below are twenty-seven different companies that have raised at least a Series A (figures via CoinDesk) in alphabetical order:

  • ($4 million)
  • BitGo: ($14 million)
  • BitGold: ($5.3 million)
  • Bitnet: ($14.5 million)
  • BitPay: ($32.5 million)
  • Bitreserve: ($14.6 million)
  • Bitstamp: ($10 million)
  • BitX: ($4.82 million)
  • BTC China ($5 million)
  • ChangeTip: ($4.25 million)
  • Chain: ($13.7 million)9
  • Circle: ($76 million)
  • Coinbase: ($106 million)
  • Coinplug: ($3.3 million)
  • Coinsetter: ($1.9 million)
  • Cryex: ($10 million)
  • GoCoin: ($2.05 million)
  • Huobi ($10 million)
  • itBit: ($28.25 million)
  • Korbit: ($3.4 million)
  • Kraken: ($6.5 million)
  • Mirror, formerly Vaurum: ($12.8 million)
  • OKCoin: ($11 million)
  • Ripple Labs ($37 million)
  • Vogogo ($21 million)
  • Xapo: ($40 million)

Altogether this amounts to around $492 million, which is more than half of the $855 million raised in the overall “Bitcoin space.”

What do these all have in common again?  Most are hosted wallets and exchanges that require KYC/AML fulfillment for compliance with regulatory bodies.  They require users to gain permission first before providing a service.

pie chart bitcoin fundingThe chart above visualizes funding based on the schema’s explored in this post.  Based on a total venture capital amount of $855 million, in just looking at startups that have received at least a Series A, 57.5% or $492 million has gone towards permissioned-on-permissionless systems.  An additional $224 million, or 26.1% has gone towards mining and hashing.10

Permissionless-on-permissionless includes, ShapeShift, Hive, Armory and a sundry of other seed-stage startups that collectively account for around $50 million or 5.8% altogether.  The remaining 10.6% include API services such as Gem and BlockCypher; hardware wallets such as Case and Ledger; and analytic services such as Tradeblock.  In all likelihood, a significant portion of the 10.6% probably is related to permissioned-on-permissionless (e.g., Elliptic, Align Commerce, Bonafide, Blockscore, Hedgy, BitPagos, BitPesa) but they have not announced a Series A (yet) so they were not included in the “blue” portion.

Ripple Labs

Why is Ripple Labs on that funding list above?  While Ripple is not directly related to Bitcoin, it is aggregated on the funding list by CoinDesk.

Is it permissioned or permissionless?  A few weeks ago I met with one of its developers, who said in practice, the validator network is effectively permissionless in that anyone can run a validator and that Ripple Labs validators will process transactions that include XRP.11

This past week, Thomas Kelleher tried to outline how Ripple Labs is some kind of “third way” system, that uses ‘soft permissions’ in practice.  There may be a case for granular permissions on a permissionless network, but it did not coherently arise in that piece.

For example, in early May, Ripple Labs announced that it had been fined by FinCEN for not complying with the BSA requirements by failing to file suspicious activity reports (SARs), including notably, on Roger Ver (who did not want to comply with its KYC requests).

In addition to the fine, Ripple Labs also implemented a new identification gathering process for KYC compliance, stating:

The Ripple network is an open network. No one, including Ripple Labs, can prevent others from using or building on the Ripple protocol as they desire. However, when Ripple Labs provides software, such as the Ripple Trade client, Ripples Labs may impose additional requirements for the use of the software. As such, Ripple Labs will require identification of Ripple Trade account holders.

We will ask you to submit personally identifiable information (PII) similar to what you would submit to open a bank account, such as full name, address, national ID number, and date of birth. Users may also be asked to upload their driver’s license or other identifying documents. We will use this information to verify your identity for compliance purposes. We take privacy seriously, so the information you provide during the customer identification process is encrypted and managed by Ripple Trade’s Privacy Policy.

In other words, Ripple Labs was just fined by FinCEN for doing the very thing that Kelleher wants you to believe he is not required to do.   All new Ripple Labs-based “wallets” (Ripple Trade wallets) require user info — this likely means they can control, suspend and block accounts.12  All eight of the main Ripple gateways are also obliged to gather customer information.  The current lawsuit between Jed McCaleb and Ripple Labs, over the proceeds of $1 million of XRP on Bitstamp, will probably not be the last case surrounding the identification and control of such “wallet” activity (e.g., specific XRP flagged).

Thus, while the Ripple network started out as permissionless, it could likely become permissioned at some point due to compliance requirements.  Why?  If you download and install rippled, in practice you are going to use the default settings which rely on Ripple Labs core nodes. In practice, “choose your own” means “choose the default” for 99% percent of its users, ergo Ripple Labs sets the defaults.13 In a paper recently published by Peter Todd, he explained there is no game theoretic advantage to selecting non-default configurations which were not discussed in Kelleher’s essay.

Bob cannot choose his own rules if he has to follow compliance from another party, Ripple Labs. The UNL set may converge on an explicit policy as nodes benefit from not letting other nodes validate (they can prioritize traffic).14

I reached out to Justin Dombrowski, an academic who has spent the past year independently studying different ledger systems for a variety of organizations.  In his view:

I have a hard time thinking of Ripple as anything but plain permissioned because I have a hard time thinking of a realistic circumstance under which an active user wouldn’t also have an account subject to KYC, or be indirectly connected to one. Sure, I can run a node for the purpose of experimenting with some Ripple app I’m developing, but at the end of the day I expect to be payed for that app. And I could mine for free—and yeah, in that case the network is permissionless for me—but that’s a atypical, trivial example I’d think. Ripple is theoretically permissionless, but practically not because incentives align only with permissioned uses.

As Dombrowski noted, things get taxonomically challenging when a company (Ripple Labs) also owns the network (Ripple) and has to begin complying with financial service regulations.  This trend will likely not change overnight and until it explicitly occurs, I will probably continue to put an asterisk next to its name.

Challenges for DMMS validators in a permissioned-on-permissionless world

Over the past month, I have been asked a number of questions by managers at financial institutions about using public / communal chains as a method for transferring value of registered assets.

For instance, what happens if Bank A pays a fee to a Bitcoin or Litecoin miner/mining pool in a sanctioned country (e.g., EBA concerns in July 2014)?

In February 2015, according to a story published by Free Beacon, Coinbase was on “the hot seat” for explicitly highlighting this use-case in an older pitch deck because they stated: “Immune to country-specific sanctions (e.g. Russia-Visa)” on a slide and then went on to claim that they were compliant with US Treasury and NY DFS requirements.

Another question I have been asked is, what if the Bitcoin or Litecoin miner that processes transactions for financial institutions (e.g., watermarked tokens) also processes transactions for illicit goods and services from dark net markets?  Is there any liability for a financial institution that continues to use this service provider / block maker?

Lastly, how can financial institutions identify and contact the miner/mining pool in the event something happens (e.g., slow confirmation time, accidentally sent the wrong instruction, double-spend attempt, etc.)?  In their view, they would like to be able to influence upgrades, governance, maintenance, uptime (i.e., typical vendor relationship).


In the Consensus-as-a-service report I used the following chart showing trade-offs:permissioned tradeoffsI also used the following diagram to illustrate the buckets of a permissioned blockchain:

permissioned chainsRecall that the term “mintette” was first used by Ben Laurie in his 2011 paper describing known, trusted validators and was most recently used in Meiklejohn (2015).

The general idea when I published the report several months ago was that permissionless-on-permissioned (what effectively what Ripple sits) is untenable in the long-run: due to regulatory pressure it is impossible to build a censorship-resistant system on top of a permissioned network.

Ryan Shea pointed this out in his recent piece, noting that:

Permission-ed blockchains are useful for certain things but they are limited in what they can do. Fully decentralized, permission-less, censorship-resistant applications CANNOT be built on them, which for many is a deal-breaker.

What does this mean for your business or organization?  Before deciding what system(s) to use, it is important to look at what the organizations needs are and what the customer information requirements are.


As explored above, several startups and VC funds have unintentionally turned an expensive permissionless system into a hydra gated permissioned network without the full benefits of either.  If you are running a ledger between known parties who abide by government regulations, there is no reason to pay the censorship-resistance cost.  Full stop.15

fixing bitcoin

[The optics of permissioned-on-permissionless]

Most efforts for “legitimizing” or “fixing” Bitcoin involves counteracting features of Bitcoin that were purposefully designed such that it enables users to bypass third parties including governmental policies and regulations.  Businesses and startups have to fight to turn Bitcoin into something it isn’t, which means they are both paying to keep the “naughty” features and paying to hide them.  For example, if Satoshi’s goal was to create a permissioned system that interfaces with other permissioned systems, he would likely have used different pieces — and not used proof-of-work at all.

The commercial logic of this (largely) VC-backed endgame seems to be: “privatize” Bitcoin through a dozen hard forks (the block size fork is the start of this trend that could also change the 21 million bitcoin hard-cap).16

It seems increasingly plausible that some day we may see a fork between the “permissionless-on-permissionless” chain (a non-KYC’ed chain) and the “permissioned-on-permissionless” chain (a fully KYC’ed chain) — the latter comprising VC-backed miners, hosted wallets, exchanges and maybe even financial institutions (like NASDAQ).  The motivations of both are progressively disparate as the latter appears uninterested in developer consensus (as shown by the special interest groups wanting to create larger blocks today by ignoring the feedback from the majority of active core developers and miners).  At that point, there is arguably minimal-to-no need for censorship resistance because users and miners will be entirely permissioned (i.e. known by/to participating institutions and regulators).

When drilling down, some of the permissioned-on-permissionless investment appears to be a sunk cost issue: according to numerous anecdotes several of these VCs apparently are heavily invested in bitcoins themselves so they double down on projects that use the Bitcoin network with the belief that this will create additional demand on the underlying token rather than look for systems that are a better overall fit for business use-cases.17

This raises a question: is it still Bitcoin if it is forked and privatized?   It seems that this new registered asset is best called Bitcoin-in-name-only, BINO, not to be confused with bitcoin, the bearer asset.18

If the end game for permissionless systems is one in which every wallet has to be signed by something KYC/KYB approved, it appears then that this means there would be a near total permissioning of the ledger.  If so, why not use a permissioned ledger instead for all of the permissioned activity?

The discussion over centralized versus institutionalized will also be discussed in a future post.

[Acknowledgements: thanks to Richard Apodaca, Anton Bolotinsky, Arthur Breitman, Richard Brown, Dustin Byington, Justin Dombrowski, Thomas Kelleher, Yakov Kofner, Antony Lewis and John Whelan for their feedback.]


  1. See Does Smart Contracts == Trustless Multiparty Monetary Computation? []
  2. Thanks to Richard Brown for this insight. []
  3. In raising funds, they have “doxxed” themselves, providing information about founders and management including names and addresses.  They are no longer pseudonymous. []
  4. Thanks to Anton Bolotinsky for this insight. []
  5. Are there any other non-mining projects that are VC funded projects that do not require KYC?  A few notable examples include ShapeShift (which de-links provenance and does not require KYC from its users) and wallets such as Hive and Armory.  All three of these are seed-stage. []
  6. For more about know-your-miner and source of funds, see The flow of funds on the Bitcoin network in 2015 []
  7. Perhaps this will change in the future.  Coinbase users can now send funds both on-and-off-chain in a one-click manner. []
  8. Learning from the past to build an improved future of fintech and Distributed Oversight: Custodians and Intermediaries []
  9. Chain is working with NASDAQ on its new issuance program which requires KYC compliance.  In contrast, I created a new account for their API product today and it did not require any KYC/KYB. []
  10. See What impact have various investment pools had on Bitcoinland?  It bears mentioning that BitFury raised an additional $20 million since that post, bringing the publicly known amount to around $224 million. []
  11. Visited on July 2, 2015 []
  12. Using similar forensics and heuristics from companies like Chainalysis and Coinalytics, Ripple Labs and other organizations can likely gather information and data on Ripple users prior to the April 2015 announcement due to the fact that the ledger is public. []
  13. Two years ago, David Schwartz, chief cryptographer at Ripple Labs, posted an interesting comment related to openness and decentralization on The Bitcoin Foundation forum. []
  14. Thanks to Jeremy Rubin and Roberto Capodieci for their feedback. []
  15. Thanks to Arthur Breitman for this insight. []
  16. Thanks to Robert Sams for this insight. []
  17. Richard Apodaca, author of the forthcoming Decoding Bitcoin book, has another way of looking at VCs purchasing bitcoins, that he delves into on reddit twice. []
  18. One reviewer suggested that, “this would cease being bitcoin if the measuring stick is what Satoshi wanted.” []
Send to Kindle

Buckets of Permissioned, Permissionless, and Permissioned Permissionlessness Ledgers

A few hours ago I gave the following presentation to Infosys / Finacle in Mysore, India with the Blockchain University team.  All views and opinions are my own and do not represent those of either organization.

Send to Kindle

Learning from the past to build an improved future of fintech

[Note: below is a slightly edited speech I gave yesterday at a banking event in Palo Alto.  This includes all of the intended legalese, some of which I removed in the original version due to flow and time.  Special thanks to Ryan Straus for his feedback.  The views below are mine alone and do not represent those of any organization or individual named.]

Before we look to the future of fintech, and specifically cryptocurrencies and distributed ledgers, let’s look at the most recent past.  It bears mentioning that as BNY Mellon is the largest custodial bank in the world, we will see the importance of reliable stewardship in a moment below.

In January 2009 an unknown developer, or collective of developers, posted the source code of Bitcoin online and began generating blocks – batches of transactions – that store and update the collective history of Bitcoin: a loose network of computer systems distributed around the globe.

To self-fund its network security, networks like Bitcoin create virtual “bearer assets.” These assets are automatically redeemable with the use of a credential.  In this case, a cryptographic private key.  From the networks point of view, possession of this private key is the sole requirement of ownership.  While the network rules equivocate possession and control, real currency – not virtual currency – is the only true bearer instrument.  In other words, legal tender is the only unconditional exception to nemo dat quod non habet – also known as the derivative principal – which dictates that one cannot transfer better title than one has.

Several outspoken venture investors and entrepreneurs in this space have romanticized the nostalgia of such a relationship, of bearer assets and times of yore when a “rugged individual” can once again be their own custodian and bank.1 The sentimentality of a previous era when economies were denominated by precious metals held – initially not by trusted third parties – but by individuals, inspired them to invest what has now reached more than $800 million in collective venture funding for what is aptly called Bitcoinland.

Yet, the facts on the ground clearly suggests that this vision of “everyone being their own bank” has not turned into a renaissance of success stories for the average private key holder.  The opposite seems to have occurred as the dual-edged sword of bearer instruments have been borne out.  At this point, it is important to clearly define our terms.  The concepts of “custody” and “deposit” are often conflated.  While the concepts are superficially similar, they are very different from a legal perspective.  Custody involves the transfer of possession/control.  A deposit, on the other hand, occurs when both control and title is transferred.

Between 2009 and early 2014, based on public reports, more than 1 million bitcoins were lost, stolen, seized and accidentally destroyed.2 Since that time, several of the best funded “exchanges” have been hacked or accidentally sent bitcoins to the wrong customer.  While Mt. Gox, which may have lost 850,000 bitcoins itself, has attracted the most attention and media coverage – rightfully so – there is a never ending flow of unintended consequences from this bearer duality.3

For instance, in early January 2015, Bitstamp – one of the largest and oldest exchanges – lost 19,000 bitcoins due to social engineering and phishing via Gmail and Skype on its employees including a system administrator.4 Four months later, in May, Bitfinex, a large Asian-based exchange was hacked and lost around 1,500 bitcoins.5 In another notable incident, last September, Huobi, a large Bitcoin exchange in Beijing accidentally sent 920 bitcoins and 8,100 litecoins to the wrong customers.6  And ironically, because transactions are generally irreversible and the sole method of control is through a private key they no longer controlled them: they had to ask for the bitcoins back and hope they were returned.

A study of 40 Bitcoin exchanges published in mid-2013 found that at that time 18 out of 40 – 45% — had closed doors and absconded with some portion of customer funds.7 Relooking at that list today we see that about another five have closed in a similar manner.  All told, at least 15% if not higher, of Bitcoin’s monetary base is no longer with the legitimate owner.  Can you imagine if a similar percentage of real world wealth or deposits was dislocated in the same manner in a span of 6 years?8

In many cases, the title to this property is encumbered, leading to speculation that since many of these bitcoins are intermixed and pooled with others, a large percentage of the collective monetary base does not have clean title, the implications of which can be far reaching for an asset that is not exempted from nemo dat, it is not fungible like legal tender.9

As a consequence, because people in general don’t trust themselves with securing their own funds, users have given – deposited – their private keys with a new batch of intermediaries that euphemistically market themselves as “hosted wallets” or “vaults.” What does that look like in the overall scheme?  These hosted wallets, such as Coinbase and Xapo, have collectively raised more than $200 million in venture funding, more than a quarter of the aggregate funding that the whole Bitcoin space has received. Simultaneously, the new – often unlicensed – parties collectively hold several million bitcoins as deposits; probably 25-30% of the existing monetary base.10 Amazingly, nobody is actually certain whether a “hosted wallet” is a custodian of a customers bitcoin or acquired title to the bitcoin and is thus a depository.

Yet, in recreating the same financial intermediaries that they hoped to replace – in turning a bearer asset into a registered asset – some Bitcoin enthusiasts have done so in fashion that – as described earlier – has left the system ripe for abuse.  Whereas in the real world of finance, various duties are segregated via financial controls and independent oversight.11 In the Bitcoin space, there have been few financial controls.  For example, what we call a Bitcoin exchange is really a broker-dealer, clearinghouse, custodian, depository and an exchange rolled into one house which has led to theft, tape painting, wash trading, and front-running.12 All the same issues that led to regulatory oversight in the financial markets in the first place.

And while a number of the better funded and well-heeled hosted wallets and exchanges have attempted to integrate “best practices” and even third-party insurance into their operation, to date, there is only one Bitcoin “vault” – called Elliptic — that has been accredited with meeting the ISAE 3402 custodial standard from KPMG. Perhaps this will change in the future.

But if the point of the Bitcoin experiment, concept, lifestyle or movement was to do away or get away from trusted third parties, as described above, the very opposite has occurred.

What can be learned from this?  What were the reasons for institutions and intermediation in the first place?  What can be taken away from the recent multi-million dollar educational lesson?

We have collectively learned that a distributed ledger, what in Bitcoin is called a blockchain, is capable of clearing and settling on-chain assets in a cryptographically verifiable manner, in near-real time all with 100% uptime because its servers – what are called validators – are located around the world.  As we speak just under sixty four hundred of these servers exist, storing and replicating the data so that availability to any one of them is, in theory, irrelevant.13

Resiliency, accountability and transparency, what’s not to like?  Why wouldn’t financial institutions want to jump on Bitcoin then, why focus on other distributed ledger systems?

One of the design assumptions in Bitcoin is that its validators are unknown and untrusted – that there is no gating or vetting process to become a validator on its open network.  Because it is purposefully expensive and slow to produce a block that the rest of the network will regard as valid, in theory, the rest of the network will reject your work and you will have lost your money.  Thus, validators, better technically referred to as a block maker, attempt to solve a benign math problem that takes on average about 10 minutes to complete with the hope of striking it rich and paying their bills. There are exceptions to this behavior but that is a topic for another time.14

The term trust or variation thereof appears 13 times in the final whitepaper.  Bitcoin was designed to be a solution for cypherpunks aiming to minimize trust-based relationships and mitigate the ability for any one party to censor or block transactions. Because validators are unknown and untrusted, to protect against history-reversing attacks, Bitcoin was purposefully designed to be inefficient.15 That is to say attackers must expend real world resources, energy, to disrupt or rewrite history.  The theory is that this type of economic attack would stave off all but the most affluent nation-state actors; in practice this has not been the case, but that again is a topic for another speech.

Thus Bitcoin is perhaps the world’s first, commodity-based censorship resistance-as-a-service.  To prevent attackers on this communal network from reversing or changing transactions on a whim, an artificially expensive anti-Sybil mechanism was built in dubbed “proof of work” – the 10 minute math problem.  Based on current token value, the cost to run this network is roughly $300 million a year and it scales in direct proportion to the bitcoin market price.16

Thus there are trade-offs that most financial institutions specifically would not be interested in.

Why you may ask?

Because banks already know their customers, staff and partners. Their counterparties and payment processors are all publicly known entities with contractual obligations and legal accountability.  Perhaps more importantly, the relationship created between an intermediary and a customer is clear with traditional financial instruments.  For example, when you deposit money in your bank account, you know (or should know) that you are trading your money for an IOU from the bank.17 On the other hand, when you place money in a safe deposit box you know (or should know) that you retain title to the subject property.  This has important considerations for both the customer and intermediary.  When you trade your money for an IOU, you are primarily concerned with the financial condition of the intermediary.  However, when you retain title to an object held by somebody else, you care far more about physical and logical security.

As my friend Robert Sams has pointed out on numerous occasions, permissionless consensus as it is called in Bitcoin, cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack as it rests on economics, not technology.18 Bitcoin is a curious design indeed where in practice many participants on the network are now known, gated and authenticated except the transaction validators.  Why use expensive proof-of-work at all at this point if that is the case?  What is the utility of turning a permissionless system into a permissioned system, with the costs of both worlds and the benefits of neither?

But lemonade can still be squeezed from it.

Over the past year more than a dozen startups have been created with the sole intent to take parts of a blockchain and integrate their utility within financial institutions.19 They are doing so with different design assumptions: known validators with contractual terms of service. Thus, just as PGP, SSL, Linux and other open source technology, libraries and ideas were brought into the enterprise, so too are distributed ledgers.

Last year according to Accenture, nearly $10 billion was invested in fintech related startups, less than half of one percent of which went to distributed ledger-related companies as they are now just sprouting.20

What is one practical use?  According to a 2012 report by Deutsche Bank, banks’ IT costs equal 7.3% of their revenues, compared to an average of 3.7% across all other industries surveyed.21)  Several of the largest banks spend $5 billion or more in IT-related operating costs each year.  While it may sound mundane and unsexy, one of the primary use cases of a distributed ledger for financial institutions could be in reducing the cost centers throughout the back office.

For example, the settlement and clearing of FX and OTC derivatives is an oft cited and increasingly studied use case as a distributed ledger has the potential to reduce counterparty and systemic risks due to auditability and settlement built within the data layer itself.22

How much would be saved if margining and reporting costs were reduced as each transaction was cryptographically verifiable and virtually impossible to reverse? At the present time, one publicly available study from Santander estimates that “distributed ledger technology could reduce banks’ infrastructure costs attributable to cross-border payments, securities trading and regulatory compliance by between $15-20 billion per annum by 2022.”23

With that said, in its current form Bitcoin itself is probably not a threat to retail banking, especially in terms of customer acquisition and credit facilities.  For instance, if we look at on-chain entities there are roughly 370,000 actors.  If the goal of Bitcoin was to enable end-users to be their own bank without any trusted parties, based on the aggregate VC funding thus far, around $2,200 has been spent to acquire each on-chain user all while slowly converting a permissionless system into a permissioned system, but with the costs of both.24

That’s about twice as much as the average bank spends on customer acquisition in the US.  While there are likely more than 370,000 users at deposit-taking institutions like Coinbase and Xapo, they neither disclose the monthly active users nor are those actual Bitcoin users because they do not fully control the private key.

If we were to create a valuation model for the bitcoin network (not the price of bitcoins themselves), the network would be priced extremely rich due to the wealth transfer that occurs every 10 minutes in the form of asset creation.  The network in this case are miners, the block makers, who are first awarded these bearer instruments.

How can financial institutions remove the duplicative cost centers of this technology, remove this $300 million mining cost, integrate permissioned distributed ledgers into their enterprise, reduce back office costs and better serve their customers?

That is a question that several hundred business-oriented innovators and financial professionals are trying to answer and we will likely know in less time it took Bitcoin to get this far.

Thanks for your time.


  1. Why Bitcoin Matters by Marc Andreessen []
  2. Tabulating publicly reported bitcoins that were lost, stolen, seized, scammed and accidentally destroyed between August 2010 and March 2014 amounts to 966,531 bitcoins. See p. 196 in The Anatomy of a Money-like Informational Commodity []
  3. Mt. Gox files for bankruptcy, hit with lawsuit from Reuters []
  4. Bitstamp Incident Report []
  5. Bitfinex Warns Customers to Halt Deposits After Suspected Hack from CoinDesk []
  6. Why One Should Think Twice Before Trading On The Bitcoin Exchanges from Forbes []
  7. See Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk by Tyler Moore and Nicolas Christin []
  8. This has occurred during times of war.  See The Monuments Men []
  9. Bitcoin’s lien problem from Financial Times and Uniform Commercial Code and Bitcoin with Miles Cowan []
  10. Based on anecdotal conversations both Coinbase and Xapo allegedly, at one point stored over 1 million bitcoins combined. See also: Too Many Bitcoins: Making Sense of Exaggerated Inventory Claims []
  11. See Distributed Oversight: Custodians and Intermediaries []
  12. See Segregation of Duties in the CEWG BitLicense comment []
  13. See Bitnodes []
  14. See Majority is not Enough: Bitcoin Mining is Vulnerable from Ittay Eyal and Emin Gün Sirer []
  15. See Removing the Waste from Cryptocurrencies: Challenges and More Challenges by Bram Cohen and Cost? Trust? Something else? What’s the killer-app for Block Chain Technology? by Richard Brown []
  16. See Appendix B []
  17. See A Simple Explanation of Balance Sheets (Don’t run away… it’s interesting, really!) by Richard Brown []
  18. Needing a token to operate a distributed ledger is a red herring []
  19. See The Distributed Ledger Landscape and Consensus-as-a-service []
  20. Fintech Investment in U.S. Nearly Tripled in 2014 from Accenture []
  21. IT in banks: What does it cost? from Santander []
  22. See No, Bitcoin is not the future of securities settlement by Robert Sams []
  23. The Fintech 2.0 Paper: rebooting financial services from Santander []
  24. One notable exception are branchless banks such as Fidor which is expanding globally and on average spends about $20 per customer.  See also How much do you spend on Customer Acquisition? Are you sure? []
Send to Kindle

A blockchain with emphasis on the “a”

Over the past month a number of VCs including Chris Dixon and Fred Wilson use the term “the blockchain” in reference to Bitcoin, as if it is the one and only blockchain.1

There are empirically, many blockchains around.  Some of them do not involve proof-of-work, some of them are not even cryptocurrencies.  Yet despite this, Dixon blocked Greg Slepak on Twitter (creator of okTurtles and DNSChain) for pointing that out just a couple weeks ago.

But before getting into the weeds, it is worth reflecting on the history of both virtual currencies and cryptocurrencies prior to Bitcoin.

The past

Below are several notable projects that pre-date the most well-known magic internet commodity.

  • DigiCash (1990)
  • e-gold (1996)
  • WebMoney (1998)
  • PayPal (1998) “Bitcoin is the opposite of PayPal, in the sense that it actually succeeded in creating a currency.”  — Peter Thiel
  • Beenz (1998)
  • Flooz (1999)
  • Liberty Reserve (2006)
  • Frequent flyer points / loyalty programs
  • WoW gold, Linden Dollars, Nintendo Points, Microsoft Points

According to an excellent article written a couple years ago by Gwern Branwen:

Bitcoin involves no major intellectual breakthroughs, so Satoshi need have no credentials in cryptography or be anything but a self-taught programmer! Satoshi published his whitepaper May 2009, but if you look at the cryptography that makes up Bitcoin, they can basically be divided into:

  • Public key cryptography
  • Cryptographic signatures
  • Cryptographic hash functions
  • Hash chain used for proof-of-work
    • Hash tree
    • Bit gold
  • cryptographic time-stamps
  • resilient peer-to-peer networks

And what were the technological developments, tools and libraries that spearheaded those pieces?  According to Branwen:

  • 2001: SHA-256 finalized
  • 1999-present: Byzantine fault tolerance (PBFT etc.)
  • 1999-present: P2P networks (excluding early networks like Usenet or FidoNet; MojoNation & BitTorrent, Napster, Gnutella, eDonkey, Freenet, i2p etc.)
  • 1998: Wei Dai, B-money
  • 1997: HashCash; 1998: Nick Szabo, Bit Gold; ~2000: MojoNation/BitTorrent; ~2001-2003, Karma, etc
  • 1992-1993: Proof-of-work for spam
  • 1991: cryptographic timestamps
  • 1980: public key cryptography
  • 1979: Hash tree

Other prior art can be found in The Ecology of Computation from Huberman.2 One open question for permissionless systems is whether or not a blockchain is a blockchain if it is neither proof-of-work-based or proof-of-stake-based (“Cow system” in Bram Cohen’s terminology).  But that’s a topic for another post.

The present

About two weeks ago, /r/bitcoin learned that Bitcoin was not the creator of all this fundamental technology.  That indeed, there were over 30 years of academic corpus that cumulatively created the system we now call “a blockchain,” in this case, Nakamoto consensus.  And this has spawned a sundry of other experiments and projects that have since been kickstarted.

For example:

  • CoinMarketCap currently tracks 592 cryptocurrencies / 59 assets
  • CoinGecko tracks 225 cryptocurrencies/assets
  • Ray Dillinger’s “Necronomicon” includes over 100 dead altcoins
  • Map of Coins is currently tracking 686 derivatives of various cryptocurrencies; this includes all hashing functions (e.g., scrypt, X11, X13) and includes existing and defunct chains
  • These are just publicly known blockchains and there are likely dozens if not hundreds of private trials, proof of concepts in academia, institutions and from hobbyists (e.g., Citibank announced in July 2015 that it was testing out three blockchains with a “Citicoin” to better understand use-cases)

So it appears that there are more than one in the wild.

Yet, a couple weeks ago Fred Wilson wrote that:

If you think of the blockchain as an open source, peer to peer, massively distributed database, then it makes sense for the transaction processing infrastructure for it to evolve from individuals to large global corporations. Some of these miners will be dedicated for profit miners and some of them will be corporations who are mining to insure the integrity of the network and the systems they rely on that are running on it. Banks and brokerage firms are the obvious first movers in the second category.

He later clarified in the comments and means the Bitcoin blockchain, not others.

One quibble is that transaction processing is not clearly defined relative to hashing.  Today, bitcoin transactions are actually processed by very small, non-powerful computers (even a Raspberry Pi).

What about the pictures with entire rooms filled with computers?  Why does it cost so much to run a hashing farm then?

Because of the actual workhorse of the network: ASICs designed to generate proofs-of-work.  These hashing systems do not do any transaction processing, in fact, they cannot even run a Bitcoin client on them.3

Tangentially William Mougayar, investor and author, stated the following in the AVC thread:

Only trick is that mining is not cheap initially, and the majority is done in China. It presents an interesting energy challenge: you need lots of electricity to run the computers, but also to keep them cool. So, if you’re using solar you still need to cool them. And if you put them in cool climates like near the north pole, there is no solar. Someone needs to solve that equation.

Mining cannot be made “cheaper” otherwise the network becomes cheaper to attack.

In fact, as Bram Cohen mentioned last week, “energy efficient” proofs-of-works is a contradiction in terms.

Thus, there is no “equation to solve.”  In the long run, miners will bid up the marginal costs to which they equal the marginal value (MC=MV) of a bitcoin in the long run.  We see this empirically, there is no free lunch.  If hashing chips somehow became 50% more efficient, hashing farms just add 50% more of them — this ratcheting effect is called the Red Queen effect and this historically happens in a private seigniorage system just as it does in proof-of-work cryptocurrencies.4

organ proportionalismAs shown in the chart above, hashrate follows price; the amount of resources expended (for proof-of-work) is directly proportional to market value of a POW token.

Furthermore, in terms of Wilson’s prediction that banks will begin mining: what benefit do banks have for participating in the mining process?  If they own bitcoins, perhaps it “gives them a seat at the table.”  But if they do not own any, it provides no utility for them.

Why?  What problem does mining solve for organizations such as banks?  Or to put another way: what utility does proof-of-work provide a bank that knows its customers, staff and transaction processors?5

Permissioned Permissionlessness, BINO-style

One goal and innovation for Bitcoin was anonymous/pseudonymous consensus which comes with a large requirement through trade-offs: mining costs and block reorganization risk.

To quote Section 1 of the Nakamoto whitepaper regarding the transaction costs of the current method of moving value and conducting commerce:

These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party


  • Bitcoin was designed with anonymous consensus to resist censorship by governments and other trusted third parties.
  • If you are running a ledger between known parties who abide by government regulations, there is no reason to pay that censorship-resistance cost.  Full stop.

Today several startups and VC funds have (un)intentionally turned an expensive permissionless system into a hydra, a gated permissioned network without the full benefits of either.  Consequently, through this mutation, some of these entities have also turned a bearer asset into a registered asset with the full costs of both.

For instance, it is currently not possible to build a censorship-resistant cash system on top of a permissioned ledger (due to the KYC requirements) yet this is basically what has attempted with many venture funded wallets such as Coinbase.

The end result: Bitcoin in name only (BINO).  In which a permissionless network is (attempted to be) turned into a permissioned network.  It bears mentioning that companies such as Peernova and Blockstack are not trying to compete with Bitcoin — they are not trying to build censorship-resistant cash.

While financial institutions can indeed download a client and send tokens around, Bitcoin was purposefully designed not to interface with financial intermediaries as it was modeled on the assumption that no one can be trusted and that parties within the network are unknown.  Therefore if parties transacting on the network are both known and trusted, then there probably is no reason to use Bitcoin-based proof-of-work.  Instead, there are other ways to secure transactions on a shared, replicated ledger.

Ask the experts

I reached out to several experts unaffiliated with Bitcoin itself to find out what the characteristics of a blockchain were in their view.

Ian Grigg has spent twenty years working in the cryptocurrency field and is the author of the Financial Cryptography blog as well as the Ricardian Contract and most recently the “Nakamoto signature.”  Below are his thoughts:

As far as *history* is concerned, it looks like just about every individual component of Bitcoin was theorised before 2009.  The last thing that I’d thought was new was the notion of a shared open repository of transactions, but it seems Eric Hughes actually proposed it in the 1990s.  And of course Todd Boyle was banging the triple entry drum in the late 1990s.

Bitcoin has no monopoly on any term except bitcoin and BTC as far as I can see. The big question is really between permissioned and permissionless ledger designs.

If you go for a permissioned ledger, then you can do some more analysis and also reduce the need for the consensus signing to be complicated. At the base level, just one signatory might be enough, or some M of N scheme. But we don’t need the full nuclear PoW-enfused Nakamoto Signature.

But also, the same analysis says we don’t need a block. What’s a block? It’s a batch of transactions that the ‘center’ works on to make them so. But if we’ve got permissioned access, and we’ve reduced the signing to some well-defined set, why not go for RTGS and then we haven’t got a block.

The block in the blockchain exists because of the demands of the networking problem – with a network of N people all arguing over multiple documents, we know it can’t be done in less than a second for a small group and less than 10 seconds for a large group. So to get the scaling up, we *have to make a block* or batch of *many* transactions so we can fit the consensus algorithm over enough tx to make it worthwhile.

Therefore the block, the Nakamoto Signature, PoW and the incentive structure all go together. That’s the blockchain.

Zaki Manian, co-founder of SKUChain and all around Bay-area crypto guru:

Cryptography is interesting right now because the primitives have matured and pre-cryptographic systems are becoming less and less robust.

Commitment schemes are widely used in cryptography. Nakamoto signatures (if Adam Back wants to concede the naming rights) are the thermodynamic commitment to a set of values. A conventional signature in attributable commitment.

A cryptocurrency is an application of a ledger. A distributed ledger needs to syndicate the order of stored transaction. There is a lot of value to syndicating and independently validating the commitments to interested parties. Generalized Byzantine Agreement, n-of-m signatures and transaction syndication decrease the discretion in the operating of systems. Ultimately, discretion is a source of fragility. I think Ian’s reference to RTGS is somewhat disingenuous. Systems with a closed set of interacting parties aren’t particularly helpful. Open participation systems are fundamentally different.

There don’t seem to be any settle lines between the properties of permissioned and permission-less systems. We have both and time will tell.

Pavel Kravchenko, formerly chief cryptographer at Stellar, now chief cryptographer at Tembusu Systems:

I’ve seen the discussion, it seems rather political and emotional. Since the term blockchain is not clearly defined people tend to argue. To make everything clear I would start from security model – who is the adversary, what security assumptions we are making, what is the cost of a particular attack etc. For now (still very early days of crypto-finane) using blockchain as a common word for such variety of conditions is acceptable for me.

Vlad Zamfir, who has helped spearhead the cryptoeconomics field alongside others at Ethereum (such as Vitalik).  In his view:

“Blockchains” are a class of consensus protocols (hence why I like to pedantically refer to them as blockchain-based consensus protocols).  They are not necessarily ledgers, although blocks always do contain ordered logs.

These logs need not be transactions – although we can call them transactions if we want, and so you can call it a ledger if you want – it’s just misleading.

Blockchains are characterized by the fact that they have a fork-choice rule – that they choose between competing histories of events.

Traditional consensus protocols don’t do this, so they don’t need to chain their blocks – for them numbering is sufficient.

Economic consensus protocols contain a ledger in their consensus state, in which digital assets are defined – assets who are used to make byzantine faults expensive.

It is much less misleading to refer to this class of protocols as ledgers, than to blockchains generally speaking – although it is still misleading.

You can make an economic consensus protocol that lets people play chess. It would have a ledger, but it wouldn’t be fair to call it a distributed ledger – it’s a distributed chess server.

Economic consensus allows for public consensus, which acts as a (crappy) public computer.

Public consensus protocols have no “permissioned” management of the computers that make up this crappy public computer.

Non-public consensus protocols have “permissioned” management of these computers.

I think the main thing that is consistently lacking from these discussions is the fact that you can have permissioned control of the state of a public consensus protocol without “permissioning” the validator set.

Robert Sams, co-founder of Clearmatics who has done a lot of the intellectual heavy lifting on the “permissioned ledger” world (I believe he first coined the term in public), thinks that:

If I were to guess, I’d say that the block chain design will eventually yield to a different structure (eg tree chains). It’s the chaining that’s key, not the particular object of consensus (although how the former works is parasitic on the latter).

I think Szabo’s use of “block chain” rather than “blockchain” is more than a question of style. Out of habit I still merge adjective and noun like most people, but it’s misleading and discourages people from thinking about it analytically.

I tell you though, the one expression that really gets on my nerves is “the blockchain” used in contexts like “the blockchain can solve problem X”. Compound the confusion with the definite article. As if there’s only one (like “the internet”). And even when the context assumes a specific protocol, “the” subconsciously draws attention away from the attacker’s fork, disagreements over protocol changes and hard forks.

Anyway this debate with people talking up their Bitcoin book and treating innovation outside its “ecosystem” as apostasy is tiresome and idle.

Christopher Allen, who has had a storied career in this space including co-authoring the TLS standard:

I certainly was an early banner waiver — I did some consulting work with Xanadu, and later for very early Digicash. At various points in the growth of SSL both First Virtual and PGP tried to acquire my company. When I saw Nick’s “First Monday” article the day it came out, as it immediately clicked a number of different puzzle pieces that I’d not quite put together into one place. I immediately started using the term smart contracts and was telling my investors, and later Certicom, that this is what we really should be doing (maybe because I was getting tired of battles in SSL/TLS standards when that wasn’t what Consensus Development had been really founded to solve).

However, in the end, I don’t think any thing I did actually went anywhere, either technically or as a business, other than maybe getting some other technologists interested. So in the end I’m more of a witness to the birth of these technologies than a creator.

History in this area is distorted by software patents — there are a number of innovative approaches that would be scrapped because of awareness of litigious patent holders. I distinctly remember when I first heard about some innovative hash chain ideas that a number of us wanted to use hash trees with it, but we couldn’t figure out how to avoid the 1979 Merkle Hash Tree patent whose base patent wouldn’t expire until ’96, as well as some other subsidiary hash tree and time stamp patents that wouldn’t expire until early 2000s.

As I recall, at the time were we all trying to inspired solve the micropayment problem. Digicash had used cryptography for larger-sized cash transactions, whereas First Virtual, Cybercash and others were focused on securing the ledger side and needed larger transaction fees and thus larger amounts of money to function. To scale down we were all looking at hash chain ideas from Lamport’s S/KEY from the late 80’s and distributed transactional ledgers from X/Open’s DTP from the early 90s as inspirations. DEC introduced Millicent during this period, and I distinctly remember people saying “this will not work, it requires consumers to hold keys in a electronic wallet”. On the cryptographic hash side of this problem Adam Back did Hashcash, Rivest and his crew introduced PayWord and Micromint. On the transaction side CMU introduced NetBill.

Nick Szabo wrote using hashes for post-unforgeable transaction logs in his original smart contract paper in ’97, in which he referred to Surety’s work (and they held the Merkle hash tree and other time signature patents), but in that original paper he did not look at Proof of Work at all. It was another year before he, Wei Dai, and Hal Finney started talking about using proof-of-work as a possible foundational element for smart contracts. I remember some discussions over beer in Palo Alto circa ’99 with Nick after I became CTO of Certicom about creating dedicated proof-of-work secure hardware that would create tokens that could be used as an underlying basis for his smart contract ideas. This was interesting to Certicom as we had very good connections into cryptographic hardware industry, and I recommended that we should hire him. Nick eventually joined Certicom, but by that point they had cancelled my advanced cryptography group to raise profits in order to go public in the US (causing me to resign), and then later ceased all work in that area when the markets fell in 2001.

I truly believe that would could have had cryptographic smart contracts by ’04 if Certicom had not focused on short-profits (see Solution #3 at bottom of this post for my thoughts back in 2004 after a 3-year non-compete and NDA)…

What is required, I believe, is a major paradigm shift. We need to leave the whole business of fear behind and instead embrace a new model: using cryptography to enable business rather than to prevent harm. We need to add value by making it possible to do profitable business in ways that are impossible today. There are, fortunately, many cryptographic opportunities, if we only consider them.

Cryptography can be used to make business processes faster and more efficient. With tools derived from cryptography, executives can delegate more efficiently and introduce better checks and balances. They can implement improved decision systems. Entrepreneurs can create improved auction systems. Nick Szabo is one of the few developers who has really investigated this area, through his work on Smart Contracts. He has suggested ways to create digital bearer certificates, and has contemplated some interesting secure auctioning techniques and even digital liens. Expanding upon his possibilities we can view the ultimate Smart Contract as a sort of Smart Property. Why not form a corporation on the fly with digital stock certificates, allow it to engage in its creative work, then pay out its investors and workers and dissolve? With new security paradigms, this is all possible.

When I first heard about Bitcoin, I saw it as having clearly two different parts. First was a mix of old ideas about unforgeable transaction logs using hash trees combined into blocks connected by hash chains. This clearly is the “blockchain”. But in order for this blockchain to function, it needed timestamping, for which fortunately all the patents had expired. The second essential part of Bitcoin was through a proof-of-work system to timestamp the blocks, which clearly was based on Back’s HashCash rather than the way transactions were timestamped in Szabo’s BitGold implementation. I have to admit, when I first saw it I didn’t really see much in Bitcoin that was innovative — but did appreciate how it combined a number of older ideas into one place. I did not predict its success, but thought it was an interesting experiment and that might lead to a more elegant solution. (BTW, IMHO Bitcoin became successful more because of how it leveraged cypherpunk memes and their incentives to participate in order to bootstrap the ecosystem rather than because of any particularly elegant or orginal cryptographic ideas).

In my head, Bitcoin consists of blocks of cryptographic transactional ledgers chained together, plus one particular approach to time-stamping this block chain that uses proof-of-work method of consensus. I’ve always thought of blockchain and mining as separate innovations.

To support this separation for your article, I have one more quote to offer you from Nick Szabo:

Instead of my automated market to account for the fact that the difficulty of puzzles can often radically change based on hardware improvements and cryptographic breakthroughs (i.e. discovering algorithms that can solve proofs-of-work faster), and the unpredictability of demand, Nakamoto designed a Byzantine-agreed algorithm adjusting the difficulty of puzzles. I can’t decide whether this aspect of Bitcoin is more feature or more bug, but it does make it simpler.

As to your question of when the community first started using the word consensus, I am not sure. The cryptographic company I founded in 1988 that eventually created the reference implementation of SSL 3.0 and offered the first TLS 1.0 toolkits was named “Consensus Development” so my memory is distorted. To me, the essential problem has always been how to solve consensus. I may have first read it about it in “The Ecology of Computation” published in 1988 which predicted many distributed computational approaches that are only becoming possible today, which mentions among other things such concepts as Distributed Scheduling Protocols, Byzantine Fault-Tolerance, Computational Auctions, etc. But I also heard it from various science fiction books of the period, so that is why I named my company after it.

The future

What about tokens?

Virtual tokens may only be required for permissionless ledgers – where validators are unknown and untrusted – in order to prevent spam and incentivize the creation of proofs-of-work.  In contrast, if parties are known and trusted – such as a permissioned ledger – there are other historically different mechanisms (e.g., contracts, legal accountability) to secure a network without the use of a virtual token. 6

Is everything still too early or lack an actual sustainable use-case?

Maybe not.  It may be the case, as Richard Brown recently pointed out, that for financial institutions looking to use shared, replicated ledgers, utility could be derived from mundane areas, such as balance sheets.  And you don’t necessarily need a Tom Sawyer botnet to protect that.

What attracts or repels use-cases then?

  • Folk law: “Anything that needs censorship-resistance will gravitate towards censorship-resistant systems.”
  • Sams’ law: “Anything that doesn’t need censorship-resistance will gravitate towards non censorship-resistant systems.”

Many financial institutions (which is just one group looking at shared, replicated ledgers) are currently focused on: fulfilling compliance requirements, reducing cost centers, downscaling branching and implementing digital channels.  None of this requires censorship-resistance.  Obviously there are many other types of organizations looking at this technology from other angles and perhaps they do indeed find censorship-resistance of use.

In conclusion, as copiously noted above, blockchains are a wider technology than just the type employed by Bitcoin and includes permissioned ledgers.  It bears mentioning that “permissioned” validators are not really a new idea either: four years ago Ben Laurie independently called them “mintettes” and Sarah Meiklejohn discussed them in her new paper as well.


  1. See The financial cloud from Adam Ludwin []
  2. Thanks to Christopher Allen for pointing this out. []
  3. See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland []
  4. See Bitcoins: Made in China []
  5. Why would banks want to use a communal ledger, validated by pseudonomyous pools whom are not privy to a terms of service or contractual obligation with? See Needing a token to operate a distributed ledger is a red herring and No, Bitcoin is not the future of securities settlement []
  6. See also Needing a token to operate a distributed ledger is a red herring and Consensus-as-a-service []
Send to Kindle

Panel with financial service professionals involved with baking shared, replicated ledgers into organizations

The last part of the PwC discussion 10 days ago involved a panel with myself moderating, Peter Shiau (COO of Blockstack) and Raja Ramachandran (co-founder of eFXPath and an advisor at R3CEV).  Robert Schwentker (from Blockchain University) also helped provide a number of questions for us.

We cover a number of topics including use-cases of distributed ledgers for financial institutions.

Send to Kindle

Q&A regarding the Distributed Ledger Landscape

About 10 days ago I had the pleasure of speaking at Blockchain University (hosted over at PwC) regarding distributed ledgers (permissioned and permissionless).  One of the slides was intentionally taken out of context by a user on reddit and unsurprisingly the subsequent /r/bitcoin thread covering it involved a range of ad hominem attacks that really missed what was being discussed at the actual talk: what are the characteristics of a blockchain.

I will likely write a post on this topic at length in the next couple of days.  In the meantime, below is the video which incidentally pre-emptively answered a few of the questions from that thread.

Also, for those curious to know who were asking the good questions in the audience, this included: Jeremy Drane (PwC), Christopher Allen (co-creator of the TLS standard) and Nick Tomaino (Coinbase) among others.

Send to Kindle

Bram Cohen: “Removing the Waste from Cryptocurrencies: Challenges and More Challenges”

Bram Cohen, the creator of BitTorrent, has opined on Bitcoin over the years on social media (such as Twitter).  Over the last couple of weeks he has been increasingly vocal on some hurdles such as the increase in block sizes (via a hard fork) and the dangers of accepting and institutionalizing zero-confirmation transactions.

Last week he gave a presentation at the SF Bitcoin Dev meetup in which he covered a variety of alternatives to proof-of-work such as proof-of-steak (which he dubs “Cow systems”).

Send to Kindle

The Distributed Ledger Landscape: Who is developing shared, replicated ledgers and why

Earlier today I gave a presentation for Blockchain University hosted at PricewaterhouseCoopers in San Francisco.  It covers the different startups developing permissioned ledgers, the use-cases they are looking at and the reasons for why permissionless systems are currently inadequate to fulfill similar business requirements.

Send to Kindle

Unable to dynamically match supply with demand

This post will look at an amalgam of ideas touched on by Eli Dourado in a post several days ago regarding Bitcoin.  This includes volatility, cross-border payments, nemo dat, settlement finality and machine-to-machine transactions.

I also answered a few frequently-asked-questions that have been emailed to me that intersect with some of the same ideas.


On Sunday Eli Dourado posted a response to Noah Smith and JP Koning both of whom previously discussed why bitcoin has not become a medium-of-exchange.

I don’t want to turn this into a post solely on volatility so if you’re interested in other ideas, skip to the next section titled cross-border payments.

The problem with Dourado’s analysis on volatility is that it does not look at what the actual causes of volatility are, the core of which is a perfectly inelastic money supply.

What does it mean to have a “perfectly inelastic money supply”?  In short, irrespective of the quantity demanded, the money supply itself does not change or shift.  For a Bitcoin-like network, its supply is programmed to remain static irrespective of external conditions.  While some advocates and enthusiasts consider this a feature, it is a bug if bitcoin wants to be used as a modern medium-of-exchange.  Why?  Because the only way to reflect changes in demand is through a change in price, which as described below, is done so via volatility, often violently.

And consequently, determining what the elasticity of demand could be is effectively impossible due to the opaqueness in both the exchange and OTC markets, which partly explains the unpredictability around cryptocurrency prices in general.1

In contrast to Dourado’s view, Robert Sams recently provided a more cohesive look at the fundamental reasons for why, despite the creation of new “liquidity” venues, uncertainty cannot be removed in a similar manner:

volatility 1

volatility 2

volatility 3

The three slides above appear in an April 2015 presentation by Sams.

Yet it is Sams’ short white paper on stable coins that probably, succinctly, describes the issue of future uncertainty with present day prices:

It is the nature of markets to push expectations about the future into current prices. Deterministic money supply combined with uncertain future money demand conspire to make the market price of a coin a sort of prediction market on its own future adoption.  Since rates of future adoption are highly uncertain, high volatility is inevitable, as expectations wax and wane with coin-related news, and the coin market rationalises high expected returns with high volatility (no free lunch).

In other words, at present bitcoin’s price inelasticity of demand means bitcoin’s price isn’t a function of the availability of bitcoin or, for that matter, demand for it.  This makes bitcoin vulnerable largely to the machinations of prognosticators (e.g., pumpers), not tangible market forces.2

Below are a few other questions that have hit my inbox related to volatility which tie into the ideas addressed by Dourado and others above.

Some short Q&A on volatility and prices

Visible volatility appears to have declined in the past 5 months, why?

One possible explanation relates to the inelasticity argument: if traders “feel” that this is a good price and there is no motivation or incentive to trade, thereby moving it up or down, it will tend to stay there (i.e., trading based on sentiment).

Another potential explanation for why there has been less volatility in the last couple months could be that as participants have left the market, there has been less demand from speculators due to a lack of interest and thereby a corresponding lack of volume.3  We may not know for sure what the actual trading volume is at exchanges in aggregate for years to come.

For instance, contrary to the Goldman report, the Chinese RMB does not compromise 80% of the trading volume; this “volume” as discussed by Changpeng Zhao (former CTO of OKCoin) were a combination of internal market making bots, wash trades and tape painting.4  If there was a legitimate increase in demand from speculator then there would have been corresponding increases.  Maybe “whales” will return again after Fed tightening or concerns over Greece.  Or maybe not.

In addition, VC funded companies like BitPay are stating on record that they absorbing some (all?) bitcoins onto their balance sheet, this likely in the short run reduces some of the volatility but is not sustainable.

Why not?

Because with roughly $400,000 – $800,000 in trade volume per day that BitPay processes, it simply does not have the cash on hand to absorb all of the incoming bitcoins for more than a few weeks at most.  Thus, despite the claims (video) from Jason Dreyzehner — that BitPay tries to keep all of the bitcoins that they process — after talking with several contacts at large exchanges, it turns out BitPay does in fact sell bitcoins in bulk to exchange and OTC partners.  See also, A pre-post-mortem on BitPay.

Another common question I have received: with a string of “positive” developments lately such as GBTC, new exchange infrastructure, and more VC funding, why hasn’t bitcoin’s price risen?

It hasn’t risen in part because of elasticity.  Bitcoin’s value can be susceptible to external factors, but it does not need to be if there is inelasticity of demand.  In that case, steady prices amounts to Newton’s First Law.5

In addition, thus far there is no compelling reason for:

1) Consumer-based transactional demand.  To most consumers in developed countries, trying to use bitcoin is an added friction, so they are not interested in doing that.  What are the demographics of a bitcoin owner?  Based on several sources we know what the owner demographics are: a North American / European male in his early 30s, they have access to other payment platforms and own bitcoins primarily as an investment, not virtual cash.6

2) Speculative demand has not increased (yet) because it is now an old story for some active traders — they know what a “bitcoin” as an asset is and how to get it.  As Nathaniel Popper (from NYT) discussed a couple weeks ago at Plug and Play, editors and writers at large media companies are tired of the same stories, these Bitcoin companies need to now go execute which few have actually done.

What about the new exchange companies and liquidity providers being added to the market?

As noted above, as of this writing the price of bitcoin is largely a function of speculative demand still.  Companies like Coinalytics have looked at the on-chain data to show that there has not been much of an increase in on-chain usage or demand from above-board commercial entities.7 Perhaps that will change.

Therefore if consumers are not participating, bitcoin is left with movements dictated by changes in the unpredictable demand curve (and appetite) of speculators.  There are startups that provide different types of instruments: SolidX, LedgerX, Mirror, Tera Exchange and Hedgy but none has likely gotten much volume and only have limited capital to absorb the continual bitcoin production rate of miners and other sell-side participants.  Again, maybe this will change over time.

What if bitcoin adoption were to proceed more aggressively in non-currency applications (real-time securities settlement, for e.g.), what is the impact from that on bitcoin’s price?

First off, the Bitcoin network is not a real-time securities settlement, at most it clears one batch in roughly 10 minutes — not real-time.  But if we are truly defining post-trade finality in terms of title transfer, Bitcoin itself cannot do that with off-chain assets.  Why not?  Because Bitcoin’s validators — in this case mining pools — have no control over off-chain assets.  Title still resides and is controlled off-chain, out of the purview of miners.8

Ignoring that for a moment the main reason why watermarked methods have seen a surge in interest is so that a company (or financial institution) does not need to buy gobs of bitcoins in order to represent socially-recognized value on the edges (houses, cars, airplanes, boats) — thus since watermarking takes a small fraction of a bitcoin, even in aggregate it probably does not add much demand to bitcoin itself.  Whether that is a secure method for transferring value is another topic altogether.9

On this point I also spoke with George Samman, co-founder of and weekly contributor to CoinTelegraph.  In his view:

When talking about settlement and clearing the sheer size – in dollar terms – of the FX and equity markets, it makes a 51% attack on watermarked assets much more of an eventuality than a probability simply because it’s now worth the effort to do so.  Why?  Because the increase in aggregate asset value transferred on a blockchain incentivizes attacks.  In fact a new paper suggests that an attacker does not even need 51% to achieve their goals.

How might Bitcoin help FX traders and arbitrageurs more easily and quickly align their books and execute a global strategy?

As of June 2015, probably none. The market simply is not deep or liquid enough compared to the multi-trillion dollar FX space.  Even if we took the volume of Bitcoin exchanges at face value — that operators are not exaggerating their numbers which we know they are10 — you would need volume to increase by several orders of magnitude before FX traders probably are interested in using it either as a vehicle or as part of their “global strategy.”

According to Bitcoinity — which uses self-reported volumes — total global bitcoin trading volume over the past 24 hours amounted to 312,532 BTC (~$78 million), though 70-80% of that is likely market making bots and wash trading.  For comparison, according to the BIS, in April 2013 the daily FX turnover globally was $5.3 trillion.  This number has stayed roughly the same over the past several years.11

What impact can the BitLicense have now that it has been finalized?

Again, I’m one of the few people that thinks the BitLicense is not a bad thing — it may seem expensive but if a Bitcoin company provides the same good and service as a traditional company then it would make sense to have them liable to the same type of compliance — why do they get an exception just because of the word Bitcoin?  With that said I do think that it could bring in more players who believe this now provides regulatory certainty.

For example, I am looking forward to seeing how Gemini impacts the network now that there is a legitimate exchange you can “short” bitcoin on — it may provide a new incentive to destabilize the network in order to gain.

For perspective I reached out to Raffael Danielli, Quantitative Analyst at ING Investment Management.  In his view:

The points made in Robert Sams recent post are worth looking at. It is a reason to be wary of a professional exchange such as Gemini. Also it adds to the volatility problem. It is probably just a question of time until we see some hedge fund disrupt the network somehow while profiting from it with a massive short. The incentives will be in place sooner or later.

Honestly, I believe that the misconception about volatility (“it will go down over time”) might blow up in the face of many people. The argument that Robert Sams makes is strong. As long as supply cannot be dynamically adjusted to match changes in demand expectations (essentially what the Fed is trying to do) volatility is unlikely to decrease.

It is worth pointing out that a trader can currently “short” bitcoin on Tera Exchange and Crypto Facilities via their forwards contracts (and swaps in the case of the former).  So far the only participants interested are miners for obvious reasons (though it is unclear if anyone involved is generating much revenue yet).  It is also unclear what the incentive for doing a swap is too, with the inability to predict or model exchange rate changes months into the future.

I also reached out to George Samman once more.  According to him:

It is more about the implied volatility which for bitcoin, is always higher than other asset classes and the reason I believe this is because bitcoin is still a giant unknown. Bitcoin continues to trade mainly on sentiment and technicals as well, and this in turn makes it by nature a more volatile asset.

I would also say to the disappearing volume on exchanges it has to do with a lack of trust, hoarding by deep pockets, and its been going off-exchange.  For example LocalBitcoins volume hit record highs in May, while volume at the biggest exchange and the one used by the most active traders use, Bitfinex, has declined steady all year long.12

Kraken, the San Francisco-based crypto currency exchange, is launching a new “DarkPool” option for volume traders who want to buy and sell coins in larger orders. Typically, large orders in the exchange swing the price of bitcoin dramatically, but with the new dark pool trading option, it lets people or institutions order in a way that the rest of the market does not see. Think of it as a level of privacy for people buying or selling bitcoin in bulk. The service will cost users an addition point-one-percent on orders.

Kraken is not the first exchange to bring a “dark pool” to market.  In 2013 Tradehill launched a service called “Prime” that purportedly acted as a “dark pool.”  In addition, one of the attractions to LocalBitcoins may be that it does not require traders to provide identification (via KYC); its volume could decline if it tried to comply with similar KYC/AML/BSA requirements that many other exchanges do.

Cross-border payments

Dourado’s explanation for how credit card processing work is not fully fleshed out.  For a more detailed explanation I recommend readers peruse two posts from Richard Brown found below in the notes.13 In short, Dourado’s explanation for the alleged value proposition between Bitcoin versus a credit card ignores the biggest difference: there is no native credit facility or lending ability on the Bitcoin network.

At best the comparison should be with debit cards.  In addition, in his example, not only is there unnecessary foreign exchange fees in moving into and out of bitcoin, but transactions do not occur instantaneously (even zero-confirmations take longer than a card swipe).  Furthermore, the current Bitcoin network is unable to handle everyone wanting to use bitcoin today (there is a continuous backlog of unconfirmed transactions, sometime measuring into the thousands).  One thing he could have mentioned is that that foreign exchange trades may offset merchant fees, but he did not (yet).

For instance, Dourado states:

You may use a payment processor such as BitPay to instantly convert the bitcoins you receive into dollars. I may use a wallet that instantly converts dollars to Bitcoin at the time I want to make a payment. We both have trust relationships with intermediaries, but because the transaction and settlement occurs on the blockchain, we no longer have to trust the same intermediary.

There is no reason to use Bitcoin itself to do this.  Since users on both ends of the transaction are not only identified but they also need to “trust” a trusted third party, they could just as easily use a different payment method.  And empirically they do, hence one of the reasons why JP Koning wrote the first post in the first place.  In practice, Bitcoin as a payment system is just an added friction: why go from USD->BTC->USD when a user can simply bypass this artificial friction and pay in USD?

Dourado does not provide a cost-benefit analysis nor does he explain why credit card companies work the way they do (see again Brown’s posts in the end notes).   Instead, he discusses the example of unbanked and underbanked, stating:

This is relevant when thinking about bringing the next few billion people online and into the global economy. These people will not have credit histories that are accessible to the same intermediaries that I am set up to use. They may have local intermediaries that they can use, or they may be willing to use Bitcoin directly. If that is the case, they will be able to enter into the stream of global commerce.

In my lengthy book review on The Age of Cryptocurrency I explained 3-4 reasons for why Bitcoin probably is not the savior of the unbanked and underbanked.

One of the reasons is volatility, another is compliance and customer acquisition costs.

One more is the fact that nearly all venture capital (VC) funded hosted “wallets” and exchanges now require not only Know-Your-Customer (KYC) but in order for any type of fiat conversion, bank accounts.  Thus there is a paradox: how can unbanked individuals connect a bank account they do not have to a platform that requires it?  This question is never answered in the book yet it represents the single most difficult aspect to the on-boarding experience today.

Thus contra, Dourado and others, Bitcoinland has recreated all of the same types of intermediaries as the traditional financial world, only with less oversight and immature financial controls.

In terms of “rebittance,” in practice, what ends up happening in these emerging markets is that local residents attempt to cash out into their local currency, irrespective of whatever cryptocurrency funds were originally sent with.14 It is highly recommended that readers peruse analysis below in the notes from Yakov Kofner who studies this at SaveOnSend — looking at actual data such as margins and fees15 And again, maybe this will slightly change through the efforts of Align Commerce, and BitX but it has not yet.

Continuing Dourado writes:

We will finally have a unified global financial system to which everyone will have access. Capital controls will become impossible, or nearly so.

Unlikely via Bitcoin, perhaps through other distributed ledger systems being developed (with mintettes).  The above statement may be the hopes and dreams of many Bitcoin investors, but recall the drama surrounding Coinbase this past February when the leaked pitch deck (pdf)  — which highlighted Bitcoin’s ability to bypass sanctions on Russia — ended up in the hands of regulators.  The head of compliance at Coinbase ended up leaving and the startup was on thin ice (maybe still is?).16

Settlement finality

Another quibble with Dourado’s piece is based on his statement:

So in order to do apples-to-apples comparisons, we might want to examine other systems of final settlement. One such system is cash. Cash of course has some limitations, chief among them that it is not possible to send cash online without an intermediary.

The problem with this is that cash in the real world is given exception to nemo dat and bitcoin is not.  I tried pointing this out to him on Twitter, to which he responded with one word: “Absurd.”  Nemo dat is the legal rule that states that Bob cannot purchase ownership of a possession from Alice if she herself does not have title to the possession.

And it is not absurd.

In fact, as described two months ago, when talking to attorneys such as Amor Sexton, Ryan Straus and George Fogg we learned that one of the problems facing bearer instruments like bitcoin is that many of these virtual assets do not have clean title — that they are encumbered.  What this means is that while the Bitcoin network itself may provide settlement with respect to the transfer of private key credentials, on the edges of the network in the social ‘wet code’ world, the title to these credentials could be non-final.

This means that because of how trusted third parties such as Xapo or Coinbase originally pooled and commingled (e.g., did not segregate) customer deposits, some customers may unknowingly end up with encumbered bitcoins.  Whether anyone litigates on this issue may be a matter of time as Mt. Gox may have practiced the same behavior with pooled deposits.

Ignoring this could impact the bitcoins you may have.  Did you mine the coins yourself or did you buy them through an OTC provider like Charlie Shrem?  There is currently no method of “cleansing” these virtual commodities from previous claims.  Thus, as described earlier in this post, while settlement finality is a potential benefit of distributed ledgers, it probably needs to be integrated within the current custodial framework in order to be effective. 17

Machine to machine

My last quibble regarding Dourado’s piece is where he states:

Direct settlement also means that machine-to-machine transactions will be possible without giving your toaster a line of credit or access to your full bank account. What new inventions will people create when stuff can earn and spend money?

The core innovation around Bitcoin are censorship-resistant cash and its decentralized ledger — thus trying to merge costly pseudonomity with the KYC of a traditional financial system and then innovate on top of that seems like a one step forward and then one step back.

Therefore it makes little sense for why Dourado, Antonis Polemitis, 21inc and others continue to bring up machine-to-machine as if it is the “killer app” for Bitcoin.  What is the need for proof-of-work in these cases?  I briefly looked at this in Appendix B: why can’t prepaid cards be used to pay for the same service?  If parties — or washing machines and toasters — are known, what benefit does this asset provide that cannot be done with other systems?  Why do you need to insert censorship-resistant virtual cash in a transaction that ultimately will need national currency on both sides of the transaction?

Furthermore, even if machine-to-machine transactions somehow did take off and the Bitcoin blockchain was used, it would quickly become bogged down due to block size issues.  For more on this point, it’s worth reviewing the two most recent posts from TradeBlock below in the notes.18


It is unlikely that many early adopters or those who believe static money supplies are a feature, will find any of the discussion above of merit.19  Yet, as Noah Smith pointed out again yesterday, bitcoin’s volatility may need to become “boring” (non-existent) if it ever were to become a viable medium-of-exchange.  However as described above, there are multiple external factors for why this may not occur including the fact that there is no current method to automatically, trustlessly rebase the purchasing power in Bitcoin.

Last fall Robert Sams published a short paper (pdf) proposing one solution, via a “stable coin” — an idea that has subsequently been explored by Ferdinando Ametrano20 and may eventually be emulated in projects like Augur and Spritzle.

Whether or not this feature is adopted by the Bitcoin community remains and open question.  What is probably not an open question is whether volatility will ever disappear for a perfectly inelastic money supply, particularly one without a type of rebasement mechanism.

[Acknowledgements: thanks to Raffael Danielli, Justin Dombrowski, Yakov Kofner and George Samman for their feedback.]

End notes:

  1. See What is the “real” price of bitcoin? and Too Many Bitcoins: Making Sense of Exaggerated Inventory Claims []
  2. I would like to thank Justin Dombrowski for bringing this point to my attention. []
  3. Readers may be interested in Low Volatility and The Shanghai Composite Are Killing Bitcoin by Arthur Hayes.  Note that you can have liquidity from underlying demand as a transactional cryptocurrency, but that does not seem possible to coordinate with a limited, decentralized money supply in the Bitcoin model. []
  4. The Goldman Sachs report used self-reported numbers from the exchanges themselves.  See 80% of bitcoin is exchanged for Chinese yuan from Quartz. []
  5. I would like to thank Justin Dombrowski for this insight. []
  6. See New CoinDesk Report Reveals Who Really Uses Bitcoin as well as the the leaked Coinbase pitch deck (pdf). []
  7. See The flow of funds on the Bitcoin network in 2015 and A gift card economy: breaking down BitPay’s numbers []
  8. See: Consensus-as-a-service as well as No, Bitcoin is not the future of securities settlement by Robert Sams and On the robustness of cryptobonds and crypto settlement by Izabella Kaminska []
  9. See also: Will colored coin extensibility throw a wrench into the automated information security costs of Bitcoin? and Can Bitcoin’s internal economy securely grow relative to its outputs? []
  10. See Too Many Bitcoins: Making Sense of Exaggerated Inventory Claims []
  11. See Daily FX volumes hold above $5 trillion in Feb-CLS from Reuters []
  12. George Samman suggested interested readers look at a presentation he made for Coinsetter last week, starting at slide 93. []
  13. A simple explanation of fees in the payment card industry and Why the payment card system works the way it does – and why Bitcoin isn’t going to replace it any time soon both from Richard Brown []
  14. See The Rise and Rise of Lipservice: Viral Western Union Ad Debunked []
  15. Western Union: permanent leader of international money transfer? and Does Bitcoin make sense for international money transfer? both from Yakov Kofner []
  16. In addition, while an organization like a government may not be able to totally eliminate Bitcoin itself, they could likely severely reduce its use by imposing such absurd punishments that most would fear to use it.  But that is a topic for another post. []
  17. See also: No, Bitcoin is not the future of securities settlement by Robert Sams []
  18. Bitcoin Network Capacity Analysis – Part 3: Miner Incentives and Bitcoin Network Capacity Analysis – Part 4: Simulating Practical Capacity from TradeBlock []
  19. This concept, of static money supplies, is not an unknown idea for central banks.  David Andolfatto, VP at the St. Louis Federal Reserve, pointed this out in his presentation last month. []
  20. Slides and video from Ametrano’s March 2015 presentation []
Send to Kindle

A pre-post-mortem on BitPay

Yesterday at the MoneyConf in Belfast, BitPay’s CEO Stephen Pair announced that they were pivoting away from payments and towards technological infrastructure for banks and enterprises.

This is an interesting announcement in that a year ago, almost to the day, I published an article, A Marginal Economy versus a Growth Economy, that mentioned how on-chain transaction volume was not following the growth in merchant adoption.  That it was relatively flat.  Reddit and parts of the Bitcoin community derided that analysis yet the data was correct.

In fact, on-chain data later showed that BitPay volume plateaued throughout last year, see The flow of funds on the Bitcoin network in 2015 and A gift card economy: breaking down BitPay’s numbers.

What kind of tech does BitPay currently offer the marketplace?

  • ChainDB, introduced in March, though it seems a bit late to the party already started by ErisDB (and from Ripple’s NuDB).
  • Copay is in a packed group of multisig offerings including GreenAddress, BitGo and CryptoCorp.
  • Insight was their first API / blockchain explorer but everything has moved over to Bitcore.
  • Bitcore competes with BlockCypher, Chain, Coinkite,, and others.
  • (Their API also has some kind of payment channel which could compete with the Lightning Network)
  • Foxtrot seems to also compete with IPFS (and perhaps to some degree Filecoin and DNSChain from okTurtles).

Social media has recently been filled with other hype and rumors but no other big product lines have been announced (yet).

There are a couple open questions.  How will they scale and monetize to a new customer base after such a large pivot in an increasingly competitive fintech market?

For instance, they built their company around consumer payments, but they have let about 20 people go over since the Bitbowl, including the Bitbowl team in large part because consumers as an aggregate did not spend bitcoins (their developer evangelist just left recently too).

For example, in his interview with Business Insider, Pair stated that:

We keep adding merchants – we’re up to over 60,000 now — but they’re selling to the same pool of Bitcoin early adopters. At Bitpay we’ve never thought there’d be this overnight adoption where you get people using it this year or even next year. It’s going to take some time. In the industry there’s a realisation that yes it’s an incredible technology but it’s going to take a while for it to mature.

Again, based on demographic research from CoinDesk and others the typical “owner” of a bitcoin is a North American male in their early 30s that is not living hand-to-mouth.1 They likely have a low-time preference and long-term time horizon and thus are unlikely to spend bitcoins because they view it as an investment, not virtual cash.2  Another data point: in moving to Switzerland, Wences Casares noted that 96% of the customer deposits on Xapo do not move, that they are stagnant.

But Xapo is primarily storage right?  Why would customers frequently move their deposits in and out of bunkers?

transactions coinbase

Source: Coinbase

Above is the off-chain transaction chart over the past year at Coinbase.  Up until recently it has been relatively flat with around 3,500 – 4,000 transactions per day.  In October 2014, Brian Armstrong and Fred Ehrsam, co-founders of Coinbase, did a reddit AMA.  At the 31:56 minute mark (video), Fred discussed merchant flows:

One other thing I’ve had some people ask me IRL and I’ve seen on reddit occasionally too, is this concept of more merchants coming on board in bitcoin and that causing selling pressure, or the price to go down. [Coinbase is] one of the largest merchant processors, I really don’t think that is true.  Well one, the volumes that merchants are processing aren’t negligible but they’re not super high especially when compared to people who are kind of buying and selling bitcoin.  Like the trend is going in the right direction there but in absolute terms that’s still true.  So I think that is largely a myth.

Echoing Pair’s view, in a March 2015 interview with CoinDesk, Steve Beauregard, CEO of GoCoin, a payment processor stated:

“I believe merchants have been widely disappointed by the number of transactions they see in bitcoin,” Beauregard said.  He went on to state that “consumer adoption is the problem”, speaking out against the ‘if you build it they will come’ mentality of the bitcoin ecosystem in past years.

Thus it is unsurprising that a company, BitPay, that in public previously stated it would generate revenue via transaction and SaaS fees, was unable to in a market filled with stagnant coins.  Behind the scenes, as described later below, they were telling people (and investors) that they hoped to generate money via the market appreciation of bitcoins themselves.

Is it the only explanation?

Last month Moe Levin, former Director of European Business Development at BitPay, was interviewed by deBitcoin, below is one detailed exchange starting at 1:57m:

Q: There was a lot of stories in the press about BitPay laying off people, can you comment on that?

A: Yea, what happened was we had a high burn rate and the company necessarily needed to scale back a little bit on how many people we hired, how many people we had on board, how much we sponsored things.  I mean things were getting a little bit out of hand with sponsorships, football games and expansion — more care needed to be put on how and where we spent the money.

Q: Can you elaborate on the burn rate?  Tim Swanson wrote a piece on BitPay in April, published this piece about the economy, the BitPay economy. Posted this piece on the burn rate and actual figures, have you read that piece?  Can you comment on that?

A: Yes, it is especially hard for a company to build traction when they start off.  Any start up is difficult to build traction.  It’s doubly hard, the hardness is amplified when a company enters a market with competitors that have near unlimited resources because the other companies can either blow you out of the water or have better marketing strategies or they can do a ton of different things to make your startup more irrelevant.  Standard in any company but it is doubly difficult when you enter a market like that.  In the payments industry, forget about Bitcoin for a second, in the payments industry and the mobile commerce, ecommerce, company-to-company payments industry there are massive players with investments and venture backed companies in the billions.

Competing at that stage is tricky and it necessarily requires a burn rate that is much higher than the average startup because of how you need to compete in this space.  What is also important is that the regulation costs a lot of money for the startups in the Bitcoin economy.  It’s the perfect storm of how a startup will be hit with a ton of expenses early on and that can hurt the growth of a company.  Even though a lot of the money that went into it was growth capital it takes a while to get the balance right between spending and growing.

I do think this explains some of the pivot but not all of it.

According to AngelList, at the time of this writing there are 1,870 payments startups.  Some of these, as Levin stated, are well-funded.

While it likely will not win any friends on Reddit, I think BitPay’s effort to succeed in consumer payments was likely hindered due to the first factor, the fixed inelastic money supply.

As Robert Sams noted in May 2014:

There is a different reason for why we maybe should be concerned about the appreciation of the exchange rate because whenever you have an economy where the expected return on the medium of exchange is greater than the expected return of the underlying economy you get this scenario, kind of like what you have in Bitcoin.  Where there is underinvestment in the actual trade in goods and services.

For example, I don’t know exactly how much of bitcoin is being held as “savings” in cold storage wallets but the number is probably around $5 billion or more, many multiples greater than the amount of venture capital investment that has gone into the Bitcoin space.  Wouldn’t it be a lot better if we had an economy, where instead of people hoarding the bitcoin, were buying bitshares and bitbonds.  The savings were actually in investments that went into the economy to fund startups, to pay programmers, to build really cool stuff, instead of just sitting on coin.

I think one of the reasons why that organic endogenous growth and investment in the community isn’t there is because of this deflationary nature of bitcoin.  And instead what we get is our investment coming from the traditional analogue economy, of venture capitalists.  It’s like an economy where the investment is coming from some external country where Silicon Valley becomes like the Bitcoin equivalent of People’s Bank of China.  And I would much prefer to see more organic investment within the cryptocurrency space.  And I think the deflationary nature of bitcoin does discourage that.

Based on talks with several other companies in the same space, it is probably not the last announcement of a pivot out of consumer payments.

A next step

So hire experts in financial services right?  It might not be so easy.

Why not?

How will all the bitcoins sitting on BitPay’s books impact their ability to pivot?

The video above is a clip from an two week old interview with Jason Dreyzehner a UI/UX engineer at BitPay.

After watching that, is BitPay: 1) a payment processor 2) exchange 3) forex trading house 4) asset manager 5) all of the above?3

It sounded like they were all of the above.  But perhaps they will just raise another round (downround?), hope for the best and ignore these sunk costs.4

What about banks then?

This quote Pair provided Business Insider is probably not fully accurate:

Banks are desperate to figure out how to apply this technology to mainstream currencies and the likes of Citi, UBS and Santander are all looking at blockchain technology.

I’m not sure what banks Pair has been talking to but from my conversations they are not primarily looking at how to “apply this technology” for currencies.  Though perhaps my sample size is too small.

Rather, in my experience, financial institutions are looking at how to use some kind of distributed ledger to achieve a number of goals, namely in reducing cost centers and complexities within the back office and this is (so far) largely unrelated to currencies.

The entrepreneurs view

For perspective I reached out to Alex Waters, CEO of, a NYC-based cryptocurrency payment processor.  According to him:

In light of recent regulations, and their impact – I see several bitcoin companies pivoting. Payment processing was already a tight margin business when it wasn’t considered an MSB. Now with the regulatory costs involved, it would be a challenging line of business for any startup.

ChainDB and Copay are outstanding, and Bitpay’s open source culture makes them a desirable place to work. The regulatory environment may be a blessing in disguise as it can free some companies from investor and branding pressure. Freeing them to pursue new models.

In addition, when asked how BitPay can pivot into the finance and enterprise sector with a team built around consumer payments, Waters noted that:

I think that’s really challenging. Not only is it a different development skillset to do SaaS, but the existing team may not want to work on that model.

For additional perspective I reached out to Steve Beauregard, CEO of GoCoin.  In his view:

I’ve been publicly speaking out for the last year about merchant adoption sharply our pacing consumer adoption.  Whereas BitPay is shifting their focus to helping banks settle transactions more quickly, GoCoin has decided to address the problem head-on. Clearly merchants see the value proposition, so the thesis behind our merger with Ziftr is to combine our technologies to provide consumers incentives in the ways they currently expect them.  The new merged GoCoin / Ziftr will provide merchants with a digital coupon platform where they can give coins to consumers as incentive to make product purchases.  Our wallet will be a hybrid in that it will store tokenized credit cards similar to ApplePay, yet also enable payments with multiple cryptocurrencies including Bitcoin, Litecoin, Dogecoin, tether and zifterCOIN.

While I agree the consumer adoption is not happening at the pace any of the early pioneers believed it would, but we are taking the dog to the fight so to speak to provide the tools to merchants to change the behavior to the safest, lowest cost payment alternative.

In addition I reached out to Nikos Benititis, CEO of CoinSimple, an Austin-based payment processor.  In his view:

Tim, your thoughts on the cost of regulation and market size already provide a reasonable framework for explaining the recent developments. What I would like to contribute to those is the issue with the “bifurcation” of the bitcoin startup scene.

The first batch of bitcoin startups, which includes BitPay, is quite different from the second batch. In the first batch, you had entrepreneurs who got support from bitcoin early adopters to launch businesses that helped the ecosystem. In the second batch, you have serial entrepreneurs, running companies like Xapo, Circle and 21e6, who got millions from Silicon Valley VCs. Startups from the first batch have to make tough choices, given that interest in bitcoin (see price) is not what it used to be, and that they have to get “traditional” funding to survive. If they get such funding, like BitPay did, they may have active investors questioning the direction of the company, looking at the market size etc. In other words, the price of bitcoin and the lack of crowdfunding does not allow startups from the first batch, to continue working on “ideological” agendas, like bitcoin merchant and user adoption. Startups of the first batch can continue working on what they started on only if the bitcoin price rebounds, or if large bitcoin holders support them. BitPay had to pivot in order to create a sustainable business because it could not afford to do otherwise.

CoinSimple, that provides a merchant processing, because it never touches customer or merchant funds (unlike Coinbase, or BitPay), continues to try to contribute to wider Bitcoin merchant adoption. With a product that works, and we minimum overhead, we can afford to grow organically and contribute to the growth of the ecosystem.

Whatever the reasons for pivoting were, this is a very fluid market place as companies are still looking to find product-market fits.  The next post will look at what Noah Smith and JP Koning have been writing on as it relates to a medium-of-exchange.

Update: according to a new tweet from Stephen Pair: “@BitPay has not pivoted, never even considered it…every line of code we write is about extending our lead in payment processing”

[Acknowledgements: special thanks to Fabio Federici and Pete Rizzo for their feedback.]

End notes:

  1. See New CoinDesk Report Reveals Who Really Uses Bitcoin as well as the the leaked Coinbase pitch deck (pdf).  Regarding “owning” a bitcoin see Bitcoin Ownership and its Impact on Fungibility from CoinDesk []
  2. If they believe the future utility (value) of a bitcoin is greater than the value they would receive by using it today, it is rational to hold.  For more specifics see Chapter 12 in The Anatomy []
  3. Based on reliable contacts at large exchanges,  BitPay does in fact sell directly to other exchanges. []
  4. Future researchers may also be interested in valuations.  A number of VC-funded Bitcoin companies raised on strong user growth totals in the consumer market so in absence of this, it is unclear how BitPay would show a similar “rocketship: growth in enterprise.  How did and how will VCs judge a company that basically sells them on massive user growth that then almost completely evaporates? []
Send to Kindle

Needing a token to operate a distributed ledger is a red herring

Over the last few weeks a number of posts and interviews on social media have promoted the position that “you cannot separate bitcoin from the blockchain” and that only Bitcoin (and no other distributed or decentralized ledger) is the future of finance.

In prose form this includes Adam Ludwin, CEO of Chain (here), Martin Tiller (here) and many more on reddit.

Others include Jerry Brito, executive director at Coin Center, who recently tweeted:

jerry brito tweet

Source: Twitter

At the most recent Inside Bitcoins NYC event, Barry Silbert, co-founder of DCG, spoke about several myths surrounding Bitcoin (video):

[The second myth] is that the technology is great, but the currency is not necessary. […] The reason why Bitcoin blockchain is transformative is because it’s a secure ledger and you have the ability to process large amounts of transactions.

The only reason why it is secure and it has that transaction capacity is because you have thousands of miners around the world that have been provided a financial incentive to invest resources, capital to build the facilities that is what makes the ledger secure and gives the protocol the capacity to do transactions.

So if you eliminate the financial incentive which is the currency there is no incentive for miners to mine and thereby you don’t have a secure network and you don’t have the ability to process large amounts of transactions.

Why the “only-Bitcoin” narrative is (probably) incorrect for Financial Institutions

In the other corner, Robert Sams described in detail why Bitcoin will not be the future of securities settlement, Piotr Piasecki explored a couple different attack vectors on proof-of-work blockchains (as it relates to smart contracts) and even Ryan Selkis pointed out a number of problems with the Bitcoin-for-everything approach.

So why is the Bitcoin maximalism narrative at the very top probably incorrect for financial institutions?

Because these well-meaning enthusiasts may not be fully looking at what the exact business requirements are for these institutions.

  • What do financial institutions want?  Cryptographically verifiable settlement and clearing systems that are globally distributed for resiliency and compliant with various reporting requirements.
  • What don’t they need?  Censorship resistance-as-a-service and artificially expensive anti-Sybil mechanisms.

The two lists are not mutually exclusive.  I published a report (pdf) two months ago that covered this in more detail.

Bitcoin tries to be both a settlement network and a provider of a pseudonymous/anonymous censorship resistant virtual cash.  This comes with a very large trade-off in the form of cost: as the network funds mining operations to the tune of $300 million this year (at current market prices) for the service of staving off Sybil attacks.1 This cost scales in direct proportion with the token value (see Appendix B).

The financial institutions that I have spoken with (and perhaps my sample size is too small) are interested in operating a distributed ledger with known, legally accountable parties.  They do not need censorship resistant virtual cash or proof-of-work based systems.  They do not have a network-based Sybil problem.2

If you do not need censorship resistant as a feature, then you do not need proof-of-work

Recall that one of the design assumptions in the Bitcoin whitepaper is that the validators are unknown and untrusted.

In section 1, Nakamoto wrote:

What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.   Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.  In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions.  The system   is   secure   as   long   as   honest   nodes   collectively   control   more   CPU   power   than   any cooperating group of attacker nodes.

And later in section 4:

To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof- of-work system similar to Adam Back’s Hashcash [6], rather than newspaper or Usenet posts.

Financial institutions operate under completely different conditions.  They not only know the identities of their customers, staff and partners but their processing providers are also known, legally accountable entities.  There is no Sybil problem to solve for them on the network.  There is no need for proof-of-work or $300 million in annual mining costs.

If you don’t need proof-of-work, you don’t need necessarily a token to incentivize validation or secure the network

Instead, validation can be done by entities with contractual obligations that are legally enforced: known validators with real-world identities and reputations.

Permissioned distributed ledgers using this type of known validator, such as Hyperledger and Clearmatics (disclosure: I am an advisor to both), are not trying to be “cryptocurrencies” or even entrants in the virtual cash marketplace.

Nor are they trying to provide pseudonymous-based censorship resistant services.  Instead they are attempting to provide a solution for the financial institution requirements above.

But if Bitcoin has the largest user base of pseudonymous virtual cash, wouldn’t concepts like sidechains allow systems like Hyperledger to be run on a sidechain and therefore we should all focus on Bitcoin?

Again, permissioned ledger systems like Hyperledger are not a cyrptocurrency, so sidechains (as they are currently proposed) would probably not provide any benefit to them.  Bitcoin may – temporarily or permanently – have the largest mind share for cryptocurrency as whole and for censorship resistant services but this does not seem to really be a top priority for most financial institutions.

Thus, it would be comparable to saying why don’t we connect all Excel workbooks directly onto the Bitcoin blockchain?


Source: Gizmag

Or akin to the Wright brothers trying to sell a biplane to modern day international air carriers.  Just because you created the first proof-of-concept and own a lot of equity in the companies in the supply chain for Wright brothers wooden airplanes (because you know aeronautical vehicles is a growth industry), does not mean the first model will not be iterated on and evolved from.  Even modern day dirigibles provide different utility than large wide-body air cargo planes.

There is a case to be made that you only need a token as an incentive within proof-of-work-based (and proof-of-stake) cryptocurrency networks.  Yet as described elsewhere, there are other ways to build distributed networks and economic consensus mechanisms that do not need follow the Nakamoto design (see Vlad Zamfir’s forthcoming Reformalizing Consensus paper).

Thus, the authors cited at the beginning of this post are likely asking the wrong question.  What these writers seem to be collectively saying is: “Hey banks, you want a better settlement method?  Then you need Bitcoin.”  Instead they should be asking banks, “What problems do you have?  Would a censorship-resistant service like Bitcoin’s blockchain sustainably solve that problem?”

Financial institutions each face different problems and challenges but it is unlikely that  proof-of-work necessarily solves them.3  Nor is it the case that banks need yet another currency to manage and hedge.  Though to be even handed, perhaps other financial institutions like hedge funds will find it useful for speculation.

Blocks and miners

Not to pick on Barry Silbert (this is just an example), but his statement above is wrong: “you have the ability to process large amounts of transactions.”

Bitcoin, with the current 1MB block size, is in theory able to process about 7 transactions per second.  If some of the expansion proposals under discussion are enacted, then block sizes may increase to 20 MB in the coming year.  This, again in theory, would mean that the Bitcoin blockchain would be able to process about 140 transactions per second.

One bullish narrative has been that Bitcoin will one day be able to handle transaction processing rates on part with networks like Visa (which on average handles 2,000 – 3,000  transactions per second each day).4   For comparison, in 2013 PayPal had 128 million active accounts in 193 markets and 25 currencies around the world and processed more than 7.6 million payments every day.

Baring something like a full roll-out of the Lightning Network, is unlikely to occur without the use of trusted parties.

Thus it is unclear what metric Silbert is using when he references the “large amounts” being processed, because in practice the Bitcoin network only handles about 1.5 transactions per second on any given day, and most traffic is comprised of spam and long-chains transactions and not the actual commerce that Visa handles.

trade block 1trade block 2

Source: TradeBlock

Above are two charts from TradeBlock which recently published some analysis on block sizes and capacity.  Based on their analysis and following the current trend in block size usage, the 1 MB capacity will be reached in about 18 months, so only in December 2016 will 2.8 transactions per second be achieved.  Dave Hudson ran simulations last year and came to a similar conclusion.

Further, Visa’s network — although centralized — is actually very secure (with moats and all).  No one hacks Visa, they hack the edges, institutions like Target and Home Depot.  This is similar to Bitcoin, where it is cheaper to hack Bitstamp, Bitfinex, Mt. Gox and countless others (which have all been hacked over the past 18 months), than it is to do a Maginot Line attack via hash rate.

In fact, if we measure adoption and usage by actual end users (i.e., where most transactions actually take place), the adoption is not with Bitcoin’s blockchain, but instead with trusted third parties like Coinbase, Circle, Xapo and dozens of other hosted wallets and exchanges.  As I mentioned in my review of The Age of Cryptocurrency, one of the funnier comments I saw on reddit last month was someone saying, “You should try using Bitcoin instead of Coinbase.”

blockchain longtail

Source: the long tail usage of blockchains by Vitalik Buterin

Are permissioned distributed ledgers the solution for financial institutions?

Maybe, maybe not.  It depends on if they securely scale in a production environment..  It also depends on the specific business requirements.  It could turn out that distributed databases like Chubby or HyperDex are a better fit for some problems.

It is also hard to say that a large enterprise can axiomatically replace its existing systems with a new distributed ledger network and save X amount of money.  There are a variety of costs that have to be factored in: compliance costs, reconciliation costs, legal costs, IT costs, costs from capital tied up in slow settlement times, etc. 5  Add them all together and there is, in theory, room for large saving, but this is still unknown.  It cannot be derived a priori.

Another common claim is, “Bitcoin is a larger, better supported blockchain and therefore will win out since it has market makers and market support.”

But Bitcoin, as a censorship-resistance payment rail and virtual cash, is a solution for cypherpunks, not for financial institutions who again, have known counterparties.  A proof-of-work blockchain only matters for untrusted networks and pseudonymous validators.

It may seem repeitive, but if you are designing a semi-trusted/trusted networks, then the token itself is more akin to a receipt than an informational commodity.  Bitcoin, in its current form, likely needs a token because it needs to pay its pseudonymous validators for the censorship-resistance service.  If you operate a bank, with a state charter and KYC/AML requirements, this is probably not a must-have feature.

Either way, it is too easy to become caught up in this red herring and miss the utility of a distributed settlement system for the roller coaster ride surrounding the token.

But isn’t using known validation just centralization by any other name?

No, it could be institutionalized (which is different than centralization) in that the nodes are globally separated and controlled by different keypairs and organizations.6  In effect, distributed ledgers are a new, additional tool for financial controls — and an attempt to abuse the network would require additional compromises and collusion that the edges of a proof-of-work networks are also prone to.

Yet in the event an attack occurs on a permissioned ledger, the validators are contractually and legally accountable to a terms of service — pseudonymous validators are not and thus end users for something like Bitcoin have no recourse, legal or otherwise, and are left with options like begging mining pools on reddit.7


Bitcoin may be a solution to some market needs, but it is likely not the silver bullet that many of its promoters claim it is.  This is especially true for financial institutions, particularly once the costs of mining and censorship-resistance, is added into the mix.

There is room for both types of networks in this world, just like there is room for dirigibles and jumbo jet freighters.  Yet it is impossible to predict who will ultimately adopt one or the other or even both.8

But as shown in the picture below, the Bitcoin mining game (within a game) includes mining pools that are not always incentivized to include transactions.9  Which raises the question: how can you require them to since there is no terms of service?

blockchain block 1 tx

Source: Block 358739

Every day there is always one or two blocks (sometimes more) that include a lonesome transaction, the coinbase transaction. In fact, in the process of writing this post, F2Pool included no additional transactions in block 359422, this despite the fact that there are  unconfirmed transactions waiting for insertion onto the communal chain.

Mining pools have differing incentives as to whether or not to include actual transactions, to them the bulk — roughly 99.5% of their revenue still comes from block rewards so sometimes they find it is not worth processing low fee transactions and instead propagate smaller blocks so as to lower orphan races and instead work on the next hash; see for instance Chun Wang’s comment related to F2Pool and large block sizes posted last week.

I reached out to Robert Sams, CEO of Clearmatics, who has written on this topic in the past.  According to him:

To me the crux of the issue is that permissionless consensus cannot guarantee irreversibility, cannot even quantify the probability of a history-reversing attack (rests on economics, not tech).

It’s a curious design indeed where everyone on the Bitcoin network is now known and authenticated… except the transaction validators!

I also reached out to Dan O’Prey, CEO of Hyperledger.  According to him:

It all comes down to starting assumptions. If you want the network to be censor-resistant from even governmental attacks, you need validators to be as decentralised as possible, so you need to allow anyone to join and compensate them so they do, so you need to use proof of work to prevent Sybil attacks and have a token.

If you’re dealing with legal entities that governments could shut down then you don’t get past step one. If you’re dealing with a private network between multiple participants then you don’t need to incentivise validators – it’s just a cost of doing business, just as web servers are.

Fun fact: according to, there have been 85275 blocks with one transaction and 12438 blocks with 2 transactions (the bulk of which occurred in the first year and a half).10

Is that the type of game theoretic situation upon which to build a mission-critical, time sensitive settlement system for off-chain assets with real-world identities on top of?11 Maybe, maybe not.  Both types of networks have their trade-offs but focusing on a token is probably missing the bigger picture of meeting business requirements which vary from organization to organization.

[Acknowledgements: thanks to Pinar Emirdag, Todd McDonald, Dan O’Prey, Robert Sams and John Whelan for their feedback.]


  1. This annualized number comes from the following calculation: money supply creation (1,312,500 bitcoins) multiplied by current market price (~$230). []
  2. Large institutions and enterprises may have issues with authentication and identification of customers/users but that is a separate operational security issue. []
  3. It is important to note that if the costs of mining somehow decreased then so too would the costs to successfully attack a proof-of-work network.  See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland []
  4. Note: In the UK, Visa Europe currently settles over RTGS though Mastercard does not.  See: The UK Payments landscape []
  5. Thanks to Dan O’Prey for his thoughts on the matter. []
  6. It bears mentioning that having 15 banks in 15 different countries operating validators is more decentralized than a few mining pools in a couple of countries, although it is not a fully direct comparison. []
  7. In theory on-chain “identity” starts pseudonymously and later users can either fully identity themselves (via traditional KYC, or signing of coinbase transactions) or attempt to remain anonymous by not reusing addresses and through other operational security methods.  Miners themselves can be both known and unknown in theory and practice.  Other terminology refers to them as a dynamic- membership multi-party signature (DMMS). []
  8. Peter Todd has argued that financial institutions can take a hash from a permissioned ledger and insert it into a proof-of-work chain as a type of “audit in depth” strategy. []
  9. According to John Whelan who reviewed this post, “The science of incentives is far more complex than just ‘show me the money’.  Indeed, workplace incentive specialists have coined the term ‘total rewards of work’ that recognizes that there are many levers other than compensation that may be pulled to motivate employees to perform at their maximum potential (e.g., workplace rewards).  With distributed ledger systems there is a lot of room to gain a clearer understanding of the kinds of incentives that will motivate transaction validators or nodes that offer other services such as KYC/AML, etc.  It is definitely not a one-size-fits-all.” []
  10. For comparison, Litecoin has 245447 blocks with 1 transaction and 105765 blocks with two. []
  11. At an event in NYC last month Peter Todd opined that perhaps some firms will take this risk and will encode a series of if/then stipulations in the event that a history-reversing attack occurs. []
Send to Kindle

The final version of the BitLicense was released

A reporter from CoinDesk reached out yesterday to ask if there were any questions I had in relation to the final version of the BitLicense being released.

They subsequently posted a follow-up story with one of the comments I sent.  Below are the remaining questions and comments that came to mind after quickly reading through the final BitLicense.

The current wording in the final version still seems to leaves a few unanswered questions:

1) When a miner (hasher) sends work to a pool, the pool typically keeps the reward money on the pool before sending it to the miner or until the miner manually removes it.  Would mining pools be considered a custodian or depository institution since they control this asset?  What if a pool begins offering other services to the miner and these assets remain on the pool? (e.g., some pools have vertically integrated with exchanges)  Update:  The mining pool BTC Guild has announced it is closing down and citing concerns over the BitLicense with respect to these issues.

2) Are there any distinguishing factors or characteristics for entities that issue or reissue virtual currencies?  For instance, both non-profit groups (like Counterparty, Augur) and for-profit organizations (like Factom, Gems) issued virtual currencies and it appears that federated nodes that operate a sidechain, in theory, will effectively (re)issue assets as well.  Are they all custodians?  In light of the FinCEN enforcement action with Ripple, do these projects need to be filing suspicious activity reports (SAR) as well?

3) How hosted wallets comply with 200.9(c) and whether startups like Coinbase violate that given this UCC filing (pdf)? (E.g., assuming the bitcoins held by Coinbase for customers are covered by the filing, it seems as if it could violate 200.9)

Send to Kindle

Housing all financial controls under one roof, managed by one person

A new story up on FusionFormer Mt. Gox CEO: Current Bitcoin exchanges are a ‘disaster waiting to happen’ — looks at a recent post from Mark Karpeles regarding the segregation of financial controls within the Bitcoin exchange framework.  I provided a couple of quotes for some perspective.

In addition to the snippets in the article, it bears mentioning that I would disagree with his view that it is possible to make a fully decentralized exchange today due to the fact that cash is centrally created and thereupon controlled by a variety of agencies.  He is right about the intersection of AML and how some companies are unable (or more likely, unwilling) to legally comply with it due to how they operate (such as LocalBitcoins and

As an aside, virtually most (if not all) VC-funded, US-based hosted wallet and exchange is likely in non-compliance of a variety of custodian/depository regulations though it is unclear if/when any jurisdiction will prosecute them:

One last comment about that story, there may be ways to create financial controls to reduce the ability for maleficence to occur but as Karpeles ironically pointed out (he did not acknowledge it but probably is aware of it), by converting bitcoins into an altcoin, you effectively are delinking provenance and creating a money laundering mechanism.  Based on a number of conversations with altcoin traders I suspect that a non-negligible portion of the litecoin trading volume on a daily basis (on BTC-e and are related to money laundering type of activities.  Though this would be hard to verify and prove without building a good network heuristic and/or access to the server logs at these companies.

See also: CEWG BitLicense comment

Send to Kindle

A few results from the first intentional stress test on a communal blockchain

I have covered the issue of increasing the Bitcoin block size a few times in the past:

Three days ago several individuals within the development community (and on reddit) — in order to test to see how the network would handle (and is impacted by) a large increase in transactions — went ahead and repeatedly sent transactions (via scrypts) onto the network.

Below are multiple graphs illustrating what this traffic looked like relative to “normal” days:

blockrio graphs

Source: (over the past 30 days)

Above are two charts from illustrating the block sizes over time and average block fee over the past 30 days.

transaction fees in USD

Source: (fees denominated in USD)

transactions per day

Source: (number of transactions per day including popular addresses)

excluding chains

Source: (excluding chains longer than 10)

Above are three charts from covering the past year (365 days) activity related to: fees to miners, transactions to all addresses (including popular), transactions excluding chains longer than 10 (see Slicing data for an explanation).

statoshi clearing

Data Source: / Image source (reddit thread)

Above is a screengrab from (run by @lopp).  It illustrates the roughly 20 hour time period in which this stress test took place.


There were multiple reddit threads that attempted to break down the findings, below are some of their comments with slight amendments

  • A peak of approximately 24,000 unconfirmed Bitcoin transactions occurred
  • Nearly 133,000 transactions were included in blocks during one day, a new all time high
  • Blocks became full starting at block 358596 at 23:38 UTC
  • And remained consistently full until block 358609 at 03:21 UTC
  • The majority of mining pools cap block size at 0.75 MB instead of 1 MB
  • Some transactions were “mysteriously” not broadcast until 2 hours post their actual broadcast time (Broadcast between 23- 24:00 UTC, shows 02:54 UTC)
  • The majority of low fee/minimum fee transactions required 3-4 hours for the first confirmation

Brute force fan fiction

While not necessarily a surprise, for approximately $3,000 an individual can effectively spam the network, filling up blocks and annoying users for several hours.  Because it became increasingly expensive for transactions to be included within blocks, the “attack” probably is not the most effective way to cause many transactions to be permanently slowed down.

Yet it does show that the Maginot Line narrative — that the only way to “attack” the network is to acquire hundreds of millions of dollars in hashing power to brute force the network — is just fan fiction.  A well-organized and minimally financed group of savvy internet users — not even professional hackers — can create headaches for settlement systems, payment processors or anyone else running time sensitive applications reliant on a public blockchain.

Thus, as Robert Sams pointed out a couple weeks ago: it would probably be financially irresponsible for a large organization like NASDAQ to use a communal blockchain — whose pseudonymous validators are not held contractually liable or accountable for transaction processing (or attacks thereof) — to clear and settle off-chain assets (Ryan Selkis briefly touched on a similar point last week as well).  Whether this kind of test convinces NASDAQ and others to rethink their pilot programs on a public blockchain is an open question.

Governance issues with “the commons”

Over the past 4-5 weeks there are probably well over a hundred reddit threads, blog posts and Bitcoin Talk forum posts related to increasing the block size.

Instead of rehashing all of the arguments here, the decision to increase block sizes seems to boil down to two things:

  1. Conflicts in governance (e.g., politics and special interest groups)
  2. Subjectivity in how many nodes represent “decentralization”

The first issue is much harder, perhaps impossible to solve because no one owns the network — it is a communal, public good.  Chronically lacking a clear and effective governance model, decisions are typically made based on: how many retweets someone gets, how many upvotes a poster receives, or increasingly, Six Degrees of Satoshi: how often Satoshi directly responded to your comments in the past.

We see this quite frequently with the same clique of developers using a type of argument from authority.  Perhaps they are correct and one person was left “in charge” by fiat — by Satoshi one spring morning in 2011.  Yet it was not Satoshi’s network to “give” in the first place — he was not the bonafide owner.  No one is, which presents a problem for any kind of de jure governance.1

gavin mike hearn

Source: reddit

The second issue, in terms of how many validating nodes are needed for decentralization, this is an issue that Vitalik Buterin, Jae Kwon and several others have been talking about for over six months, if not longer.

In short, as block sizes increase in size, fewer validating nodes will operate on the network due to a number of factors but largely related to the economic costs of running them (bandwidth is typically cited as the biggest consideration).  We see this empirically occur over the past 18 months on the Bitcoin blockchain (with validators dropping from over 13,000 in March 2014 to just under 6,000 today).

Appealing to amorphous social contracts

Social contracts historically fall apart due to their nebulous mandate and they also — non-governmental versions specifically — typically lack explicit enforcement mechanisms.

Bitcoin suffers from both.  There is no terms of service or explicit service agreement to the end user.  Nor is there a way to enforce an “ethos” onto a physically decentralized userbase.

Yet ironically several key developers are now appealing to a social contract to make decisions for how block sizes should and should not evolve.

Irrespective of what is decided on social media, there will ultimately be a solution that arises in the coming months, but not everyone will be happy.

How to solve this in the future?  What are other projects doing?

Tezos, if we come to believe that it is valuable or safe (because others are using it, or is scientifically verified), has a self-amending model which bakes in governance into the code itself.

Ethereum is also trying to create specific, technical ways for “explicit governance” to direct its evolution as it achieves certain milestones.  For instance, its developers plan to eventually transition the proof-of-work process into a proof-of-stake network (via a poorly marketed “bomb“).

Whether either of these projects is successful is another topic, but at least the developers recognize the governance issue as paramount to the ultimate “success” of the project.

Other projects in the distributed ledger arena, such as the “permissioned” ledgers I did a report (pdf) on earlier last month, also do not have this type of governance problem due to the fact that they each have a private sponsor (sometimes in the form of an NGO, others in the form of a company) where the buck finally, explicitly stops.

There may be non-technical ways to govern (via organizational structure), but Bitcoin’s model is both ad hoc and largely devolves into unproductive shouting matches.  Is this really how a financial system and series of products is best developed?  Probably not.

But this is a topic for political archaeologists to pour through in the coming years.

Other experts weigh in

Chun Wang, who is a member of the F2Pool operating team (F2Pool, also known as Discus Fish, is one of the largest mining pools), made the following comment two days ago on the Bitcoin development mailing list:

Hello. I am from F2Pool. We are currently mining the biggest blocks on
the network. So far top 100 biggest bitcoin blocks are all from us. We
do support bigger blocks and sooner rather than later. But we cannot
handle 20 MB blocks right now. I know most blocks would not be 20 MB
over night. But only if a small fraction of blocks more than 10 MB, it
could dramatically increase of our orphan rate, result of higher fee
to miners. Bad miners could attack us and the network with artificial
big blocks. As yhou know, other Chinese pools, AntPool, BW, they
produces ASIC chips and mining mostly with their own machines. They do
not care about a few percent of orphan increase as much as we do. They
would continue their zero fee policy. We would be the biggest loser.
As the exchanges had taught us, zero fee is not health to the network.
Also we have to redevelop our block broadcast logic. Server bandwidth
is a lot more expensive in China. And the Internet is slow. Currently
China has more than 50% of mining power, if block size increases, I
bet European and American pools could suffer more than us. We think
the max block size should be increased, but must be increased
smoothly, 2 MB first, and then after one or two years 4 MB, then 8 MB,
and so on. Thanks.

I reached out to Andrew Geyl (Organ of Corti) to see what was on his mind.  He independently concurred with LaruentMT, who suggested re-running the tests a few more times for more data:

The transaction “stress test” was well overdue. It’s impossible to understand exactly how increasing block sizes (or even reducing time between blocks) will affect transaction confirmations if we’re only using the network to capacity, and Testnet won’t be much use.

By ensuring that there were more transactions than could be confirmed, we understand a little more about the limits of the network’s transaction transmission capacity. As soon as I get access to relevant data I’ll be trying to determine what factors limited the rate of transactions per block per second.

I think this “stress test” should be run again at some point on a Sunday (when it will have least impact on network users) and – to account for variance in block making – for longer than just 8 hours. Maybe 24 hours? If we are are warned ahead of time, this might be more palatable to the bitcoin users. Think of it as preventative maintenance.

I also reached out to Dave Hudson, proprietor of  He has run a number of models over the past year; two notable posts still stick out: 7 Transactions Per Second? Really? and The Myth Of The Megabyte Bitcoin Block.  Below are his new comments:

I’d really like to have time to think about the stress test some more and to look at the numbers, but it demonstrates something that I’m pretty sure a number of people have considered before: 51% attacks are not the biggest cause for concern with Bitcoin; there are dramatically easier ways to attack the system than to build 350 PH/s of hardware.

The delays resulting from large numbers of TX’s sent to the network were entirely predictable (I did the sims months ago).

I doubt this is the only problem area. Consider (and this has been raised a lot in discussions over block size increases) that a lot of miners use the relay network. Attacking that, or shutting it down via some means would certainly set things backwards, especially if we do see larger block sizes.

Other attacks would be massive-scale Sybil attacks. I know there’s the whole argument that it can’t be done, but of course it can. It would be trivial to set up malware that turned 100s of thousands of compromised systems into Bitcoin nodes (even better if this could be done against something embedded where users don’t run malware detection).

It seems to me that the fact this hasn’t happened before is because those people interested in Bitcoin at the moment are more interested in seeing it useful than in bringing it down. When cybercriminals are extorting money in Bitcoin then they want to see it succeed too, but my guess is that if they could find some other equally anonymous way to get paid then we’d have seen some large-scale assaults, not just a few thousand extra TXs done as a thought experiment.

The problem here is that most software designers can build really good working systems. They can follow secure coding rules to ensure that their software doesn’t have resource leaks and network security vulnerabilities, but then they don’t consider any part of the system that might not be under their direct control. It’s the assumed-correct behaviour of the rest of the world that tends to be where major risks come in. Constructing a Maginot Line is a waste of time and money when the attacker bypasses it instead. In fact the perceived strengths of a defence usually lead to complacence. The stress test was a great example of this; huge amounts of time have been spent analyzing 51% attacks when this was probably the least likely attack even years ago. It’s essentially back to the crypto geek cartoon where the super-strong password is not cracked technologically, but instead by threatening its owner.

Despite what some entrepreneurs and venture capitalists have proclaimed — that there is a “scalability roadmap” — this is probably not the last time we look at this.

There are certainly proposed roadmaps that scale, to a point, but there are many trade offs. And it appears that some of the hosted wallet and payment processors that have publicly stated they are in favor of Gavin Andresen’s proposal are unaware of the impact that this type of block size increase has.  How it likely accelerates the reduction of nodes and how that likely creates a more centralized network (yet with the costs of decentralization).  Or maybe they are and simply do not think it is a real issue.  Perhaps they are correct.

One final comment — and this is tangential to the conversation above — is that by looking at the long chain exclusion chart we observe that the additional “stress test transactions” appear as normal unchained transactions.

This is interesting because it illustrates how easy it is to inflate the transaction volume metric making it less useful in measuring the health or adoption of the network.  Thus it is unlikely that some (all?) Bitprophets actually know what comprises transactions when they claim the Bitcoin network has reached “an all time high.”  Did they do forensics and slice the data?

See also: Creating a decentralised payment network: A study of Bitcoin by Jonathan Levin and Eclipse Attacks on Bitcoin’s Peer-to-Peer Network by Heilman et al.

  1. See Bitcoin faces a crossroads, needs an effective decision-making process by Arvind Narayanan []
Send to Kindle

What impact have various investment pools had on Bitcoinland?

queen bitcoinAccording to public announcements, approximately $790 million has been raised by Bitcoin-related companies over the past three years (and really in earnest since the San Jose conference two years ago).

Where did that funding go?  And how did that impact the price of cryptocurrencies?

Below I attempt to break down the numbers to answer both of the questions.

The tl;dr is that there are multiple unseen cost centers that have likely absorbed capital that would have otherwise been more productively deployed elsewhere.  Some of these costs were related to compliance — which many startups assumed would not exist or could be ignored.  Others included denial of service (DOS) and ransomeware which no one besides Bruce Schneier could have predicted or thought of years ago.

In addition, consumer behavior — or as Buck Turgidson would label “the human element” — is not behaving based on the initial assumptions of many entrepreneurs, enthusiasts and VCs.  Whereas 18-24 months ago cryptocurrency-based payment processors proclaimed that consumers would flock to Bitcoin and other altcoins as a payment rail, this has not occurred (yet).1 Stagnant tokens left in cold storage therefore impacts multiple verticals, especially those relying on large aggregates of transaction fees to fund growth as they scale up.


Investing in mining and hashing is effectively taking out a short position on fiat and long on a cryptocurrency, in this case usually USD for BTC.  It is a foreign exchange play as it enables investors to turn fiat into magic internet money without typically needing to abide by foreign exchange regulations or institutional registration requirements.  For instance, a venture capital firm is typically not permitted or allowed to use LP funds on the open market to purchase forex, or in this case cryptocurrencies — but by funding a mining company they effectively fall within a “loophole” (or at least that is how some pitch it).

What does this look like?

Listed on the continually updated – though slightly inaccurate – CoinDesk Venture Investment spreadsheet are the following capital raises specific to mining:

  • Spondoolies Tech: $10.5 million
  • Avalon Clones: $3 million (likely clones of the Avalon chip)
  • Bitfury: $40 million (in two public rounds)
  • Hashplex: $0.4 million
  • KnC miner: $29 million (in two public rounds; note that KnC however had a pre-tax loss of $4.4 million last year)
  • Peernova (raised $19 million, however they are no longer in the Bitcoin mining space and didn’t raise the Series A round based on mining products)

Not included are funding from:

  • 21inc: according to Nathaniel Popper it has raised $121 million over at least three rounds (perhaps more) and is now building Tom Sawyer botnet hashing chips — consumers are expected to collectively absorb the operating costs such as electrical and administrative costs thereby painting the proverbial white fence; consumers socialize the costs and 21inc privatizes the gains
  • Bitmain: is the largest independent manufacturer, has taken no VC money to date (fully financed via private sources)
  • CoinTerra: bankrupt, previously raised $2.2 million
  • Hashfast: bankrupt, owed creditors over $40 million, “acquired” by a Venezuelan politico
  • Alidyan: part of CoinLab, now bankrupt, spent $4 million building hashing machines
  • Butterfly Labs: sued by FTC for failure to deliver product to customers, collected between $20 million to $50 million in pre-orders, currently sending some refunds
  • Avalon: successfully pre-sold the first commercially available ASICs (see interview with Yifu Guo from Motherboard); Guo is no longer involved with Avalon and the company is now called Canaan Creative
  • ASICMINER: “Friedcat” is the Chinese businessman who created an immersion mining facility in Hong Kong and custom ASIC chip, allowing those with bitcoin to exchange bitcoins for ASICMINER shares; despite allegations, it is still unclear if he absconded with the funds of a new project called AMHash
  • Gridseed (recently merged to become SFARDS): built both SHA256 and scrypt hashing equipment; in late July 2014 they purportedly owned 20 billion dogecoins (via mining) and as recently as April 2015 still supposedly controlled 60% of the hashrate for dogecoin (the management team led by Li Feng was allegedly under pressure by investors to somehow reverse the bear market)
  • ZeusMiner: shifted from building SHA256 ASICs to scrypt (dogecoin, litecoin, etc.)
  • Genesis Mining, Mega Big Power, RockMiner and a variety of small actors in the manufacturing/proprietary farm/pool business
  • DiscusFish, consistently one of the largest pools, may or may not produce some of their own hardware
  • A smorgasbord of cloudhashing scams that didn’t actually have the actual hardware (e.g., GAW mining)

So of the ~$790 million so far:

  • $82.9 million is comprised by known mining manufacturers
  • plus $121 million from 21inc (but misclassified as “Universal” in the spreadsheet)
  • but cannot include the $19 million from Peernova (this is misreported on the spreadsheet and again, they are no longer in that specific vertical)

This comes to: $203.9 million, or about 25% of the publicly known funding has gone directly into converting one currency (fiat) into another (bitcoins, litecoins, etc.).  How much of the capital has been fully deployed to date is unclear.

bitcoin funding

Data source: CoinDesk

Can this full amount impact the market price of specific cryptocurrencies?  We will try to answer that question later below.

Startup life

There are multiple budgetary components to any startup that are not unique to Bitcoinland.

For instance, irrespective of locale, the cost of living for an employee can typically be broken down into:

  • Housing/Rent
  • Utilities (electricity, gas, internet access)
  • Phone
  • Food and clothing
  • Auto/house/health insurance
  • Discretionary income (entertainment, luxury items, vacations, investments, etc.)

We will come back to these later.

For an entrepreneur in Bitcoinland, in addition to the labor costs above, some of the company-specific costs include:

  • Domain name: a large Bitcoin API company is rumored to have spent $350,000 on a five character dotcom domain; for perspective Roger Ver rents out (domain squats?) for roughly $120,000 a year (in 2012 the highest valued domain fetched $2.45 million)
  • Legal fees: some of these are delayed via equity swap deals with law firms, e.g., independent lawyers as well as firms such as Perkins Coie may provide some legal assistance for X% of equity via convertible note; similarly regulatory consultants such as Promontory have done pro bono work to assess the lay of the land for the whole space likely with the goal of converting promising clients into retainers and so forth
  • Office rent/lease/mortgage: co-working spaces are increasingly common for many seed stage companies in order to stay lean and limit the burn rate
  • Utilities and internet access: particularly important for mining farms/pools
  • Attending events: flying to conferences and meetups (which are incidentally, probably one of the few legal, profitable areas for Bitcoin right now; Mediabistro pivoted to focus on this space)
  • Event sponsorships: food and speaker honorariums; e.g., was a lead sponsor for the O’Reilly Media Bticoin & Blockchain event, BitPay sponsored the ill-fated, one-and-done Bitbowl (Platinum sponsorship at the NYC InsideBitcoin event was $13,000 and $12,500 for Singapore)
  • Marketing and advertising: user acquisition, lead generation, brand awareness, e.g., Gyft, eGifter, and purchase many of the ad slots on reddit, various “rebittance” companies purchase ad slots on Facebook, itBit is everywhere on Twitter, ChangeTip attempted to capitalize off of the Nepal earthquake and curates sock puppet spam (BashCo, a reddit moderator now works for ChangeTip)
  • Front-end design: can reach $75,000 to $100,000 and there are now companies such as Humint and Bitsapphire catering to cryptocurrency-related startups
  • Advisory fees to banks: American Banker recently explored the rumors that banks such as SVB charge its clients (such as Coinbase) a monthly “advisory fee” (payola?) which could range $20,000 – $60,000 per month
  • Lobbying special interest groups: a number of Bitcoin-related startups donate to non-profit organizations which in turn pays the salaries for staff at Coin Center, Chamber of Digital Commerce, The Bitcoin Foundation and others in order to influence policy making
  • Board of Directors and Advisors: Larry Summers (Xapo, 21inc), Arthur Levitt (BitPay, Mirror), Sheila Blair (itBit), Gene Sperling (Ripple Labs), and several other VIPs; while some of these relationships are in exchange for equity (0.5%-2%) others may be in the form of cash ($5,000-$10,000 per month) — either way, not free
  • Company outings and vacations: ChangeTip flew out to Argentina, another well-heeled group went to Malta, while others have had traditional typical perks (e.g., company lunches and dinners)
  • Money transmitter licenses: in addition to maintaining a compliance team that regularly submits SARs, it currently costs about $2-4 million to obtain the necessary MSB licenses to operate in all states within the US (recommend readers chat with Faisal Khan and Juan Llanos for more info)
  • Insuring virtual currencies that a company may hold in custody: Xapo, Coinbase, BitGo, Gemini and others now advertise that the holdings (of some kind) are insured by third parties (and purportedly even the FDIC in the case of itBit)
  • Acquiring and maintaining an inventory of cryptocurrencies: many wallets and exchanges need to maintain some kind of ‘hot wallet’ so that customers can quickly transfer their virtual assets.  For instance six days ago the hot wallet at Bitfinex was compromised and a hacker stole 1,459 bitcoins, earlier this year Bitstamp’s hot wallet was hacked and lost 19,000 bitcoins, Coinfloor stated two weeks ago it holds 5,081 bitcoins on behalf of customers and as of this writing Bitreserve states it has $1,716,030 obligations to its customers.  In addition many exchanges run prop desks to trade liquidity with partners (e.g., most VC-funded exchanges have an OTC team that handles large block trades)
  • Customer service and bug bounties: reimbursing customer for problems with R values/RNGs.  For instance, in December 2014, used untested code in a production environment that cost customers at least 267 bitcoins (and again on May 26, 2015).  In April 2015, reddit user vytah fixed a BitGo integer overflow error that cost a customer 85 bitcoins
  • Denial of service (DOS) vandalism and extortion: commonly happens with mining pools (competing pools threaten to do a denial of service unless a certain amount of bitcoins is paid) — in March 2015 at least five different pools were targeted; also happens with media sites such as when Josh Garza (from Paycoin/GAW mining) allegedly attacked Coinfire to prevent stories regarding scams/fraud from surfacing
  • Ransomeware: as noted last month while this type of malware has existed for several years, CryptoLocker itself stole nearly 42,000 bitcoins in the fall of 2013, thus signaling to market participants that this successful method of attack could be copied.  According to Dell, during a six month time frame last year, “CryptoWall infected more than 625,000 computers worldwide, including 250,000 in the United States. During that time, the gang that operated CryptoWall raked in about $1 million in ransom payments.”  Currently hackers are targeting smaller and more marginal actors.  For instance, two months ago the network for Swedesboro-Woolwich School District in New Jersey was held hostage for a 500 bitcoin ransom.  And the Tewksbury Police Department system in Massachusetts recently became just one of many public organizations that has paid similar ransoms in bitcoin.

It is still unclear how much of these variables will ultimately absorb the budgets of each startup.  Not everyone is targeted with ransomeware, some startups eschew conferences and others are uninterested in building consumer facing products.  Similarly, some early employees are content with living in a SOHO or communal setting, thus reducing a rent component for someone.

At some point as the industry matures, as companies are acquired or even go bankrupt, we will likely have a better picture of percentages for each of these categories.  It could be the case that as Bitcoin-related custodians and depository institutions grow and merge, they will continue to absorb the costs borne by the traditional financial industry.

Ignoring the cryptocurrency-related challenges (such as securing hot wallets), perhaps several of these entities named above will end up needing to acquire the same licenses and charters as their peers (banks) do and thus could materially impact their balance sheet and growth targets.2  Thus it will be worth revisiting these shifting characteristics again at the end of the year if not sooner.

Converting salaries into bitcoins

bitwageAnother bullet point that is of interest to this conversation yet falls in the cracks between employer labor costs and employee discretionary income are: those individuals who convert part, or all of their salaries into bitcoins.

Most, if not all, Bitcoin-related organizations now offer some method to convert fiat-based salaries into cryptocurrencies.  Bitwage is a startup that provides a conversion service to do so.  Prior to this service (which BitPay also does), some organizations like The Bitcoin Foundation, at one point (perhaps it still does) offered to pay salaries based on a 30-day rolling average of bitcoin-to-fiat.

Another tangential example: one VC-funded Bitcoin company that raised more than $20 million late last summer bought a tranche of bitcoins (then valued at around $1.5 million) to lay aside for employee benefits.  Their employee deal is to hand over some options in future bitcoins so they wanted the bitcoins locked in to handle the employee liability.

In another instance, it is also worth noting that the $30.5 million round (the largest Series A so far) that was announced in October 2014, was a mixture of bitcoin and USD (primarily USD).

What is the impact on the price of cryptocurrencies if all the employees at these startups converted their salaries into cryptocurrencies?

This has not been analyzed due largely to a lack of public information yet but it bears mentioning that it is likely that most, if not all, employees cannot fully convert their entire salary into cryptocurrencies because, for example, their land lord or utility company likely does not accept it for payment.  Perhaps this will change in the future, until then however: rent, utilities, phone service, food and insurance are probably still largely paid for with fiat.

Recall that each startup also has its own cost structure, some attempt to position themselves as a “just” a software company while others try to compete in the compliance-heavy and saturated exchange/wallet market place.  Thus the types of costs each company has is not uniform.  What this also means is that some portion of the VC funds that have gone into these companies is likely, ultimately kept in fiat and not converted into cryptocurrencies.

But, there is still more to look at.

The on-going Bitcoin crowdsale

Approximately every 10 minutes the Bitcoin network generates 25 bitcoins.  Miners (collectively in the form of mining pools) compete with one another over winning these tokens.  They do this by coordinating with hashing farms which consume large quantities of capital (primarily electricity) to rearrange a few attributes with the goal of finding a target value below a certain threshold.

In a sense, Bitcoin mining is an on-going auction, or crowdsale, to convert one currency for another.  And miners continually bid up to an equilibrium threshold in which the marginal costs of creating a bitcoin equals the market value of a bitcoin (i.e., in the long run it costs a bitcoin to create a bitcoin).34

In theory, over the past two years roughly 2,625,000 bitcoins were created.  In practice the actual amount is about 10% larger due to the fact that blocks are not being created at 10 minute intervals but much quicker, as fast as 7 minutes during October 2013 (as of this writing it is roughly every 8-10 minutes; see Appendix B).  Thus, whereas block reward halvings were expected to take place once every four years, this has accelerated by several months.

The first halvening occurred in late November 2012 and the next one is expected to occur at the end of July or early August 2016.

How does this impact the fiat-denominated price of bitcoin?

If the average weighted fiat value of bitcoin over the past 24 months has been $400 then based on the theoretical growth in money supply approximately $1 billion in bitcoins have been auctioned off to mining pools over the past two years.  Yet because the supply has increased 10% faster than the actual number is probably closer to $1.1 billion.

What does this mean?

This means that the capital spent on mining — primarily a wealth transfer to utility and manufacturing companies — still far outpaces VC investments, especially once mining-related investments are accounted for.  Altogether, once publicly announced mining investments are removed this amounts to $590 million, not $790 million.

Or in other words, since mining pools, farms and hashing participants ultimately have to sell their $1.1 billion in block rewards to pay for land, labor, taxes, equipment and electricity there is a continuous sell-side pressure on bitcoin that even all of the publicly announced VC financing cannot fully absorb even if it were allowed to.  But that does not mean it has not been dampened.  And it is also known that some of the farms and pools have  attempted to hold onto large bitcoin holdings with the expectation that these will appreciate or due to the inability to find reliable OTC partners to liquidate them without slippage.

Based on known figures above, in percentage terms, the acquisition of block rewards via VC mining investment represents about 18.5% of the $1.1 billion rewarded to miners.

While we may not know the exact numbers that venture backed firms, their employers and their investors have spent acquiring tokens, it is likely that the amount is non-negligible and perhaps even has much as several hundred million if not more.

For instance, Tim Draper publicly bought around 32,000 bitcoins last year (from the DPR/Silk Road auction, not freshly mined coins).  While it is unclear where these bitcoins will go, Boost VC (run by his son Adam Draper) is investing an additional 300 bitcoins in each startup that completes demo day (there were 24 startups in the most recent tribe, 21 of which are Bitcoin-related).  Entities like Seedcoin (renamed Coinsilium) have also tried funding startups this way.  This type of fiat conversion into bitcoin could absorb some of the sell-side pressure that comes from seizures, payment processors, miners, ransomeware and scammers liquidating their holdings (see Flow of funds).

There is some added historical precedence to this.  For instance, and as copiously noted in Nathaniel Popper’s new book, between January through March 2013, at least a dozen or so high-net-worth individuals such as Wences Casares, executives at Pantera and the Winklevoss twins collectively bought tens of millions of dollars worth of bitcoin.  The demand of which resulted in a rapid increase in market prices.  On the other hand, a few years from now when we have more data, there may not be a direct causality between outside investment and what effect that had on the price of cryptocurrencies.

Yet, with $1.1 billion in mining rewards virtually popping onto the scene, why is the community still relying on venture capital funding at all?  This native pool of virtual capital created in the past two years alone surely is capable of funding internal improvements and enhancements to the ecosystem?

To be even handed, it is also about having access to the capital (irrespective as to whether it is virtual or fiat-based)..  In practice an individual with an idea is unable to approach miners and ask for capital — many of the pools and farms are not set up or positioned to act as investors and many prefer to remain unknown.  Thus in practice it is probably easier to raise from dedicated firms that advertise the fact that they fund startups (like incubators and accelerators).

A year ago at the May 2014 Amsterdam conference, Robert Sams elaborated on this issue:

There is a different reason for why we maybe should be concerned about the appreciation of the exchange rate because whenever you have an economy where the expected return on the medium of exchange is greater than the expected return of the underlying economy you get this scenario, kind of like what you have in Bitcoin.  Where there is underinvestment in the actual trade in goods and services.  For example, I don’t know exactly how much of bitcoin is being held as “savings” in cold storage wallets but the number is probably around $5 billion or more, many multiples greater than the amount of venture capital investment that has gone into the Bitcoin space.

Wouldn’t it be a lot better if we had an economy, where instead of people hoarding the bitcoin, were buying bitshares and bitbonds.  The savings were actually in investments that went into the economy to fund startups, to pay programmers, to build really cool stuff, instead of just sitting on coin.  I think one of the reasons why that organic endogenous growth and investment in the community isn’t there is because of this deflationary nature of bitcoin.  And instead what we get is our investment coming from the traditional analogue economy, of venture capitalists.  It’s like an economy where the investment is coming from some external country where Silicon Valley becomes like the Bitcoin equivalent of People’s Bank of China.  And I would much prefer to see more organic investment within the cryptocurrency space.  And I think the deflationary nature of bitcoin does discourage that.

It is likely the case that VC funding, and therefore LP funding, is currently propping up both the ecosystem and maybe even the price due to the fact that consumer demand, via transactions remains muted.

How do we know this?

The majority of bitcoins, 96% to be precise, stored in Xapo are inert and that a similar amount is likely left inactive in Coinbase (both of whom store investor and venture partner funds as well).   We also know this is the case indirectly via payment processing figures such as BitPay (as shown below), which have effectively plateaued.

In short, because of a dearth of transactional demand, the internet commodity is reliant on speculative demand to fulfill any movement in market prices.  Perhaps this will change in the future with projects such as BitX, and Alliance Commerce which have been gaining genuine traction.

What, as Sams suggests, would it look like to actually fund internal improvements or other projects with this virtual currency instead of relying on the People’s Bank of China, Silicon Valley or other outside entities?  Where, as economist might say, is the circular flow of income?

Crowdfunding altcoins and altchains

What about non-VC funded startups in this overall space?  What are some examples of people attempting to put to work the virtual capital without relying on exogenous sources?

In early January I looked at a number of the “initial coin offering” (ICO/ITO) that have occurred over the previous 18 months.  The list included:

  • Mastercoin raised 4,740 BTC in August 2013
  • NXT raised 21 BTC in November 2013
  • Maidsafe raised 7,368 BTC and “95,000 MSC” / BitAngels ‘loan’ in April 2014
  • Swarm raised 1,252 BTC in June 2014
  • Bitshares AGS raised 5,621 BTC and 415k Protoshares in July 2014
  • Viacoin raised 610 BTC in July 2014
  • Ethereum raised 31,529 BTC in August 2014
  • StorJ raised 910 BTC in August 2014
  • SuperNET raised 1,201 BTC and “4,536 BTC equivalent” in Sept 2014
  • Peertracks (Bitshares music) raised ~1,436 BTC in November 2014
  • Bitbay raised 5,000 BTC in November 2014
  • Ziftr raised around “2,000” BTC (more than $650k) in Dec 2014
  • Gems raised 2,600 BTC in Dec 2014

Since then, there has been at least one other large token sale, through Factom.  Over the past two months it has received 2,278 bitcoins.

Altogether this amounts to 66,566 bitcoins raised by 14 projects in about 21 months.5

This may sound like a lot, and perhaps it is relative to the illiquid altcoins it represents (such as Mastercoin which has been rebranded as Omni), but for perspective the Bitcoin network generates roughly 3,600 bitcoins per day — an on-going token sale that continually absorbs more real-world capital and resources than most of these projects collectively do.

Yet despite this level of external funding, participants still prefer to store and hold and not actually spend due to a variety of reasons including low time preferences and the expectation that token value will increase. Perhaps that will change in the future.

Furthermore, it bears mentioning that crowdsales such as those above, are not circular.  Costs nearly always end up being paid for by selling the received currency (bitcoin mostly) for fiat.  In practice it is less of a circle and usually just an added step: bitcoin wallet -> altcoin crowdsale -> convert to fiat -> pay real-life costs.

While a number of these projects are still less than a year old, where are the scorecards for other cryptocurrency-only projects?  For example, in 2012, administrators at Bitcoin Talk raised nearly 7,000 bitcoins to build a new forum.  What about other projects that are paid for directly with other cryptocurrencies such as those on Lighthouse?

Open questions about the circular flow of LP funding

flow of investment funds in bitcoinland[Note: the image above is a variation of my previous illustration on the movement and source of funds within Bitcoinland]

There are a number of popular predictions percolating on the tubes including Bitcoin investments which are on pace to reach $1 billion by the end of the year.

Perhaps that will take place, however at some point these companies will need to generate some kind of actual non-sock puppet traction and returns to justify their 4x, 5x, even 6x valuations.  If not, then VC funding could decline as they did with cleantech.

How would a decline impact services?

For instance, it is unlikely that more than a handful of non-VC funded companies or individuals are actually paying for API access at platforms such as, Gem or BlockCypher (not to pick on them, just an example).  Perhaps this will change in the future.

Yet by looking at the customer list at API companies we notice two things: 1) these customers are similarly VC-funded startups, 2) most of these services have no real traction yet either and are themselves reliant on VC-funded customers.

If and when VC funding dries up this could have a knock-on effect on both of these as the solvency of other virtual currency startups is heavily reliant on a VC-subsidized customer base and the price of bitcoin itself (if it does not dramatically rise by several orders of magnitude then the forex play does not pan out).

Or in other words, what economists would want to see is a circular flow of income yet what we see occurring is a circular flow of VC funding (or rather LP funding).6

If VC funding withdrew it could not only impact the hashrate (as VC funded miners are turned off) it also could impact the fees to miners.  Why?  Because VC funded companies are more likely to send higher fees because they can dig into what amounts to VC subsidies which currently masks some of the dysfunction in the fee system.

In addition, recall that nearly half of BitPay’s volume last year were miners selling block rewards and other people buying IT services (which could be GPU-based mining gear).  If this extends to the rest of the active, non-cold storage Bitcoin economy as a whole, then the miners collectively account for a large portion of the supply and perhaps even the demand of bitcoins (due to keeping tokens on their books as long-term bets on the appreciation of the token).  People in general are excited about the forthcoming halving because it decreases supply and therefore sell-side pressure, but if the mining industry shrinks, its ripples then impact those dependent on its sales such as non-diversified payment processors.



Source: XKCD

Perhaps as the bullish narrative states, increased consumer demand is around the corner and the trends above will drastically change.

In the meantime some startups in this space are still typically trying to evolve along the lines of an early stage social media app: build an MVP, raise a seed, acquire users, rapidly introduce new features, manage a rational head count and steady burn rate for 12 months before raising the next round all while trying to allegedly build Wall Street 2.0.

While the “move fast and break things” mantra may work for certain sectors of the economy, it probably does not work as effectively with finance.  And contrary to the wisdom from some venture capitalists in this space, nearly all the verticals in the Bitcoin-space are attempting to recreate a financial product or service of some kind that is based on the success of the currency being widely adopted/transacted/used.  Forex plays.

What does that mean?

Last November I made a trip to Singapore and heard a Los Angeles-based VC claim that “Bitcoin and Hashcash reinvented economics” and that we could ignore the world of finance and economic gurus.

Perhaps she is right.  But probably not.

Trying to reinvent hospitals without talking to doctors or nurses would be short sighted just as building a car without talking to mechanics and engineers would likely be asking for problems.

Bitcoinland is filled with hundreds of very bright computer scientists and entrepreneurs who are being funded by well-intentioned capitalists with a mandate to take risks and attempt to disrupt incumbents everywhere.  For instance, who would have guessed three or four years ago that conditions in mainland China, when coupled with guanxi in exchange for sweet land and energy deals, would incentivize a cottage industry of pools and farms to set up shop and pump out more than half the network hashrate?7

However, while this topic is beyond the scope of this article, Bitcoin itself does not natively replicate the plethora of financial services or instruments that the real world currently provides; and its current internal monetary system incentivizes users not to actually spend magic internet beans as they would actual currency but rather store them indefinitely.

Instead it has come down to limited partners — pension funds, insurance companies and high-net worth individuals — whom are directly trying to build a new financial ecosystem yet who, as shown in the flow chart above, indirectly end up owning a lot of this economic dead weight in the form of frozen virtual beans.  These tokens, like gold before them, do not provide dividends or interest, they cannot be natively relent without introducing a new trusted third party and thus are unable to generate additional wealth.8

Again, trends can always change, perhaps linear growth will indeed catalyze into exponential curves.  Perhaps rumors of “major deals” between Bitcoin companies and large banks will eventually germinate and DCG or the Argentinian community buys Necker Island with a few satoshis next year.910 Yet so far, about the only two exponential phenomenon we can empirically observe thus far is the usage of the terms “exponential” and “network effect” at conferences and in media.  Just three more to go and we can finally get a bingo.

[Acknowledgments: thanks to Pascal Bouvier, Ben Doernberg, Dave Hudson, AL, Jake Smith and Fabio Federici for their feedback]


  1. Or in short, the only real activity that seems to be going on still is day trading and arbing, no real above-board commerce yet. []
  2. It bears mentioning that there has been a lot of bonafide innovation and traction around multisig security.  This includes firms such as BitGo, GreenAddress and CryptoCorp as well as hardware “wallets” such as Ledger, Case and if the definition is slightly stretched, Trezor.  Note: as of this writing that an increasing portion of bitcoins have moved to P2SH. []
  3. There are exceptions to this rule, some farms such as those operated by Bitfury and by independent groups in China have “bumper” coins, their costs are significantly lower than competitors and therefore their profit margins are larger. []
  4. See The myth of a cheaper Bitcoin network: a note about transaction processing, currency conversion and Bitcoinland []
  5. The Bitcoin network creates roughly the same amount of tokens in just under 19 days. []
  6. Perhaps this is part of the “fake it till you make it” strategy and some could be argued that this is needed during the journey across the chasm.  And perhaps the VCs pushing this could be right in the long run.  Everyone likes line charts that go up, even if you or others in your industry are paying to make the line rise. []
  7. See Chapter 5 and Bitcoins: Made in China []
  8. See Can Bitcoin’s internal economy securely grow relative to its outputs? []
  9. In addition to pilots from Tembusu, Eris, Ripple Labs and other distributed ledger groups (which are not Bitcoin related), some notable startups trying to bridge Bitcoin directly and specifically with the world of finance include TeraExchange, SolidX, LedgerX, Mirror, Gemini, Open Assets (which NASDAQ is apparently trialing out), TradeBlock, ChromaWay and Hedgy.  See also No, Bitcoin is not the future of securities settlement by Robert Sams []
  10. For some observations on Argentina see also Can Bitcoin Conquer Argentina? by Nathaniel Popper []
Send to Kindle