Outside of my day job (at Clearmatics) I have spent the past couple of months designing a new synthetic asset protocol that uses a rebase technique to stabilize an asset at a target level. I call it the (τ) TAU Protocol.
Frequent readers have probably seen my writings on stablecoins, mining, and DeFi- related topics. For TAU, I started the process in reverse: I knew what I wanted to stabilize but wasn’t quite sure how to get there. What do I mean?
The landscape of synthetic asset-focused projects is something I have discussed multiple times. My most recent pinned tweet was an entire paper on a specific type of stablecoin that relies on exogenous banks to provide utility.
As a thought experiment, what if instead of trying to stabilize around $1 USD, the protocol tries to stabilize an existing cryptocurrency but do so on a separate blockchain… and do so with as little manual intervention as possible. In steps rebasing.
Note: in 2014 several proposals were published on the idea of stabilizing bitcoins price with respect to the U.S. dollar:
My boss (Robert Sams) wrote a paper around the same time called “Seigniorage Shares,” which outlined a way to stabilize a PoW coin using endogenous information. The idea would later spawn a couple dozen (mostly broken) efforts now live on a couple of public chains.
One notable exception to these failures is FRAX (thus far), which uses a reserve fund partially collateralized in USDC. This is an interesting workaround.
One of the problems with rebase protocols is that once the peg declines from the 1.0 target level it can be hard to credibly move it back up: if it goes above the target the process is a bit easier, solved via inflation.
So to recap: the goal is to synthesize an asset (tAsset) and maintain its target value relative to its facsimile on a different blockchain… and to have a credible way of supporting the rebasing process. How would you go about stabilizing a tAsset in practice?
One way is to follow the model of FRAX or other (partially) collateralized stablecoins: with a fund. But setting up a fund of coins that reside on one blockchain to be used on another is hard. For instance, Bitcoin only resides on the Bitcoin network, right?
Actually over the past couple of years there have been ways to tokenize or “wrap” assets from one chain and shuttle them over to another. However, these often involve new trust models (and attack surfaces).
To-date about 1% of all mined bitcoins have been tokenized or wrapped and “transported” over to Ethereum. But to interact with WBTC on Ethereum mainnet can be expensive at times. Back in January I thought: has anyone tokenized hashrate itself onto another chain? Yes it has.
After some googling I came across a paper from Alex Zhao at BTCST. They had figured out how to tokenize hashrate onto a fairly inexpensive EVM chain (BSC). I reached out to explain what I had in mind for a new Protocol idea. And they decided to try and implement it.
Another quick reminder: a Protocol is separate from an implementation. For instance, in Ethereum the “Yellow paper” provides a neutral Protocol specification from which independent parties can build client implementations of. For TAU, I am striving to reuse a similar model.
Today, the initial Protocol idea (and paper) was announced for TAU. Next week the BTCST team will implement it live. Note: while I am currently assisting them as a protocol advisor I want to make it clear that this isn’t my day job and that others can build implementations.
Lastly, I have some additional ideas for how to expand and enhance the Protocol in the future and am keen to see what kind of feedback and modifications the larger cryptocurrency community may have, especially if it includes ways to minimize manual inputs.
Was recently talking to a close friend who has been working on an insurance-focused technology company the past couple of years.
I gave him this list of projects and asked him how he would categorize them:
At first glance he thought there were roughly two buckets: protection against loss, theft, and smart contract failure versus DeFi insurance platforms and parametric risks. But then Nayms is a platform and marketplace so what are other nuances?
According to him, a lot of “insurance” above is really just a derivative product so in practice most of these are basically just prediction or options markets: you are betting a contract will not fail and hoping the pseudonymous claims committee rules in your favor.
A counter-argument is that all insurance is like that conceptually. But in reality, insurers try to underwrite the risk which then leads to a pricing exercise, but the prices are grounded first and foremost in risk and then market forces adjust pricing. As opposed to a pricing exercise which seems a bit divorced from the risk but mainly driven by the price action of a coin.
Parametric risks (such as Etherisc)
Centralized Insurance (only a handful of stealth providers)
DeFi “Insurance” (similar to an option: if this thing doesn’t work I pay you monies, but it’s not designed as an insurance product…a subtle but important difference)
What are some other projects and categories to add in the future?
For more context, I highly recommend this thread on “DeFi insurance” from Lucius Fang (who is a trained actuary).
Lastly, I reached out to Stephen Palley, a cryptocurrency-nerd / attorney who specializes in suing insurance companies. According to him:
So the big issue for me — and I am planning on doing a long form piece on this — is that people who sell insurance are subject to a maze of state level regulatory and licensing requirements that they so far have seemed happy to ignore. If/when/as this gets bigger, people will go to prison.
It’s a huge opportunity for people who want to do things the right way. But as is typical, you have a lot of people who are jumping in who don’t actually know eff all about the foundations they are building on.
Over the past couple of years there has been a lot of activity not just in DeFi but in the evolution of on-and-off chain platforms for trading derivatives and perpetual contracts.
Below is a non-exhaustive table that attempts to segment and differentiate who some of the major players known. It is a work in progress and likely is missing some parts. For instance, of those listed: Synthetix and uSTONKS are the only ones that track indices and Mirror (built on Terra) attempts to track real world assets. A notable company excluded from the list: FTX (a large CEX) trades tokenizes equities and indices.
Own Layer I
Perpetual Protocol (xDai Chain)
Ethereum Layer I / II
BBX (sub of OKEx)
What is missing, what should be added, what nuances should be made?
Below are list of interviews, presentations, panels and other public facing engagements I have been involved with the past couple of years. Taking care of a newborn (now toddler) during a pandemic has dampened some of the external engagement relative to prior years.
[Note: an IPFS and PDF version of this paper is available. The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
This paper looks at the energy consumption of seven proof-of-work-based anarchic (public) blockchains such as Bitcoin and Ethereum. By using a hashrate division method – similar to the Cambridge Bitcoin Electricity Consumption Index – a lower bound and upper bound of mining hardware are provided. Based on this method we are able to show that proof-of-work chains continue to consume resources in direct proportion to the underlying coin value. Due to the rapid increase in coin value, proof-of-work-related activities – such as semiconductor manufacturing – are once again squeezing supply chains and retail channels, crowding out socially productive goods and services from entering the marketplace.
The model identified a bounded range for energy consumption. If we took the most efficient energy consumption assumptions (the lower bounds), these seven proof-of-work chains in aggregate consume 59.3 TWh per year, or roughly the footprint of Kuwait. In most cases – such as with Bitcoin itself – the lower bound is not realistic because the necessary amount of hashing equipment (miners) for that degree of efficiency has not been manufactured. In contrast, if we took a less conservative assumption and used the upper bound these same proof-of-work chains in aggregate consume 180.1 TWh per year, or roughly the footprint of Poland or Thailand. The upper bound scenario is likely unrealistic for coins that have seen their value (measured in USD) decline or stay the same (such as Litecoin). For those that have seen rapid appreciation (such as Bitcoin), it is possible that older equipment has temporarily been reconnected.
The paper is organized into several sections. Sections 1-4 provide a foundation for understanding how traditional financial market infrastructure, such as a real-time gross settlement (RTGS) system, operates, and uses Bitcoin and Ethereum as examples of how proof-of-work-based systems inherently result in socialized losses and e-waste. Section 5 contains calculations of smaller proof-of-work networks. Section 6 is a summary of the calculations found in the preceding sections. Sections 7 and 8 briefly look at misinformation spread as memes on social media. Sections 9 and 10 look at news reports covering several large ASIC and GPU mining operations. Section 11 provides several recommendations framed as a Call to Action.
This paper is a sequel to our occasionalseries on the energy consumption of proof-of-work (PoW) cryptocurrencies such as Bitcoin.
We will get to resource consumption in the next section, but let us start in reverse order this time.
Many Bitcoin promoters conjure a future world in which the future of finance clears and/or settles on the Bitcoin blockchain, and in which that the demand for PoW generating equipment (miners) will simultaneously usher in a greener world.
Putting aside the continual greenwashing that many advocates are guilty of, some of the same promoters are unaware of how clearing and settlement occur in existing financial market infrastructure.1 Take for example, a real time gross settlement (RTGS) system such as Fedwire.
Fedwire is categorized as systemically important financial market infrastructure due to the enormous amount of value it transfers and secures.
In 2018, Fedwire executed 158 million transfers with an aggregate value of $716 trillion (Federal Reserve, 2019). While many of the fund transfers executed by Fedwire were of small value, the average value per transfer in 2018 was $4.5 million.
Bureau of Economic Analysis (2019) estimated that 2018 total gross domestic product (GDP) was $20.5 trillion (para. 12). Fedwire may be viewed as a kind of force multiplier for the American economy by processing annual banking payments at 35 times the country’s GDP. Further evidence of Fedwire’s role promoting the efficiency of American financial markets can be seen by considering Fedwire payments against the aggregate value of all deposits at U.S. lending institutions – $12.6 trillion in March of 2019 (Federal Reserve Bank of St. Louis, 2019). Fedwire payments for the previous year were 57 times this figure.
We have discussed these types of large aggregates before in the past. For instance, a December 2015 paper from the Federal Reserve Board pointed out that, in the aggregate, U.S. payment, clearing and settlement systems process approximately 600 million transactions per day, valued at over $12.6 trillion.
When we mention these large, socially significant aggregates in conversations and debates at cryptocurrency-related conferences and events, many promoters are at a loss for words because they are unaware of these post-trade processes.
Another group – typically self-deputized coinfluencers – will proclaim that Bitcoin can move and secure the same value if not more, via metaphors.
The container ship fetish is a sleight-of-hand trick because Bitcoin versus a RTGS is not even a false dichotomy.
Simply: the Bitcoin blockchain only transfers and secures bitcoins. It does not move actual money like Fedwire does.2 In point of fact, all ramps into and out of the Bitcoin network necessarily involves connections and hooks into traditional financial infrastructure. Bitcoin is co-dependent on traditional finance, not the other way around. In other words, Fedwire can (and does) live without Bitcoin but Bitcoin intermediaries cannot live without Fedwire or other RTGS systems.
A tangentially related argument is that Bitcoin transactions are structured to move blocks of data that can include additional information beyond bitcoin itself: even if a single coin is a ‘container ship,’ Bitcoin structurally has more capacity or flexibility than traditional networks.
The problem with this argument is that it is entirely possible to do that with a non-proof-of-work system as well. In fact, a blockchain may not be necessary at all. The fact the U.S., or international co-ops like SWIFT, set up its payments system to move around specific types of (messaging) data was a generational choice but not a permanent design constraint. In other words, a PoW-based network architecture does not have an exclusive monopoly on richer or broader forms of data. That is a red herring when comparing the two systems.
What about “stablecoins” piggybacking on top of Bitcoin?
The ongoing growth of parasitic stablecoins (such as Tether) rely on reliable banking access, specifically dollars cleared by the New York Federal Reserve. Not to mention all the new traditional-style institutions and intermediaries hooking into Bitcoin for custody and trading. Don’t like old, monocle-wearing trusted third parties? Here are newer, hoodie-wearing trusted third parties to hold your coins!
More to the point, the majority of Bitcoin transactions today are simply bitcoins moving from one known intermediary to another, typically between coin exchanges for speculative purposes. If most of the endpoints and miners are self-doxxed then there is no longer a Sybil attack problem, removing the raison d’etre for proof-of-work.
How can we visualize this?
The monthly line chart (above) shows the USD value of bitcoins received by merchant services during the four year period (January 2017 – December 2020). Merchant services include processors such as BitPay, whom we have written about many times.3
Despite oodles of free marketing that bitcoin has received, payment-related activity is still lower than during the 2017 bubble. By some measures it is a zombie chain because Bitcoin users do not spend volatile chainletter earnings. Or more precisely, merchant processors handled less than $4 billion of bitcoin last year.
What is another key difference between an RTGS and proof-of-work chain such as Bitcoin?
We have discussed this multipletimes but it bears repeating: proof-of-work chains – by design – allow mining participants to fork or reorganize the chain. Block making is permissionless. Now in practice, this does not frequently happen because the cost to acquire hash-generating equipment needed to successfully double-spend or reorg a chain is often quite prohibitive.
Either way, all a proof-of-work chain can guarantee is probabilistic finality that some type of confirmation has occurred but that there is a possibility that a well-funded attacker could reverse or reorganize the chain. For example, in August 2020, Ethereum Classic was hit by three separate 51% attacks, one that was more than 7000 blocks deep.
In practice, the way some financial institutions involved in the cryptocurrency world (such as trading desks) mitigate the risk of a double-spend or reorg is requiring a certain amount of blocks confirmed (often 3-6 confirmations) before allowing users to have access to recently transferred funds.
Fedwire transfers are one-way, which means banks can wire funds out, but cannot debit other banks and wire funds in. Fedwire is a payment system and does not perform the traditional banking functions of managing deposits and withdrawals. It simply transfers funds between accounts within the Federal Reserve System. Once Fedwire transactions are complete, they are irrevocable.
What about the actual network infrastructure? Surely Fedwire needs millions of hash-generating machines to secure all of those transactions each day!
According to (Bilger 2020) Fedwire has around 6600 nodes, 25 which are considered “core” which also have backups in case of disruption. Critically: none of the nodes in Fedwire is purposefully consuming oodles of extra energy to generate hashes.
Because there is no Sybil attack problem in Fedwire, there are no nyms. Anarchic chains such as Bitcoin – by design – allow pseudonyms to participate in block making. To make it expensive to double-spend or conduct a block reorganization, proof-of-work was purposefully integrated in Bitcoin so that the attacker has to expend real economic resources to succeed.
This entire kludge is negated in Fedwire because all participants are known: it is permissioned.
What does this image (above) represent?
A single day of Fedwire transactions in 2004. According to (Bilger 2020), a group of researchers isolated links and the nodes that connect them, that team was able to determine that just 66 nodes and 181 links comprised 75% of the value of daily payments. These core nodes and links are illustrated above. And as mentioned a moment ago, the inner ring of approximately 25 densely connected financial institutions is also evident.
What does this all mean?
The participating computing infrastructure for Fedwire involves between ten and twenty thousand computers, none of which need to generate SHA256 hashes. Its participants securely transfer trillions of dollars in real value each day. And most importantly: Fedwire does not take the energy footprint of Egypt or the Netherlands to do so.
As we will see below, the more than 2 million machines used in Bitcoin mining alone consume as much energy as Egypt or the Netherlands consumes each year. And they do so while simultaneously only securing a relatively small amount of payments less than $4 billion last year.
In other words, Bitcoin currently uses about three orders of magnitude more computing machinery than Fedwire yet processes and secures significantly less.5 It is monumentally less efficient per watt on purpose.
Remember, the original purpose of Bitcoin was to enable P2P payments between unknown participants without intermediaries. Today, it has metastasized into a network that is primarily used for speculators to trade various coins and rarely used for actual payments. 6 And it involves a vestigial PoW infrastructure whose participants are identifiable because nearly all of the miners and major endpoints are self-doxxed.
This oxymoronic phenomenon — a resource intensive permissioned-on-permissionless infrastructure — has led to Ray Dillinger – one of the first Bitcoin users – to declare Bitcoin a disaster:
Bitcoin mining has encouraged corruption (Because it’s often done using electricity which is effectively stolen from taxpayers with the help of government officials), wasted enormous resources of energy, fostered botnets, centralized mining activity in a country where centralization means it’s effectively owned by exactly the kind of government most people thought they *DIDN’T* want looking up their butts and where the people who that government allows to “own” this whole business work together as a cartel.
There’s a pretense of monitoring the network to guard against a 51% attack, but to me it seems pretty clear that what they’re guarding against is merely the mistake of the cartel failing to give the latest warehouse full of miners a distinct network identity. The whole idea of proof-of-work mining is broken the instant hardware comes out which is specialized for mining and useless for general computation because at that point the need to have compute power for other purposes is absolutely irrelevant in having any effect on mining, and there ceases to be any force that causes mining to be distributed around the world. It becomes a “race to the bottom” to find where people can get the cheapest electricity, and then mining anywhere else – anywhere the government tries to make sure ordinary people actually get the benefit from electricity bought for tax money, for example – becomes first pointless, then a net loss.
We interviewed Dillinger a couple of years ago. Be sure to check it out.
Nornickel is a Russian mining and smelting corporation. Last year a series of news articles described how BitCluster, a Russian cryptocurrency mining company, was building a mining farm above the Arctic Circle in Norilsk. It chose this location in part because of the natural ambient cooling and in part to re-use land from a closed nickel smelting plant. The farm will utilize a local coal power plant to generate 11.2 MWh to power bitcoin miners.
The next several sections will dive into the energy consumption of the largest proof-of-work chains, including Bitcoin. As we will show, PoW chains are the equivalent of adding an undead country – a zombie chain – to the power grid: one that consumes energy and produces little beyond emissions.
If you are an asset manager considering whether or not to include proof-of-work coins in your portfolio – and have an ESG mandate – or a policymaker considering whether or not to encourage the proliferation of these types of coins in your jurisdiction, it is pretty clear that PoW coins such as Bitcoin are an ESGnightmare and not a suitable fit. If and when some (or all) of these coins transition to proof-of-stake is beyond the scope of this article.
There are multiple ways to estimate how much energy and how many resources (mining equipment, physical plant) are used generating hashes for a PoW chain.
One involves surveying miners and mining pools, and hoping they provide accurate self-reported information. Another method involves a bit of detective work, physically visiting locations or obtaining purchase order documents from mining manufacturers. However, this makes it hard to ascertain how much second hand equipment is being re-used.
For example, Bitcoin has a carbon footprint comparable to that of New Zealand, producing 36.95 megatons of CO2 annually, according to Digiconomist’s Bitcoin Energy Consumption Index (BECI). According to this tool, Bitcoin consumes as much power as Chile — around 77.82 TWh.
The Cambridge Bitcoin Electricity Consumption Index (BECI), a separate tool from researchers at Cambridge University, shows a much larger figure of 121.88 TWh — more than the entire annual energy consumption of the Netherlands.
There is one more simple method that everyone can do at home on their own computer. One that can create lower and upper bounds with a high degree of confidence. This is the hashrate division method which we have used multiple times in the past.
The way this works is by taking the publicly known hashrate of a network and dividing it by common hashing (mining) equipment metrics.
For example, on December 30, 2020, the Bitcoin network hashrate momentarily spiked to a record high 178.6 EH/s. That is exahashes per second (an exahash is one million terahashes).
How can we derive aggregate energy usage from this singular number?
Last May, Bitmain began shipping its Antminer S19 Pro. There is a bit of public information on how much each of these hashing units consumes and performs.
On paper a single S19 Pro generates a maximum hashrate of 110TH/s or terahashes per second with a power consumption of 3250 watts.
If the entire Bitcoin network were solely comprised of S19 Pro’s (which it is not), it would consist of around 1.624 million hashing machines consuming 46.2 TWh in a year. According to estimates from the EIA, that is about as much as Portugal or Singapore consumes each year. This is a likely lower bound for how much energy is being used.
But wait, where does the Egypt number come from?
Recall that the S19 Pro is basically the most efficient, mass produced machine available today. Due to variance (the inhomogeneous Poisson process), the network hashrate varies day to day. In the process of writing this article it has gone from as low as 140 EH/s to the spike mentioned above.
Due to the rapid increase in Bitcoin’s price over the last few months — because hashrate follows coin value — over the next several months it is likely that the hashrate will continue to grow as purchase orders are fulfilled and hit 200 EH/s by the end of this summer. This is why manufacturers like Bitmain are crushing it, with $327 million in cash holdings as of last month.
In practice, the network is not comprised of 1.6 million S19 Pro’s because Bitmain has not even produced half a million of them.
To get a more accurate figure we must look at older, but more common systems that are still running.
For instance, the Antminer S17e system can churn out 64TH/s running at around 2880 watts. If the entire network was comprised of S17e systems there would be about 2.8 million machines involved.
That’s about 70.4 TWh in a year. Which is about as much energy as Colombia or Bangladesh use.
But that is still not the upper bound.
Enter the older, but reliable Antminer S9i first released in May 2018 which can churn out 14 TH/s and consumes 1320 watts.
If the whole network was using S9i’s, then there would be about 12.8 million of these machines churning out hashes.
In a year these would consume 147.5 TWh or roughly the same amount of energy that Malaysia or Egypt use each year (this is larger than either Chile or the Netherlands).
While there are probably botnets trying to use CPUs or GPUs to mine bitcoin, the amount of hashrate generated by them is likely marginal. Thus the S9i approximation is probably the upper bound.
Manufacturers such as Bitmain, MicroBT, or Canaan will eventually reveal how many systems they have sold which will give us some better refinement on the lower bound, the minimum amount of machines being used.
But it is clear that the spectrum is at a bare minimum Portugal and likely closer to Malaysia or Egypt, especially with so many people and companies trying to bring on older systems right now. This would put Bitcoin around the 27th largest ‘country’ by energy consumption.
Is the hashrate division method a better estimate than the Cambridge or Digiconomist BECI models?
They both have their tradeoffs. The Digiconomist model is inherently more conservative because it is based on miners’ income, whereas the Cambridge model uses a similar framework as the hashrate division method, starting with mining hardware that is available.
In any case, it is clear that while the energy consumption is somewhere between the Netherlands and Egypt, there is not an equivalent economic gain to the same degree.
Another way to say this is that: historically as a country develops it produces more economic output per unit of energy input, getting more output with less input. For example, U.S. energy consumption has been relatively flat since 2000 yet its GDP has more than doubled over the same period. Likewise following reunification, Germany’s GDP growth rapidly outpaced energy consumption.
But the opposite occurs with Bitcoin and other PoW coins. The more valuable a PoW coin becomes, the more energy is used to extract (mine) it. We have written about this phenomenon before, in which the marginal cost to mine eventually equals the marginal value of the coin (MC=MV).7
As a result, PoW is clearly not something a fund with an ESG mandate should want to be involved in.
(3) Socialized losses and e-waste
Speaking of older systems, because these hash generating systems are single use ASICs (i.e., they can only do one specific thing: generate SHA256 hashes), they are often discarded in a time frame of 18-24 months. Some parts are salvaged and reused – such as the power supplies – and sometimes a new buyer is willing to acquire used machines second hand (as in the case of North Korean coin miners).
One estimate is that around half of all data center energy usage is now tied to Bitcoin mining. In fact, the energy consumption of Bitcoin is more than the combined energy use of Amazon, Google, Microsoft, Facebook, and Apple. And the e-waste that is generated annually from discarded mining equipment is roughly equivalent to what Luxembourg throws in the trash each year.
This also does not include the socialized costs – and privatized gains – that miners place on specific geographies due to the type of energy used in generating the hashes.
Below are several recent examples:
In December 2020, Gazprom (the state owned petroleum company in Russia) announced that a natural gas subsidiary in Siberia was setting up coin mining equipment on-site. Based on recent stories, similar setups have been built in natural gas fields in the U.S.
Another example of socialized losses and privatized gains: the Republic of Georgia. Bitfury Group used its political connections to obtain property at below-market rates and now the Republic has the distinction of having 10% of the country’s energy production siphoned off by Bitfury’s mining operations.
A coal-fired powered plant in Yates County, NY was converted to natural gas back in 2017. The owners of this 20 MW plant are trying to expand it to 106 MW, to mine more bitcoins. Putting aside the emissions this plant will create, it will also consume vast quantities of water – 150 million gallons per day – which will get discharged back into the lake solely to provide cooling to machines that can and do one thing: generate SHA256 hashes. Unsurprisingly the locals sued.
Miners in southern China depend on coal-fired power plants, especially during the winter. Due to trade frictions between Australia and China involving coal transportation ships – PoW miners which depend on these taxpayer financed coal-fired plants – are struggling with the ensuing power shortage.
Kazakhstan is allocating taxpayer funds to build more than a dozen mining farms. These are mostly powered by coal-fired plants. Miners at a 180 MW facility in Ekibastuz will consume as much electricity as needed to power 180,000 U.S. homes.
Due to concerns that the record price for PoW coins like Bitcoin could cause an energy crisis in Abkhazia, the state-owned utility (Rosseti) has banned all coin mining.
Why? Because state-run facilities are regularly targeted by electricity thieves:8
Beginning with the 2017 “crypto boom,” Rosseti started noticing abnormal jumps in electricity consumption in numerous Russian regions. The firm identified unauthorized cryptocurrency mining farms and estimated the damage to be over 718 million rubles—about $9.5 million—a significant part of which has already recovered through court procedures.
The “black” miners are known to do more than just tap into power lines. Illegal Bitcoin operations actually build their own transformer stations.
This is by no means an exhaustive set of sources on the topic. The examples serve to reinforce how PoW mining can be a one-way wealth extraction (privatizing gains) whilst externalizing environmental costs.
Like Bitcoin, the past month has seen Ethereum (ETH) hit several new record prices. Unsurprisingly this has also led to a new record in hashrate, at over 360,000 GH/s.
In December 2020, a mining manufacturer in China, Linzhi, revealed an early demonstration of its new Phoenix mining machine via F2Pool. According to the demo, the Phoenix could generate 2,600 MH/s and consume 3,000 watts. It has not shipped any to the retail market and it is unclear when it might.
In contrast, the most efficient ASIC mining system on the market today (for Ethash) is the InnoSilicon A10+ Pro. A single A10+ Pro can generate 500 MH/s and consume 1,300 watts. This is just slightly faster than the A10 which the previous article used as a baseline.
The Ethereum network hovers at over 360,000,000 MH/s per day. That is equivalent to 720,000 A10+ Pro’s.
Annually these machines would consume 8.2 TWh. That’s about as much as the Congo (DRC) or Trinidad and Tobago consume. This would probably be the lower bound.
As mentioned in the previous article, there are many mining farms that still use GPUs to mine Ethereum. So much so that it has led to a massive, publicly reported on shortage of high end cards from Nvidia and AMD.
Without any modifications, the top-of-the-line GeForce RTX 3090 can churn out 122 MH/s and consumes 350 watts. ((With some tweaking this can reportedly be increased to 150 MH/s.)) This makes it about 50% faster compared with the 3080.
A network entirely composed of 3090’s would involve 2.95 million GPUs. Altogether they would consume about 9.1 TWh per year. This is about as much as Bolivia or Panama consume annually.
As you can see, as these GPUs have closed in on the previous generation of ASIC, this has led to some speculation that GPU manufacturers such as Nvidia may once again roll out GPUs just for cryptocurrency mining (again). The last time was a major dud as Nvidia had to write-off over $57 million in hardware due to a glut in 2018.
What is an upper bound for Ethereum mining?
This is a bit harder to guesstimate compared with the upper bound for Bitcoin or Bitcoin Cash, because of the unknown factor: how many GPUs are being used. Anecdotally it appears that a lot of less efficient GPUs and older ASICs are likely being used due to the run-up in ETH.
For example, an overclocked RTX 2080 can generate 35.3 MH/s and consume 235 watts.
An entire network of overclocked 2080’s would consist of 10.2 million GPUs. These would consume about 21 TWh per year. This is about as much as Azerbaijan or Ecuador uses annually.
In the summer of 2018 it was estimated there were around 10 million GPUs churning hashes for the Ethereum network. For instance, JPR Research estimated that 3 million GPUs were sold to cryptocurrency miners in 2017. During those heady days, mining farms such as Genesis Mining, rented 747s to fly large batches of GPUs to its mining farms.
Because of the mix of older, less efficient GPUs (such as the RTX 10 series) or first generation ASICs that have been switched back on, it is likely that the network hashrate is closer to the upper bound of Ecuador than mid-range of Bolivia or Panama. This would put Ethereum around the 70th largest country by energy consumption.
Unlike many Bitcoin promoters, most Ethereum developers – and even some miners – believe that this energy footprint is temporary, pointing to an ongoing transition to proof-of-stake which started with the Beacon chain (Phase 0) launched last December. Obviously the work-in-progress towards PoS has been known since before mainnet was even launched, yet it has been a slow slog.
Despite the desire of developers to quickly sunset proof-of-work, last month we contacted Vitalik Buterin who pointed out that there is currently no EIP to switch over from PoW to PoS. Based on the roadmap at least one EIP is expected to be crafted during the year.
It also bears mentioning that Buterin – unlike Bitcoin promoters – recognizes the large aggregates of energy consumption that PoW chains account for. In an interview three years ago he explained:
“I would personally feel very unhappy if my main contribution to the world was adding Cyprus’s worth of electricity consumption to global warming.”
While “DeFi” usage and total-value-locked (TVL) has soared since the previous two articles on this topic were published, this would be an ends-justify-the-means argument. Not a fallacy per se, but also not a frequently used argument, because greenwashing is not part and parcel to the Ethereum ecosystem.
(5) Other large PoW chains
The fact that Litecoin is still a “Top 10” coin in 2021 should indicate how ridiculous proof-of-work coins are for society. No one really uses it for anything. Except one guy who invested more than he could afford to.
In fact, the hashrate is roughly the same today as it was two-and-a-half years ago because — as pointed out many times — hashrate follows coin price. Its most recent surges were due to PayPal adding it as an option users could buy or sell with, and an adult website (PornHub) that announced it would accept it as a form of payment.
Despite having launched several years ago, Bitmain’s Antminer L3+ is still basically the top ASIC mining unit that is used today. It generates ~500 MH/s with ~800 watts. A slightly more powerful L3++ is on the market as well.
At around 300 TH/s, there are the equivalent of about 600,000 L3+ machines generating hashes for Litecoin. In aggregate, these machines would consume 4.2 TWh per year. It would be placed around 130th, between Namibia and Cyprus.
The Antminer L3++ specifications are similar:
Hash Rate: 580 MH/s ±5%
Power Consumption: 942W + 10% (at the wall, with APW3 ,93% efficiency, 25C ambient temp)
If only L3++’s were used, the outcome would be about the same. 9
This consumption is pretty absurd once we factor in things like how there are only a couple of active developers who basically just merge changes from Bitcoin into Litecoin. In other words, one of the largest PoW networks has very few users or developers, yet consumes the same amount of energy as Cyprus.
How is that a socially useful innovation?
(5b) Bitcoin Cash
Unlike Bitcoin, Bitcoin Cash has seen a dramatic decline in hashrate since it briefly peaked at over 5 million TH/s in 2018. In fact, it is now oscillating around 1.3 million TH/s, or half of what it was 15 months ago.
The calculations for Bitcoin Cash are very straightforward since it is just a modified version of Bitcoin.
Recall from above that a single S19 Pro generates a maximum hashrate of 110TH/s or terahashes per second with a power consumption of 3250W.
A network consisting of just Bitmain S19 Pro systems would comprise about 12,000 systems.
In a given year these would use about 336 GWh, this will serve as our lower bound.
Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 174th or about the same as Burundi. Despite the fact that BCH has almost doubled in value since the last article, the hashrate decline is likely due to more efficient hardware now available.
This presents a problem for potential malicious forks as an attacker could rent hardware (via NiceHash) or purchase older discarded hardware previously used for Bitcoin mining. There are disagreements as to how to prevent this but most of them involve some kind of centralized group of developers manually inserting themselves into the validation process (via block signing).
For an upper bound, let us use an S9i for approximation. Recall it churns out 14 TH/s and consumes 1320 watts. That would involve about 93,000 systems consuming 1,073 GWh placing it somewhere between Fiji and Benin at 160th place.
Unlike last update, there is relatively little economic activity beyond speculators moving coins from one intermediary to another. In fact, an economist with Chainalysis noted that Bitcoin Cash saw less merchant processor volume, about $12 million in 2020.10
Clearly on-chain payments is not the use case, even though the infrastructure exists to do so.
Unlike the previous article, it appears that the decision makers behind Monero stopped trying to fork it every six months to prevent involvement from ASICs.
At the time of this writing Monero’s hashrate is hovering near its all-time high, likely due to the fact that XMR’s price has also risen, reaching a two-and-a-half year high.11
Compared with the previous article, the hashrate has increased nearly six fold to about 2 GH/s. And it is believed that most of this hashrate is still generated by GPUs and CPUs.
There are lots of how-toguides for building a CPU-focused Monero mining system, and NiceHash even has an easy-to-use profitability calculator.
In the previous article we looked at a Vega-based GPU build, which could still work, but again, CPU mining is still typically used for Monero. Currently the top performing CPU system on Monero Benchmarks is a modified 3990X Threadripper which generates 64,000 hashes/s and sips 600 watts. Note: these are self-reported, user-submitted numbers.
If the entire network were composed of just this type of machine, there would be 31,250 systems running. They would consume 164 GWh annually. This would place it around 195th, between American Samoa and Saint Kitts and Nevis. This would be the lower bound.
For comparison, a slightly more common Ryzen 3600 generates 7,400 hashes/sec and consumes 100 watts. A network would consist of around 271,000 systems. They would consume about 237 GWh annually. This would place it around 190th between Chad and Sierra Leone.
In terms of GPUs, a RTX 3090 generates 2053 hashes/sec and consumes 350 watts. A network of these would involve 974,184 systems. Altogether they would consume about 2,987 GWh per year. This would place it around 136th, between Montenegro and Jamaica. This is not the upper bound.
As you can see, just like ASICs in sections above each older or slightly less energy efficient CPU or GPU system will incrementally increase the aggregate energy consumed.
For instance, in the previous article we looked at a 12-card Vega build, the user was able to generate 28,100 hashes/sec and consume 1920 watts. That’s about 2341 hashes per card.
That’s about 854,335 GPUs each sipping 160 watts. Altogether these consume 1,197 GWh annually. This is still not the upper bound.
What is the upper bound then?
Without knowing how many large scale (organized criminal botnet) farms there are, it would be hard to guess because of how easy and common CPU mining is, especially CPU-cycle theft. For instance, cryptojacking malware is so commontoday, that there is a distinct possibility that you know someone who is a victim, it might even be you. Monero is typically the top coin mined in this process. We could do an entire article on all of the variants that have come and gone.
A few months ago a manufacturer, ASICLine, claimed to be shipping a mining system that can generate hashes for Bitcoin, Litecoin, Ethereum, and Monero. Because of how inflexible ASICs are, it is unlikely that their claim is true. While we would like to be able to say for certain how much energy Monero is consuming, there is a possibility that someone has built a custom ASIC (or FPGA) which could throw off our estimate.
Based on the same electricity consumption chart as the others, we can guesstimate that Monero drinks around 1 GWh a year and would be placed somewhere definitely above Chad and probably below Montenegro.
(5d) BSV and ZEC and DOGE
There are hundreds, if not thousands, of dead PoW coins. Three proof-of-work coins that have remained in the “Top 50 as measured by USD” over the past few years are Bitcoin SV (BSV) and Zcash (ZEC) and Dogecoin (DOGE).
BSV was created (forked) by Craig Wright, an Australian who claims – without sufficient evidence – to be Satoshi Nakamoto.
Due to a lack of interest beyond a core group of his followers, BSV — as measured in USD — has declined relative to its cousins BTC and BCH. As a result, its hashrate has also declined. At the time of this writing it is just over 600 PH/s, which is a two-and-half-year low. This makes it relatively inexpensive to successfully double-spend or reorg the chain.12
If the BSV network was composed only of S19 Pro’s there would be around 5,454 systems consuming 155 GWh per year. That is about as much as America Samoa at around 200th place. This is the lower bound. An upper bound is unknown but if we re-use the S9i there would be about 43,400 of these systems consuming 502 GWh. That would put it around Andora or South Sudan, around 170th place.
There are a number of gambling-related apps that have been built around BSV, but no substantive economic analysis beyond the regular speculation that dominates in other chains.
Zcash received a lot of attention when it first launched for its privacy and confidentiality (opt-in) properties. For one reason or another, it has not seen as much market interest as Monero (despite arguably having stronger technical capabilities).
Either way, at the time of this writing Zcash’s current hashrate (6.79 GH/s) is hovering near its all-time high. That may sound like a relatively small number compared to Bitcoin or Ethereum, but it uses a hashing algorithm called Equihash, which is more difficult to generate hashes. Unlike Monero, it is primarily mined via GPUs instead of CPUs. There are a variety of online calculators and guides comparing different setups.
There are also multiple ASIC miners for ZEC available including the Antminer Z15. The Z15 churns out 420 KH/s and consumes 1,510 watts. If the entire network were comprised of these ASIC machines there would be about 1,620 of them. Altogether they would consume 21.4 GWh each year. It would rank around 215th, near the Falkland Islands and Kiribati. This would be the lower bound.
One of the slightly dated comparisons involved tweaking a Nvidia 1080 Ti. One user was able to achieve around 641 H/s at 300 watts. A network of these GPUs would comprise 1.06 million GPUs. These would consume about 2,783 GWh. That would place it around 140th, between New Caladonia and Mauritius. While there may be older GPUs and even some CPUs mining, this is probably closer to the upper bound.
What about Dogecoin?
We wrote a bit about Dogecoin in 2014 but stopped because it merge mined with Litecoin in September of that year. While it is no longer independent — as it piggybacks off of Litecoin mining — people still mine it with the same L3+ machines mentioned above (both Litecoin and Dogecoin use the same hash generating algorithm called ‘scrypt’). Despite new record highs in prices, Dogecoin’s hashrate is about 30% less than its all-time high. In fact, it is nearly identical to Litecoin’s hashrate because it uses the same farms and pools. While some have suggested that this is an efficient usage of resources (two-chains-for-the-price-of-one) it creates a top-heavy situation that in theory, makes them both less secure.
(6) Status check
With all of these numbers and calculation spread around, let us briefly collate them in an easy to view section.
If the entire Bitcoin network were solely comprised of:
S19 Pro: it would consist of around 1.624 million machines consuming 46.2 TWh in a year. That is about as much as Portugal or Singapore consumes each year. This is a likely lower bound for how much energy is being used.
S17e: it would consist of around 2.8 million machines consuming 70.4 TWh in a year. Which is about as much energy as Colombia or Bangladesh use.
S9i: then there would be about 12.8 million of these machines consuming 147.5 TWh or roughly the same amount of energy that Malaysia or Egypt use each year. While there are probably botnets trying to use CPUs or GPUs to mine bitcoin, the amount of hashrate generated by them is likely marginal. Thus the S9i approximation is probably the upper bound.
If the entire Ethereum network were solely comprised of:
A10+ Pros: it would consist of about 720,000 machines consuming 8.2 TWh. That’s about as much as the Congo (DRC) or Trinidad and Tobago consume. This would probably be the lower bound.
GeForce RTX 3090: it would consist of 2.95 million GPUs consuming 9.1 TWh per year. This is about as much as Bolivia or Panama consume annually.
GeForce RTX 2080 (overclocked): would consist of 10.2 million GPUs consuming about 21 TWh per year. This is about as much as Azerbaijan or Ecuador uses annually and is a possible upper bound. Because of the mix of older, less efficient GPUs (such as the RTX 10 series) or first generation ASICs that have been switched back on, it is likely that the network hashrate is closer to the upper bound of Ecuador than mid-range of Bolivia or Panama. This would put Ethereum around the 70th largest country by energy consumption.
If the entire Litecoin network were solely comprised of:
Antminer L3+ there would be about 600,000 machines consuming 4.2 TWh per year placing around 124th, between Moldova and Cambodia.
It is commonly believed that there are few, if any, dedicated GPU miners due to the inefficiencies relative to ASIC equipment. Hypothetically these GPUs would serve as an upper bound.
If the entire Bitcoin Cash network were solely comprised of:
S19 Pro: would involve about 12,000 systems consuming 336 GWh, this will serve as our lower bound. Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 174th or about the same as Burundi.
S9i: it would involve about 93,000 systems consuming 1,073 GWh placing it somewhere between Fiji and Benin at 160th place. This is a possible upper bound.
If the entire Monero network were solely comprised of:
A single (modified) 3990X Threadripper: there would be 31,250 systems consuming 164 GWh annually. This would place it around 195th, between American Samoa and Saint Kitts and Nevis. This would be the lower bound.
A single Ryzen 3600: would consist of around 271,000 systems that consume about 237 GWh annually. This would place it around 190th between Chad and Sierra Leone.
An RTX 3090: a network of these would involve 974,184 systems consuming about 2,987 GWh per year. This would place it around 136th, between Montenegro and Jamaica. Because of rampant CPU-cycle theft and cryptojacking, this is not the theoretical upper bound.
If the entire BSV network were solely comprised of:
S19 Pro: there would be around 5,454 systems consuming 155 GWh per year. That is about as much as America Samoa at around 200th place. This is the lower bound.
S9i: there would be about 43,400 of these systems consuming 502 GWh. That would put it around Andora or South Sudan, around 170th place. This is a likely upper bound.
If the entire ZEC network were solely comprised of:
Antminer Z15: there would be about 1,620 of them consuming 21.4 GWh each year. It would rank around 215th, near the Falkland Islands and Kiribati. This would be the lower bound.
A tweaked Nvidia 1080 Ti: would comprise 1.06 million GPUs consuming about 2,783 GWh. That would place it around 140th, between New Caladonia and Mauritius. While there may be older GPUs and even some CPUs mining, this is probably closer to the upper bound.
What does this all mean?
As mentioned above (and in numerous previous articles) there are hundreds if not thousands of dead or dying PoW chains.
If we took the most efficient energy consumption assumptions above (the lower bounds), these seven PoW chains consume 59.3 TWh per year. Roughly the footprint of Kuwait, around 46th place. But in most cases – such as with Bitcoin itself – the lower bound is not realistic because the necessary amount of efficient hashing equipment (miners) have not been manufactured.
In contrast, if we took a less conservative assumption and used the upper bound these same PoW chains consume 180.1 TWh per year. Roughly the footprint of Poland or Thailand, around 25th place. The upper bound scenario is likely unrealistic for coins that have seen their value (measured in USD) decline or stay the same. For those that have seen rapid appreciation (such as Bitcoin), it is possible that older equipment temporarily comes back online until newer replacements are installed.
And yet, in either scenario, these PoW networks are not also adding the equivalent GDP output of similar sized countries. Society is in effect, at a net loss.
As we have mentioned in this article and others, historically, as a country industrializes, its growth is often limited by access to energy which throttles its energy consumption. Simultaneously, as it grows and develops, it becomes more efficient per wattage of input.
In the United States, energy intensity has been declining steadily since the early 1970s and continues to decline in EIA’s long-term projection. A country’s energy intensity is usually defined as energy consumption per unit of gross domestic product (GDP). Greater efficiency and structural changes in the economy have reduced energy intensity.
Despite dozens of RTGS systems being deployed across the world, in no instance do any of them consume the footprint of a small or medium sized country to operate.
The next section will look at some of the coin promoters and how they try to whitewash this issue away.
Only two nuclear reactors have been built in the U.S. in the past 25 years. One of the reasons why others may not be built in the future: the shale boom.
Interested in hearing the twenty-first century equivalent of “smoking is good for you”?
On with the show!
No, Bitcoin is not a battery.
Contrary to the musings of venture capitalists with a heavy stake in coins (and coin mining), mining PoW chains is not the same as a battery. It should be obvious that energy used in mining is not reusable, it is turned into heat as it enters the environment. When miners pay bills they convert some of their holdings into actual money, energy is not released in this process because no energy was stored to begin with.
It is hard to know where to start with this batch of Bitcoin promoters, nearly all of whom work for prominent cryptocurrency intermediaries.
Fun fact: despite continual claims that Bitcoin will spur development of Thorium-based nuclear power plants, to date, there have been zero Thorium plants built let alone funded by Bitcoin personalities.
What about stranded energy?
In practice “stranded energy” means there is some kind of inefficiency in storage and/or the transportation grid. In some cases capital could be used to increase efficiencies (e.g., new pipelines) which could reduce the price of energy extraction or transmission. Yet because it is stranded, it centralizes PoW mining in that specific area.13
But what about renewables?
Hitchen’s Razor: That which can be asserted without evidence, can be dismissed without evidence.
Even when a region has hydroelectricity available, the hydro power is not consistent throughout the year. Consistent energy generation has led Bitcoin miners to areas which they perceive as stable, which often involves coal power. The “renewable argument” that many Bitcoin promoters use, neglects to account for the ‘seen and unseen’ opportunity costs involved. For example, solar panels and wind farms still require land that could otherwise be used for different, more productive purposes; likewise dams can be deconstructed allowing habitats to regrow and rivers restored. 14
In terms of cyclical generation, even in the summer, when hydroelectric dams are at their peak output in the northern hemisphere, Cambridge BCIE estimates that more than half of energy generation still relies on non-renewables such as coal or gas.
Many miners themselves do not provide any reason to believe this. Cambridge surveys miners, and they indicated that while a majority has renewables in the energy mix, only 39% of mining is done with renewables (as it can be a small part of the energy mix).
The location data above is from Cambridge, sourced from mining pools rather than a survey. If you look at where miners are situated most of the time, you also see that while they use some renewables during the summer (wet season) in China, they are using fossil fuels the rest of the year.
According to Stoll et al., the carbon intensity of the energy used for mining Bitcoin was 480-500g CO2 per kWh in 2019 and went up to more than 550g CO2 per kWh recently due to increasing popularity of Iran and Kazakhstan. 8% of miners are now using sanctioned Iranian oil-based energy to mine.
There is also a steady stream of on-the-ground local stories providing anecdotes to the rush for relatively cheap energy. For instance, clandestine Bitcoin mining in Iran is believed to be one of the reasons for a rash of blackouts (and smog).
Lastly, even if Bitcoin miners were mostly run on renewables (which is not occurring) Bitcoin mining could not be considered environmentally friendly. Why? Because of the regular cycle of e-waste that is created as next generation ASICs are introduced.
Whataboutery is commonplace and normalized in the cryptocurrency world.
Tired of policy makers pointing out that illicit activity is attracted to KYC-less chains? Whatabout HSBC! Dislike the moans from hospitals impacted by Bitcoin-funded ransomware operations? Whatabout nuclear warfare!
This fallacy rears its head in the discussion of energy consumption: ignore this category of waste because there is also a category of waste there!
This is not a contest to waste as much energy as possible. Aircraft carriers, submarines, and airborne infantry divisions do not protect RTGS systems. All wasteful activities – such as nuclear warhead production – can clearly be categorized as bad and undesirable. It is also unclear from that thread how Bitcoin can end war or reduce military spending.
Speaking of poor analogies:
If we are going to play along with this game above: we actually know who participates in Federal Reserve decision making processes. Whereas we still do not have a regularly updated list of who funds those with merge control in the Bitcoin Core github repo.
At the time of this writing about 70 RGTS systems are live across the world. But only a small handful of countries with an RTGS also have nuclear weapons and/or aircraft carriers. And only six have both. 15 This illustrates that you can have one – a secure large value transfer system – without the other.
Held’s argument is a Whataboutism. Why? Because this is not a contest over who wastes more (or less).
As Galloway correctly points out in that thread: no one is trying to run a PoW-based payment system with Christmas lights. Christmas light operators are not incentivized to string up more lights as the aggregate market capitalization of light manufacturers increases.16
No one is trying to run a PoW-based payment system with smartphones. Furthermore, telecoms do not need to consume oodles of more energy per extra unit of phone added to their networks. PoW chains empirically and theoretically will consume energy in direct proportion to the value of the coin price. That is why we continue to see ever larger amounts of ASIC machinery sold by Bitmain and MicroBT to miners, not less. Yet PoW chains do not have a monopoly on securing permissionless payment systems.
Proof-of-stake (PoS) chains require some electricity too. If this was a comparison of say Polkadot or Avalanche (both of which are PoS-based), they would consume several orders less than Bitcoin does today.
And if these were compared to running full nodes (since there is no hash generation needed)?
For instance, according to Bitnodes there are approximately 9,415 nodes relaying transactions on the Bitcoin network (including the 25 or so mining pools).
At the time of this writing, there are about 110 validators alive on Polkadot and about 830 up on Avalanche. Yet both PoS networks are arguably just as secure as Bitcoin yet neither requires burning mountains of coal to stymie malicious actors. While we could debate ways to quantify “decentralization,” more is not necessarily better. 17 In this case, the thousands of extra non-block making validators in Bitcoin are essentially superfluous.
Virtually every sentence is incorrect. And this is all Whataboutery. Bitcoin mining usage could boil the ocean? But what about banks!
For what it is worth, nearly every large bank has announced some kind of carbon neutral initiative or has attempted to provide some semblance of where the energy is sourced. 18 That is not an excuse to justify their wastes or privatized gains (and socialized losses).
The bar should be: how can a value transfer system reduce its energy consumption and externalities, not to distractingly point fingers at other entities that also waste.
Speaking of which, in her examples above, it is also a different type and magnitude of waste. Banks do not generate more revenue if they leave their computers on 24/7 whereas PoW miners have to be left on around the clock to generate hashes in order to compete for block rewards.
Furthermore, banks as a whole provide many more services (and products) beyond just processing payments. In contrast, Bitcoin has very limited functionality, including the inability to do any on-chain lending.
That is not an accurate description of boiling gold (alchemy?) or what proof-of-work is as described by the original creators (Dwork and Naor). Neither its supply schedule nor energy consumption is what creates value for PoW coins, external demand is.
Claiming that PoW imbues a cryptocurrency with value because it requires real effort to produce it is a variation of the Labor Theory of Value. And saying PoW can promote energy efficiency is like saying paying people to dig holes and fill them up again helps the economy. 19
The chart (above) that Held uses, does not actually describe what he is saying about Kardeshev scale civilizations. If anything, assuming a “million dollar” bitcoin happens, PoW will actually drag Norway, China, and the U.S. back down towards Afghanistan. Why? Because if energy consumption goes up in those countries (via PoW mining), per capita GDP is decreasing because Bitcoin itself does not really produce anything.20 As a result, productive capacity for goods and services is being squeezed (or crowded out) by PoW-related endeavors.
In his accompanying article for this image Held states that: “The pressure to find cheap electricity sources will accelerate the effort to build fusion reactors.”
But that basically saying if you leave your car running it is good because it incentivizes finding alternate power sources.
Speaking of which:
Due to the demand shock from COVID-19, depending on geography, the cheapest sources of energy today might actually be oil and gas. Perhaps the near-future of mining are cars parked outside of refineries in Houston, churning up hashes for PoW networks.
And last but not least:
According to modeling from the Resources for the Future, a think tank, Miami will become the most vulnerable major coastal city in the world with “100-year floods” occuring every few years rather than once a century in many locations. A quarter of all homes at risk from flooding due to climate change reside in Miami-Dade county. If the mayor wanted to stave off this crisis the last thing he should be encouraging is direct investments in proof-of-work based cryptocurrencies.
(9) Competing for scarce resources
Due to the rapid rise in some cryptocurrency prices, foundries that churn out semiconductors have months of backlogs due to GPU and ASIC demand. Why? Because there are only a small handful of foundries capable of manufacturing state-of-the-art chips and as a result there is a limited capacity irrespective of what the ultimate destination may be.
This has led to a shortage of chips used in automobiles to the point where large manufacturers such as Ford or General Motors (GM) have announced plant shutdowns. In its most recent earnings announcement, GM estimated that:
The semiconductor shortage will shave $1.5 billion to $2 billion off adjusted earnings before interest and taxes this year.
How much semiconductor output capacity is being squeezed because of PoW miners?
Digiconomist estimates that TSMC – the largest semiconductor manufacturer in the world which produces most, if not all, ASICs for cryptocurrency mining – would need 3-4 months at full-capacity of its 7nm output just to produce the ASICs for PoW mining equipment that have been ordered. 21
This also impacts any industry or job that needs cutting edge GPUs, including squeezing smartphone manufacturers, console manufactures, graphic designers, and e-sport gamers. Why? Because the surge in mining demand has resulted in street prices for GPUs doubling what the original MSRP is.
History repeats itself: in November 2017, Chen Min (a chip designer at Avalon Mining) gave a presentation which noted that 5% of all transistors in the entire semiconductor industry were used for mining and that was driving up DRAM prices. Last cycle this negatively impacted a variety of ancillary set of actors, such as astronomers who rely on GPUs to chug through cosmic signals.
We are witnessing a similar phenomenon today. For instance, MSI announced that it may launch mining-specific GPUs this year.22
The current surge in demand for GPUs for mining has led some participants to acquire hundreds of gaming laptops en masse, crowding out, again, anyone who needs a high performance GPU. The image (above) comes from a Weibo account tracking various China-based miners who are showing off their GPU farms consisting of high-end laptops.
“Laptop mining” has pushed new buyers down the performance curve, to hardware that is two generations old.
Below are three publicly listed companies that have announced large purchases of mining equipment in the past several months:
Riot Blockchain – which pivoted during the last bull run from a biotech company (Bioptix) to a coin mining company – announced it was purchasing and installing about 10,000 S19 Pro’s from Bitmain.
Hut 8 purchased 5,400 mining machines from MicroBT for $11.8 million
The9, a gaming company, purchased 26,007 mining machines from Canaan
A few days ago UK-listed Argo Blockchain announced it would build a 200 MW mining facility in West Texas.
Private companies have also announced large purchases of coin miners. For instance, last month Blockstream announced that it had purchased $25 million worth of equipment from MicroBT and that this would be part of its 300 MW of mining capacity.
And an anonymous buyer in Russia, recently acquired 20,000 mining systems that consume 70 MW for a new farm in Bratsk, Siberia.
And this is just the tip of the iceberg.
A GPU farm of 78 GeForce 3080s was photographed (above) churning up hashes for Ethereum last month.
An entire paper or two could be written on large bulk purchases of ASICs or GPUs which crowd out other industries that need the same resources for actual productive activities.
(10) Undead countries are an ESG nightmare
Is it a stretch to call Bitcoin a ‘smoldering Chernobyl sitting at the heart of Silicon Valley’?
In May 2014 we briefly discussed a hypothetical “million dollar” bitcoin. At the time, Bitcoin’s price had dropped below $500 and we were already able to empirically discern that hashrate grows (or declines) directly proportional to coin value.
In the previous articles we found that, despite the introduction of increasingly energy efficient hardware, a PoW network like Bitcoin consumes ever larger amounts of energy. That is because of the Red Queen’s Race: miners do not downsize farms in aggregate, they simply replace aging hardware with newer ones; they must run faster in order to stay in the same place.
That is why anyone that has access to a hashrate chart can project with decent certainty what the likely outcome of a “million dollar” bitcoin will be in the future.
If a $40,000 bitcoin has already led miners to consume the energy equivalent of the Netherlands or Egypt, a million dollar bitcoin would be about 25 times as much.
What does that mean in actual numbers?
If the Netherlands is the proxy: 2,757 TWh, roughly midway between India and the U.S.
It Egypt is the proxy: 3,764 TWh, roughly the same as the U.S.
Critical to any analysis of energy usage is economic output. In a million dollar bitcoin world, society would be bearing the externalities of mining activity that does not produce a proportional amount of GDP. For instance, much of the coin mining industry is reliant and dependent on taxpayer funded utility companies and grids. As a result, we would see the equivalent of an additional U.S.-sized energy usage without seeing anywhere near the economic output, this would be a huge net loss.
This also does not take into account e-waste that is created via discarded single-use ASICs. And it does not take into account other PoW networks such as Litecoin which are basically ghost towns yet consume country-sized energy units too.
Miners will surely lead to greener sources of energy production, right?
This is a red herring.
Through the usage of either permissioned systems (like an RTGS) or a proof-of-stake chain, the energy consumed by PoW chains did not need to take place at all. In fact, PoS chains can provide the same types of utility that PoW chains do, but without the negative environmental externalities. PoW chains are the equivalent of adding an undead country – a zombie chain – to the power grid: one that consumes energy and produces little more than emissions.
Because of disputes among its undead participants these zombie chains must utilize the judicial and legal resources of third party countries. The chains also have a parasitic relationship to other government-run services that they continue to rely on such as taxpayer-financed energy grids.
(11) Call to Action
What can be done?
For starters, do not patronize coin lobbying organizations that weaponize misinformation. They are not dedicated to protecting consumers or the environment. Their mission is to convince legislators around the world to take a hands-off approach to regulations, including potential taxes on miners.
Nearly three years ago, the executive director of Coin Center, Jerry Brito, solicited names to hire to whitewash easy-to-prove energy consumption numbers.
Why? Because it is bad for business. Some Bitcoin promoters like to present themselves as being part of the cutting-edge future, one disassociated with the ancien régime. But as we have seen repeatedly in this paper, PoW miners compete for the same scarce resources and capacity that society relies on to generate real goods and services.
This is not true. Agrawal, who works with Brito at Coin Center, attempts to limit the available options when there are a wide range of other possibilities.
In 2020, Tesla sold about $1.58 billion worth of these [carbon] credits—almost exactly the value of the Bitcoin purchased.
Tesla is going to account for its Bitcoin holdings as intangible assets (goodwill) which is not how this line item was intended for. This is clearly shrewd opportunism (and accounting), not some re-imagination of resource consumption.
If 12 million people used Bitcoin to buy a Tesla, it would be enough to completely offset the combined total of CO2 saved by these EVs (by Tesla’s own account).
Elon Musk says he is now a fan of Bitcoin but PoW miners are directly cannibalizing the chip production capacity required to produce Tesla vehicles, a point that Tesla’s latest 10-K filing indirectly touches on.
Like parasitic stablecoins, miners in proof-of-work networks such as Bitcoin piggyback on top of the current energy extraction and generation infrastructure. 23 Furthermore, Bitcoin itself is not an alternative to an RTGS (traditional finance) so much as it is a shadow payment service that enables illicit activities to occur via a spectrum of intermediaries (e.g., underregulated coin exchanges). Continually comparing one versus the other is specious because one fully depends on the other to exist.
What can you do?
Most developed and developing countries levy taxes on polluters or “sin” activities. 24 Clearly proof-of-work mining falls into both categories.
Contact your local Public Utility Company and explain the socialized losses and privatized gains that are possibly accruing to miners. In addition to levying a tax on coin mining activity, perhaps introducing a tax on PoW-based holdings at intermediaries could be discussed since they directly benefit from miners providing the underlying blockchain infrastructure.
And if you are a user of a cryptocurrency, publicly advocate for switching to proof-of-stake (PoS) chains or accelerating such transitions if they are already underway. You can still enjoy decentralized finance in a way that does not dramatically contribute to climate change.25
Thanks to the following people for their helpful feedback: CK, JG, VB, RG, KR, JH, MW, and AV.
Send to Kindle
As one reviewer noted: this leads to a Bastiat-esque “what is not seen” argument: if Bitcoin forces really smart people to work even harder on renewable energy, that would come at the cost of those really smart people working on other things that could easily be just as important. You can’t just make people do more stuff in the abstract by throwing more problems into the world and expect the result to be better on-net. If that were true, then we should advocate destroying cities to help promote the development of next-generation construction and medical technology. [↩]
There is a clear distinction between Bitcoin and actual money that is beyond the scope of this article (it partially has to do with the unit-of-account). We could focus on the non-money-moving-related functions of the financial system that of course Bitcoin does not provide at all (although “DeFi” on Ethereum partially does). However, for the purposes of this article, the act of securing, transferring, and verifying payments is what we wanted to highlight. [↩]
In 2016 I visited Hong Kong a few times. On one visit I met with a couple of executives at a coin exchange. They said that their number one product was pre-loaded debit cards that were sold to mainlanders, typically to skirt capital controls and/or bribe folks with. Some of the large cryptocurrency payment processors (like BitPay) also provide payroll services, perhaps some of those coins are miscategorized as “payments.” In another anecdote, one commenter explained that: I can say w/ high confidence that most of that volume in ’17 was related to bitcoin wallets converting BTC to USD through Bitpay in order to load funds to prepaid cards – up until Visa killed that product in early Jan 2018. So not really representative of “BTC payment activity”. [↩]
One counter-argument from promoters is: “what about stablecoins” such as Tether that piggyback on top of Bitcoin via Omni? Through an FMI lens, a lengthy rejoinder can be found in Parasitic Stablecoins. Through a technical lense, it bears mentioning that these piggyback coins arguably make the underlying PoW networks less secure; see Watermarked tokens and pseudonymity on public blockchains. [↩]
According to Chainalysis, more than three quarters of on-chain activity in a given day for Bitcoin are transfers between intermediaries, specifically exchanges. Due to volatility, users typically resort to utilizing ‘parasitic stablecoins’ – such as USDT. In this case, PoW chains are superfluous due to the usage of permissioned end points. [↩]
One reviewer commented: From an outside view, even taking into account economies of scale and miniaturization, it is extremely rare that consuming more of something takes less energy than consuming less of something. A contrived example is: ‘if you invade a country with more soldiers you could lose fewer soldiers because the war finishes more quickly.’ But that’s not really the same situation at all. [↩]
Several months prior to that report, Rossetti announced that it had been victim to at least $6.6 million in stolen electricity via coin mining. Following the run up in coin prices in 2017, one of the culprits believed to have stressed parts of the European power grid in early 2018 were coin miners. [↩]
A network of only L3++ would comprise 517,241 machines and consume 4.3 TWh. [↩]
The XMR price is still well below the highs from late 2017 – early 2018. [↩]
Due to the size of its blocks, BSV also regularly sees orphans and accidental reorgs. [↩]
PoW mining might also be inadvertently subsidizing energy that would otherwise be anathema (e.g., “dirty” hydrocarbon extraction due to its lower costs). [↩]
Another unseen cost: scarce resources such as rare earth minerals used to construct solar panels or PoW equipment (and the e-waste it generates) that could have been used in more productive endeavors or not consumed at all. [↩]
The six countries that have both are: China, France, India, Russia, the U.K., and the U.S. [↩]
There are some good jokes waiting to be made about “alternative” Christmas light implementations. With faster or slower blinking; or larger bulbs! [↩]
In 2019 over 50 banks and other financial institutions launched the Partnership for Carbon Accounting Financials (PCAF) to assess and disclose the impact their loans and investments will have on climate change using common carbon accounting standards. Several other initiatives track the aspirations of banks including Mighty Deposits and Bank Track. [↩]
Ironically they do not yet realize it but PoW proponents are embracing a type of impaired Keynesianism. [↩]
Bitcoin-focused intermediaries (such as coin exchanges) do enable trading of various financial products (such as derivatives) which likely contribute to some kind of economic output. But these trusted third parties are – from an accounting perspective – separate from the Bitcoin network which only produces intangible bitcoins. [↩]
According to Digiconomist: 28 TWh annually of Antminer S19 Pro’s is about a month of capacity. If the Bitcoin network doubles from current levels, it will take about 3-4 months (not including replacement of older ones). And that is just production for Bitcoin-specific hardware. [↩]
Tom’s Hardware recently compared 30 different GPUs to find out which ones had the best return-on-investment for Ethereum. Surprisingly, it was the Nvidia 1060 first released in July 2016. [↩]
Again, PoW chains such as Bitcoin often involve hundreds or thousands of superfluous nodes that maintain copies of the blockchain and verify balances; all of this subsists on top of the existing energy exploration and production infrastructure. [↩]
Another consideration that funds with an ESG mandate should consider is not just the environmental impact of PoW mining but also the human rights that may be violated in the production of said coins. [↩]
The second half of 2020 saw a large set of draft regulations and proposals surrounding cryptocurrencies and specifically, “stablecoins.”1
For instance, in July, the influential Group of Thirty published its investigation into digital currencies and stablecoins. In late September, the E.U. announced an expansive regulatory framework called Markets in Crypto Asset Regulation, or MiCA.2 A month later the Financial Stability Board (FSB), the top global stability watchdog, released its “final” report on what they called global stablecoins (GSCs). A month after that, the Bank for International Settlements (BIS) released a report specifically looking at stablecoins.
A few days later there was a flurry of tweets and articles written up in response to the newly proposed STABLE Act in the United States. And coincidentally, this past month the President’s Working Group on Financial Markets released a report on stablecoins that came out swinging against “multi-currency” projects like Facebook’s Diem (formerly Libra) as well as broad pieces of enabling infrastructure. 3
While each was written by different sets of authors in different jurisdictions, all had some common ground: regulation and risks of panjurisdictional commercial bank-backed “stablecoins.”4
This post will go through some of the background for what commercial bank-backed stablecoins are, the loopholes that the issuers try to reside in, how reliant the greater cryptocurrency world is dependent on U.S. and E.U. commercial banks, and how the principles for financial market structures, otherwise known as PFMIs, are being ignored.5
Let’s start in reverse order.
What are the PFMIs?
We have discussed the Principles for Financial Market Infrastructures (PFMIs) before. It is an evolving set of principles and guidelines for financial market infrastructures (such as CSDs, CCPs, payment systems) that are maintained and updated based on research and collaboration between two international regulatory bodies: BIS and IOSCO. Their joint 2012 paper is considered the gold standard and is frequently cited in the press, academia, and regulatory bodies.
For the purposes of this article, we will look at just once slice of the 2012 document. Principle 9 of the PFMIs states:
An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money.
We have ample evidence from the 2007-2009 Great Financial Crisis (and other eras) that dependence on commercial banks is subpar and adding yet another (underaccountable) layer on systemically important financial institutions (SIFIs) is not ideal. 6
Without going into weeds, the PFMIs and the committees involved in drafting them, state and then re-state the importance of reducing credit risk exposure to commercial banks. Yet in all instances today, almost every collateral-backed stablecoin that has thus far been issued does so through tokenizing deposits custodied at commercial banks.
This is improper for a variety of reasons and there are remedies and solutions. For instance, while we await liberalized access to central bank digital accounts (CBDAs) or currencies (CBDCs), setting up “narrow banks” or FedAccounts have been highlighted as complimentary solutions in the United States.78
When presenting these alternatives in public — especially on social media — a noticeable amount of “fist shaking” and “pearl clutching” occurs from partisans unaware of how reliant stablecoins are on the U.S. and E.U. commercial banking systems. 910
For example, a number of prominent cryptocurrency promoters claim that draft legislation (such as the STABLE Act) would destroy innovation or even blockchains themselves. 11
As it stands today, non-compliance with the Bank Secrecy Act (BSA) is strictly speaking not “innovation.” It is regulatory arbitrage which can create a race to the bottom that may harm consumers.1213 Commercial bank-backed stablecoins are ‘innovative’ insomuch as they are not playing by the same explicit rules that other bank-like entities have to.
We will discuss them at length further below but currently – as measured in trading volume – the two most “popular” commercial bank-backed stablecoins are USDT (Tether) and USDC (USD Coin).14 Both claim to be collateralized by U.S. dollars held in custody at commercial banks. Together they accounted for nearly 90% of all stablecoin trading volume this past year. 15
How big is that volume?
As an aggregate, in 2020, on-chain volume alone from these stablecoins reached more than $1 trillion. That does not count the exchange-based (off-chain) transactions that also use these collateral-backed coins. And problematic for policy makers: the on-chain volume was exchanged with limited oversight or surveillance sharing, which is part of the reason why various governments are moving quickly to pass laws to deanonymize self-hosted wallets that are exchanging this parasitic “e-banknote” or “shadow deposit.”161718
For example, Tether and USDC are not being stifled through the proposed STABLE Act, rather they would be required to jump through the same hoops as anyone else providing similar financial services.19 Based on how their product is used, these issuers are arguably a form of wildcat banks (from the 19th century) or what is called a shadow bank or shadow payments today. Lots of shadows!
What is a “shadow bank”?
The term itself is just over a decade old but these entities existed prior to 2007. In general they are “non-bank financial intermediaries that provide services similar to traditional commercial banks but outside normal banking regulations.”20 Readers can imagine that this type of activity is what organizations such as the Financial Stability Board (FSB) would like to keep track of.
One member of the FSB is the Federal Reserve. The screenshot (above) is a relevant portion of their mandate and why they could – in theory – be interested in obtaining information of off-shore entities that are attempting to (anonymously) use U.S. linked e-banknotes.21
“Shadow banking” is occurring off-shore through intermediaries (e.g., coin exchanges and lending protocols) that use Tether or USDC without needing to connect to a local bank who would require some semblance of surveillance such as AML or CFT compliance.2223
Based on their external messaging, multiple centralized exchanges (CEXes) claim to operate banklessly but this is a superficial: they each maintain an umbilical cord to the U.S. dollar via USDT or USDC. 24 Similarly, decentralized lending protocols such as Compound or Aave accept commercial bank-backed stablecoins as collateral and allow rehypothecation of these same tokens (or others). 25
Putting aside new proposed legislation for the moment: stablecoin issuers (administrators) have fought feverishly to categorize themselves under a “lighter” more lenient regulatory regime (money service business) despite more stringent laws covering deposit-taking activities that are not enforced, such as 12 USC 378 (a)(2) being on the books. 2627
More precisely, in retrospect specific activities enabled by commercial banks (such as issuance of e-money) were not properly regulated. Righting this wrong that exists to day – so the argument goes – all MSBs (not just commercial bank-backed stablecoin issuers) should no longer be able to conduct unregulated shadow payments or banking activities.2829
Related to the concept of shadow banking is shadow money, and clearly stablecoins fit the bill. When he was a Governor at the Federal Reserve, Dan Tarullo gave a speech, stating:
“Shadow banking also refers to the creation of assets that are thought to be safe, short-term, and liquid, and as such, “cash equivalents” similar to insured deposits in the commercial banking system. Of course, as many financial market actors learned to their dismay, in periods of stress these assets are not the same as insured deposits.”
The classic example of shadow money is money market funds which were deemed to be “money good” pre-2008 crisis. Reforms were implemented post-crisis, such as redemption gates and floating NAVs for certain money funds, but in March 2020 the Federal Reserve still had to backstop money funds via the money market mutual fund liquidity facility (MMLF). Last month the President’s Working Group on Financial Markets released a report highlighting the need for further reforms to money market funds.
If consumers and investors think stablecoins are the same as insured deposits because they are “backed” by insured deposits at a commercial bank, they are clearly not. Does this mean that if stablecoins become big enough, the U.S. government would bail the sector out just like they have bailed out other shadow money investors? This is an open question but the answer should arguably be no. 30
While regulators have informally discussed systemically important cryptocurrencies networks and potentially overlap with PFMIs, to date there have been few discussions in long-form prose.31 Let us check back in on this topic next year.
Double the credit risk
As mentioned above, the credit risk (solvency) of commercial banks is worse than central banks.32 During the 2007-2009 financial crisis, while a number of commercial banks received direct taxpayer-funded bailouts that immediately underwent public scrutiny, the entire financial industry was effectively propped up through the coordinated actions of central banks and finance ministries around the world.
We could always argue about which policies should or should not have been implemented during that time. The Dodd-Frank Act was just one set of legislation that was passed in an attempt to prevent another, similar systemic crisis from happening again.
What does this have to do with parasitic stablecoins?
Transactional users and speculators of commercial bank-backed stablecoins are faced with at least two potential credit risks:
the credit risk of the stablecoin issuer
the credit risk of the commercial bank that the stablecoin issuer uses as a custodian
A conventional bank account exposes to the account holder to a single level of credit risk, the risk that the bank becomes bankrupt and is unable to meet its liabilities to account holders. In most developed countries and many developing countries, deposits are protected by a national deposit insurance scheme ranging between tens and hundreds of thousands of dollars.
Even if Signature Bank or Silvergate Bank have impeccable credit quality, they are not the lender of last resort. They rely on the implicit and explicit backing of the FDIC and the Federal Reserve.33
As a result, stablecoins present a double layer of credit risk. There is the risk that the issuer of the coins fails and the risk that the party holding the reserves (e.g. a bank, fails). Generally stablecoins would not benefit from the deposit insurance provided for bank accounts.34 Where the issuer invests in a more complex range of assets to act as reserves, such as debt instruments, it also exposes the stablecoin holder to the risk that assets fall in value, which can be an issue, even for relatively short-dated assets, where reserves have to be liquidated. 35
This raises a major question: who bears losses, the issuer or the holder of coins? An issue banks deal with (to a certain extent) by having to set aside regulatory capital.3637
In other words: a stable coin backed by commercial bank deposits has worse credit risk than simply having money in the bank because it would not benefit from any deposit insurance scheme.38
Tangentially related to the PFMIs are central bank digital currencies (CBDCs). Public discussions surrounding the regulation of stablecoins often neglects prior research conducted by central banks, industry, and academia.
For instance, several years ago, the Bank for International Settlements (BIS) published one of the most widely cited papers on the topic of CBDCs. In it, the so-called “money flower” Venn diagram illustrated how existing money could be categorized:
As we can see, the current crop of stablecoins (such as USDC) and cryptocurrencies (such as Bitcoin) are clearly in different categories from CBDCs.
Representatives of coin lobbying organizations, such as the Chamber of Digital Commerce, makes the common mistake of conflating the two:
Are commercial bank-backed stablecoins a central bank digital currency (CBDC)?
No. There is a lot of commentary which blends stablecoins with CBDCs but they are not the same. Unless a stablecoin is backed by reserves at the central bank or issued directly by a central bank, a stablecoin marketing itself as a CBDC is being dishonest.
Furthermore, the DC/EP initiative in China is not a CBDC. It is a liability of an intermediary that is not the People’s Bank of China.39
Are CBDCs a stablecoin?
No, although in theory central bank reserves could be tokenized and put onto a blockchain. But that’s not what is happening today (yet).41
Any other reasons why stablecoins are lumped together with CBDCs?
Stability. Credible central banks such as the Federal Reserve, provide a reliable unit-of-account such that more than two dozen countries “dollarize” their domestic economies with it. This article will not go into the merits or demerits of issuing CBDCs or if a blockchain is needed in doing so.42
Ironically, while some vocal coin promoters have claimed a “hyperbitcoinization” event will occur soon. But the cryptocurrency ecosystem as a whole has seen the opposite take place: rapid dollarization due to the growth of commercial bank-backed stablecoins. This is the central conceit for much of the coin world today: promoters and meme artisans often claim they are about to launch off from planet Earth all while drilling ever deeper foundations into the Earth’s crust.
For example, in the second half of 2020 at least four U.S.-based cryptocurrency companies applied for deposit-taking licenses or banking charters.43 And because of how embedded these tokens have become to “DeFi” apps, portions of it have turned into centralized DeFi (CeDeFi), which is an oxymoron.44
As a result, it has made anarchic chains less resilient which will be discussed later.45
Relianceon external U-o-A
One characteristic or function of actual “money” is something called the unit-of-account (U-o-A). A unit-of-account is used to price goods and services in an economy. On a macro level, economic aggregates such as GDP are measured by a stable U-o-A, such as the USD or EUR.
Similarly, international commerce and trade is often denominated in a stable U-o-A. In this case, foreign exchange ultimately takes place somewhere along on “the edges” but the price discovery and (often) payment settlement occurs in the stable U-o-A. 46
For instance, despite doomsday predictions, the USD is becoming more dominant – not less dominant – in financial markets.
What does this have to do with cryptocurrencies and specifically stablecoins?
More precisely, the question should be: why are stablecoins so popular?
The answer is one that has been discussed many times on this site: volatility.47 Contrary to what some promoters claim, Bitcoin is not becoming less volatile over time. As JP Koning illustrated in the chart (above), bitcoin is more volatile today than it was in early 2017 when it had a ‘market cap’ of just $15 billion or in 2013, when it was worth just $1 billion.
While some early coin investors and hoarders may be okay with rampant swings in volatility, actual users (such as day traders or remitters) desire stability. As a result, more than 20 different U.S. dollar-linked stablecoins have been created to fill that need. And unsurprisingly, because the identity of on-chain activity can be obfuscated, another set of stablecoin users are criminals involved in money laundering and terrorism, as identified by the Financial Action Task Force (FATF).
For the purposes of this article “stablecoin” is a catch-all term used to describe a spectrum of coins that attempt to peg a token to exogenous (external) value.48 Typically the exogenous value is denominated in USD. In terms of trading volume, the two biggest buckets of stablecoins are:
Collateral-backed tokens such as USDT (Tether), USDC, PAX, TrueUSD, and DAI49
Algorithmic or synthetics such as AMPL, ESD… and the older generation of BitUSD, and Nubits
In practice, nearly all collateral-backed tokens in use today are commercial bank-backed tokens that are centrally issued by a singular entity.50 In contrast, virtually all of the algorithmic tokens are launched by anonymous teams and often use a form of rebasing or Seigniorage Shares model to arrive at a value.51
The focus of this article is on the former not the latter. Let’s dive into a few of them.
USD Coin (USDC) is a stablecoin issued through the Centre Foundation and backed by Circle, Coinbase, and others. This entity is registered as a MSB in the United States. USDC is an ERC20 token that can be moved around the Ethereum network however the “backend” on-and-off ramps are fully powered by U.S.-based commercial banks such as Silvergate in San Diego.52
At the time of this writing about $4.3 billion of USDC has been issued. In Q4 2020, the trading volume of USDC was usually between $335 million to $1.3 billion per day.53
USDT is issued by Tether Ltd which is also registered as a MSB in the United States.54 Customers that want to use USDT, create an account on the Tether website and link their bank account. Then using the traditional financial system, wire cash to Tether’s partner banks. USDT has been issued onto multiple different blockchains, including Bitcoin and Ethereum. As of this writing, it is the most actively used ERC20 token.
Tether Ltd and its parent company (iFinex) have been debanked multiple times. Why?
Because both are under multiple investigations from several regulators and law enforcement (such as the New York Attorney General) for lying about their collateralization levels, among other allegations.
At the time of this writing about $21.3 billion USDT has been issued. In Q4 2020, the trading volume of USDT was usually between $25 billion to $80 billion per day.55
When it was initially launched in December 2017, DAI was collateralized only with ETH and the software company that created it, Maker, is not registered as a MSB (though it could be categorized as a “shadow MSB“). About 18 months ago, DAI transitioned to accept “multi-collateral” which includes other types of coins, such as commercial bank-backed stablecoins. In addition to being listed on most major cryptocurrency exchanges, traders can also buy DAI directly via 3rd party partners (such as Wyre and MoonPay).
However, depending on the day of the week, the proportion of U.S. commercial bank-backed stablecoins can comprise more than 50% of the collateral backing DAI (which is why it was identified by authors of the STABLE Act):
The chart (below) shows the growth (measured by ‘supply’) of the most popular collateral-backed stablecoins this past year.
Assuming the self-reported numbers are correct, this illustrates an increase in USD deposits sitting in banks on behalf of stablecoin issuers.
Note that at the time of this writing about $21.3 billion USDT has been issued and about $4.3 billion of USDC has been issued.
The bar chart (below) shows the daily trading volume of roughly the same collateral-backed stablecoins over the past three year:
Recall from above that in Q4 2020, with a few outliers the trading volume of USDT was between $25 billion to $80 billion per day and the the trading volume of USDC was between $335 million to $1.3 billion per day.
In other words, the average daily turnover for USDT was about 2 to 4 times the amount allegedly deposited with their banking partners. This likelyshows that some forms of leverage, credit creation, and rehypothecation are taking place. 5657
The line chart (below) shows the total value of tokens that are locked up (TVL) in DeFi-related projects over the past ~3 years:
As we can observe above, growth of TVL substantially increased between January 1, 2020 and January 1, 2021 by about 2,000 percent. DAI contributes to about 20 percent of these deposits.
What about Diem née Libra?
With mountains of press and marketing the past 18 months, they are finally planning to launch (soon). What Libra initially proposed in the summer of 2019 (to the chagrin of regulators and payment-related partners) was that Libra would deposit user funds in multiple custody banks (like Citi) but purposefully do it in a way such that no single regulator (such as FinCEN or OCC or the Fed) would have complete oversight. That was shot down and the proposal evolved further the past year.
For example, it initially involved pegging to a basket of currencies (including SGD) kind of like an SDR, but without FSB or IMF oversight. This put commercial banks at risk in part because of non-existent AML controls. Thus the entire proposal was scrapped and a new narrative created through the use of a commercial bank-backed stablecoin similar to USDC.
There are other bits and bobs that we can dive into – such as the older generation of algorithmically “stabilized” coins Nubits or BitUSD – but that’s a separate, mostly irrelevant category of faux stablecoins.
What would happen if issuers of collateral-backed stablecoins had to obtain something akin to a bank charter?58 Last month Paxos (PAX) applied for a national charter in the United States, will other issuers do the same?
While there may be rigorous surveillance at the on-and-off ramps of USDC or USDT today, the same cannot be said for on-chain activity where the “Travel Rule” is ignored or compliance with the BSA is non-existent.
If the self-reported volumes at coin exchanges is accurate, then tens of billions (measured in USD) of these stablecoins are traded each day likely in a non-compliant manner. This undersurveilled activity is part of the motivation behind a new draft rule from the U.S. Treasury department.
For perspective, according to The Block in the first 11 months of 2020 stablecoins hit some hockey stick growth:
Supply grew 322%
Transaction volume grew 316%
Daily active addresses grew 332%
And as mentioned in the first section above, total stablecoin on-chain volume surpassed $1 trillion during 2020.59
If payment processors are held liable for the activities (e.g., knowingly processing payments for scams) that take place on their networks, the argument goes, so should stablecoin issuers. In the past, both Tether and USDC have frozen funds and blacklisted addresses due to law enforcement orders, so at a minimum they should be held to the same standard as a payment processor (but are not).
Either way, it is clear that from trading activity and total-value-locked up (TVL), that the DeFi ecosystem (and all coin worlds really), are reliant on maintaining frictionless U.S. banking access.
Is this DeFi-in-name-only (DeFi-ino)? Without the on-and-off ramps into U.S. banks and most importantly – parasitic access to a stable unit-of-account, arguably the middle (TVL) activity would be a lot less than it is today.60
If the (end) goal or ethos of the DeFi world — and broader anarchic cryptocurrency universe — is to be self-sovereign and enable self-custody and not reliant on U.S. commercial banks or the Federal Reserve, the exact opposite has occurred.61
A quick DAIdiversion
It is not a full barnacle however some have previously argued that DAI could become a victim of its own success. 62
How’s that? Maker’s current governance leans heavily on identifiable humans and VCs which would be hard to quickly anonymize/decentralize. Recall that its human-led governance process modified the collateralization process, allowing new types of coins and tokens to be included.63
As a result:
Often more than half its collateral are other USD stablecoins (none of which have bank charters), so if these are shut down or liquidity severely restricted, this could impact DAI stability and/or liquidity64
Dependence on humans to manage governance and reliance on oracles for exogenous info; these are a single-point-of-failure.
What are some solutions for Maker (DAI), whose investors and developers are identifiable?
Act like cypherpunks, “disappear,” and go fully anonymous making enforcement more difficult65
Eschew the current crop of oracle architecture because it is arguably a single-point-of-failure
Remove collateral whitelists, which is something prominent developers have suggested in the past
Regarding that last point, here’s an example:
Let us check back next year to see what Maker, Compound, and Aave do with their formal governance and collateralization processes.
Worth noting that USDT, USDC, and DAI have either broken their pegs with the USD or at some point dramatically drifted from their pegs. There are multiple reasons why.
For example, in April 2017, USDT dropped below $1.00 and traded at $0.91.
Why the sudden drop?
As mentioned in a previous post, a lawsuit revealed that Bitfinex sued WellsFargo because the bank had refused to process Bitfinex’s international wires. Over a span of a few months, tens of millions of USD had been wired through WellsFargo into and out of four different banks in Taiwan which Bitfinex, Tether Ltd, and other affiliated subsidiaries had bank accounts with. At some point prior to March 2017, someone on the compliance side of WellsFargo noticed this large flow of USD and for one reason or other (e.g., fell within the guidelines of a SAR?), placed a hold on the funds. In early April 2017 Bitfinex’s parent company filed a lawsuit for WellsFargo to release these funds.
WellsFargo eventually returned the USD-denominated funds but without those funds, the peg was unable to withstand sell pressure. In other words, WellsFargo was integral to Tether Ltd’s correspondent banking relationships. About a week later Bitfinex withdrew its lawsuit but not before causing a Streisand Effect.
This was not the first time Bitfinex has been “debanked.” Phil Potter, then-CFO of Bitfinex, gave an interview and explained that whenever Bitfinex had lost accounts in the past, they would do a number of things to get re-banked. In his words:
“We’ve had banking hiccups in the past, we’ve just always been able to route around it or deal with it, open up new accounts, or what have you… shift to a new corporate entity, lots of cat and mouse tricks that everyone in Bitcoin industry has to avail themselves of.”
With this blasé attitude, it is any wonder they are under active investigations from the Department of Justice, the CFTC, and the NY AG.
The ethos of blockchainology is supposedly: “don’t trust, verify.” Above is a tweet from Paolo Ardoino, current CTO of Bitfinex and Tether.
Because no reputable firm will provide regular audits of Tether Ltd, we are left having to trust a non-credible actor.66 For instance, in April 2019, during its legal proceedings with the New York Attorney General, Stuart Hoegner, the general counsel for Tether Ltd admitted that USDT was not backed 1:1 as was claimed on their website. Instead it was running an undisclosed fractional reserve operation that was only uncovered due to this ongoing lawsuit.
“As of the date [April 30] I am signing this affidavit, Tether has cash and cash equivalents (short term securities) on hand totaling approximately $2.1 billion, representing approximately 74 percent of the current outstanding tethers.”
Executives at the parent company (iFinex) would not even acknowledge ownership of Tether Ltd until an exposé from The New York Timesrevealed it was the case due to leaks from the Paradise Papers (be sure to also read Amy Castor’s timeline).
We know historically that other intermediaries have lied or misled users (and investors) of what they do with deposits. For instance, during a series of investigations in 2017 in China, at least two major domestic cryptocurrency exchanges (Huobi and OKCoin) were found to have secretly re-invested customer deposits into other financial instruments.
This type of abuse is the reason why at a minimum regular audits from reputable, independent firms are required for financial service providers. Let us check in next year to see if Tether Ltd gives us more than tweets to audit.
We briefly mentioned this topic at the beginning of the article but worth looking at this closer.
In the early 2010s, several prominent VC-backed fintech efforts insisted they needed carve-outs for what they knew were highly regulated activities.67 Some even hired lobbying organizations to push the “don’t suffocate innovation” meme which persists today in the form of “deregulated finance.”68
For instance, in 2014 the New York State Department of Financial Services (DFS) proposed a new virtual currency regulation dubbed the “BitLicense.” Prior to its enactment in 2015, the same sort of “everyone will leave the US” argument was made by its opponents. Throughout the second half of 2014, DFS held multiple public comment periods, the responses of which were made public. Among others, the EFF submission included the word “innovation” thirteen times. 69 Upon its enactment, a few coin-related companies claim to have left, some vowing never to return.
From a systemic risk standpoint, is society worse off because of the small handful of coin companies that had no intention of becoming compliant with a stricter MSB, let alone a banking license, left New York? No. Is the BitLicense perfect or flawless? No.
But contrary to views of partisans, entrepreneurs continue to seek it out as a stamp of approval: as of this writing there are 25 entities that have been approved for a BitLicense (although a couple overlap).70
Three years after its enactment, in May 2018, coin-focused media gave softball interviews to the “refugees” that left New York, notably Shapeshift and Kraken. Both are cryptocurrency exchanges and had (have?) legal and regulatory issues.
At the time Shapeshift allowed KYC’less transfers to take place. That changed in September 2018 after The Wall Street Journal did an investigation discovering that Shapeshift was being used to launder proceeds of crime such as the infamous WannaCry ransomware.
Perhaps publicly telling the world that you are not going to comply with the BitLicense was a redflag?71
The other prominent “departure” from New York was Kraken, another U.S.-based cryptocurrency exchange.73 The CEO publicly has written multiple articles and posts on social media for why the organization would no longer cater to New York residents. But upon closer examination, in September 2018 the New York Attorney General announced that it had evidence that Kraken was still operating in New York. While that investigation simmers in the background, a year later a lawsuit was filed by Jonathan Silverman, who had run Kraken’s OTC desk in NYC for a couple of years. He sued the exchange because they had stiffed bonus payments. It is unclear what the current status of Kraken’s business is in New York, however, a number of employees appear to reside there.74
Likewise many prominent ICO promoters made similarly grandiose statements after the SEC released its report on The DAO in 2017. That capital pooling and investments would move off-shore and the U.S. would be left behind. Regulatory arbitrage certainly did take place, with hundreds of ICOs being registered in Singapore, Taiwan, and other island nations (such as The Caymans).75 But we also saw that in practice, coin-focused developer teams continue to be hired here in United States.
Shadow banks have always sold themselves as providing competition to the regular banking system. And to a certain extent, they do. But its an undesirable form of competition which causes a race to the bottom.
If other nations want to put their own financial infrastructure at risk due to underaccountable shadow banking – so the argument goes – that is not a great outcome but not a terrible outcome for the U.S. banking system in terms of systemic risk.76 For example, the aim of the STABLE Act is not to globally enforce a regime: it is to prevent systemic risk in the U.S. and this can be done by strictly enforcing existing laws or enacting new laws on entities such as stablecoin issuers reliant on U.S. commercial banks.
This may sound repetitive, one cannot overstress systemic risk in the context of an underaccountable IOU layer, as Tankus once more explains:
The [STABLE Act] is aiming at systemic risk. leaving unlicensed stablecoins as a fringe financial product offered in other jurisdictions unlisted or on minor exchanges that can survive not being able to interact with the U.S. legal system accomplishes the goal
Recall that in the U.S., the only entities that have access (accounts) at the Central Bank are commercial banks. And we empirically know that the credit risk of commercial banks is worse than a Central Bank because there is just one type of money: reserves at the central bank.
Everything beyond coins, notes, and money equivalents is arguably a credit risk. Thus, not only should we want Narrow Banks and FedAccounts created, but from a resiliency standpoint at the very least we should require stablecoin-issuers to stop piggybacking on other commercial banks due to their modus operandi.
Miners and block makers
We have touched on this topic more than a dozen times on just this site alone. Let us look at this issue from a different angle.
Visa and other payment providers are liable for certain activities that take place on their networks, hence why they on-board certain merchants and off-board others that are deemed “higher risk” or whom have violated some law.77 Similarly all FMIs have various binding agreements (MSA, TOS, EULA, SLA), and the penalty for violating them could result in a participant being removed (e.g., Fedwire has a terms of service that is effectively passed on to the users of commercial bank wiring services). ISPs and telecoms are also regulated and permissioned and they can (and do) kick users off for violating their TOS.
Proof-of-work chains like Bitcoin intentionally did not include a ‘terms-of-service’ and by design did not include hooks into any legal agreement or, for that matter, attempt to integrate AML screening of participants.78
But this is just RICO theater: in an “even Steven” world, miners should be held to the same standard as other processors. Assuming some or just one of the frameworks mentioned at the top of this article is ratified, issuers can be held accountable for additional disputes that arise.79 What then of the block makers who process transactions that fail to comply with a specific jurisprudence?
For example, in terms of proof-of-work chains – in practice – nearly all of the mining pools for both Bitcoin and Ethereum are operated by identifiable entities. FinCEN’s 2013 guidance gave miners a carve-out based on the assumption that mining pools were neutral, but in practice they are not and do manually add (or censor) transactions.
For instance, at a public event in 2019, Roger Ver and Tone Vays (aka Anthony Vaysbrod) made a bet on stage regarding sending transactions – and importantly the associated fees – across both the Bitcoin and Bitcoin Cash blockchains. To aide Vays’ attempt to send a below-market transaction fee, Slush (a mining pool), manually included it despite the below-market fee. They were not neutral the opposite to how miners are often portrayed to regulators.
During the frenzy of ICO mania, the rush to get into a “capped” raise meant that some speculators would “bribe” mining pools to guarantee that their transaction could be included in a specific block. For example, in May 2017, a principal at a Canadian-listed fund successfully paid more than $6,000 to an Ethereum mining pool so that his transaction could be included during the sale of the Basic Attention Token (BAT).
We could spend a couple of posts just walking through the subreddit /r/bitcoin in what is basically the de facto customer service forum in the event that a user accidentally sends a mining fee that is too big or small.
What these human-run chains independently highlight are some of the lessons from 2015. How can validators become BSA compliant or apply for a MSB license?80
Why would they need to?
In what became the “permissioned chain” or “enterprise chain” vendor world, startups like Symbiont and Digital Asset first looked at using Bitcoin mining pools to process transactions for regulated financial institutions (e.g., banks) but ultimately walked back for a couple of reasons:8182
transaction fees or payments could be going to sanctioned entities
The discussions surrounding identifiable validators (this paper uses the term “KYM” – know your miner) – and the legal and regulatory buckets they fall under – has been an ongoing topic since at least 2013. The STABLE Act potentially fixes that loophole.83
Why hasn’t law enforcement prosecuted mining pool operators in the past? Partly because of coin lobbying organizations have successfully pushed a one-sided agenda on behalf of their donors and rallied external support by fear mongering about criminalizing node operators.8485
This is a red herring and is not the aim of the STABLE Act; in fact its co-authors believe that would be a bad strategy. But a bigger issue has been a lack of resources. Agencies like FinCEN have in general been underresourced and went after the lower hanging fruit (e.g., ransomware profiteers in Iran).8687 It is an open question whether they will have more resources under a new administration to look at miners.88
With the roll out of real-time transaction monitoring from many different vendors, intermediaries such as cryptocurrency exchanges and mining pools can identify and flag suspicious or illicit activity before participants can fully realize their gains.
For instance, almost four-and-a-half years ago, Bitfinex was hacked and lost 119,756 bitcoins. At the time this was worth about $65 million of actual money. Today that is around $4 billion. The hacker(s) have never been (publicly) caught. Proportionally, this would be equivalent to a large commercial bank losing $20 – $30 billion USD. There have been Congressional hearings for much less.
As I have pointed in previous posts and presentations (slides 10-12), at the time 9 out-of-the-first 10 mining pools that processed the stolen Bitfinex tokens operate outside of the U.S. (specifically in China).89 If a U.S.-based financial intermediary was hacked and $4 billion in customer deposits was stolen, the fine print in the terms-of-service kicks into high gear to protect customers. Despite the billions in VC funding and headline-grabbing coin prices, similar consumer protections do not exist in the coin world.90
Even with the existence of real-time monitoring from multiple vendors, intermediaries including miners have gotten away with profiteering from processing illicit transactions that would have shook up FMIs or PSPs. Ransomware, a blight on critical public infrastructure, and the processing of its transactions are something that well-resourced prosecutors could disgorge.91
The motivation behind anarchic chains, such as Bitcoin and Ethereum, was about creating an alternative, sovereign economy that was independent of any nation-state. But if your alternative economy uses USD (or any other fiat-linked cryptocurrency) as its unit-of-account, it is not really an alternative economy, but a subsystem subordinate to the monetary policy and pricing system of the nation that the system is supposed to be independent of.
If the aim or ethos of anarchic cryptocurrencies is to truly reduce moral hazard (e.g. taxpayer funded bailouts of banks) and systemic risks that unfortunately occur during a financial crisis, the DeFi ecosystem has a long way to reverse the current trend.92 It is not too late and in fact, client pluralism (in Ethereum) is one way to reduce systemic risk.93
“Pegged coins” are clearly fragile because they rely on an exogenous judiciary system to resolve disputes and an exogenous banking system to maintain a unit-of-account. Much of the proposed legislation above should serve as a motivation for building a more resilient on-chain U-o-A.
Perhaps the one call to action is to encourage education around “narrow banks” which could be viewed as a ‘middle ground’ between a bank charter and a MSB.94 If you are interested in learning more on the short history of commercial bank-backed stablecoins, worth re-reading the prequel from 2018 to see what has changed.
I would like to thank the following people for their feedback: AC, RG, RS, RR, CW, MW, LR, JM, PE, FC, JG, JK, KV, DZ, AV, JW, and VB
Send to Kindle
Regarding terminology, one reviewer noted: “By necessity, a stable coin is either subsidized or fictional. Dollars cost money to hold and transact in, so the only way a stable coin can be stable is if the sponsor takes risk on the underlying or uses it as a loss leader. The term has come to imply backing. Which not only is probably not true, it doesn’t necessarily need to be true. Have you ever tried to redeem a “stable coin”? Any stability of a “stable coin” is derived not from the assets backing the coin but by the ability to sell (not redeem) for a fixed amount. Which is of course true until it isn’t.” [↩]
One commenter explained: “In the E.U., MiCA will take a while to be implemented by member states. As a result, some member states are trying to get ahead of the E.U. itself by releasing their own related laws with the aim of attracting market participants; at least until the E.U. comes to a consensus of what it will want to do. Even if being ahead of the E.U. could have short term benefits, it is also extremely important to not deviate from E.U.-wide consensus, so part of this is identifying areas that the E.U. would obviously regulate. One approach, which has been seen in Hong Kong as well, has been a phased approach to regulating cryptocurrencies by first regulating the areas that are easier to regulate (e.g. funds and fund managers, applying existing requirements to those who want to invest in cryptocurrencies), and waiting for things to develop before trying to regulate areas that are hard to regulate (e.g. custody). There is a key difference between a directive and a regulation in the E.U. A directive has to be transposed into law by the member states, which have to update their own legal systems. And when a member state is behind in transposing, like Cyprus for AMLD5, they get put in special working groups and the E.U. can even take legal action toward them. A regulation is already a law that is automatically enforceable across member states.” [↩]
The PWG uses a broad definition: “For the purposes of this statement, “stablecoins” are the digital assets themselves. A “stablecoin arrangement” includes the stablecoin as well as infrastructure and entities involved in developing, offering, trading, administering or redeeming the stablecoin, including, but not limited to, issuers, custodians, auditors, market makers, liquidity providers, managers, wallet providers, and governance structures.” [↩]
Most industry-driven commentary thus far seems to use the term “stablecoin” as if it is a well-defined concept. As one reviewer noted: “Assuming that there is a case for regulating a non-custodial coin, if you push the analysis to try to clearly characterize the type of coin that should be regulated, there is no other way to draw the boundary other than to say: coin that’s designed to track the unit-of-account of any currency that’s considered to be money under the law in question.” [↩]
It could be argued that coin promoters are looking at engagement the wrong way: the onus is not on any government to bend to the needs of coin efforts. Governments should not necessarily be accommodating since it is not a reciprocal or equitable relationship. For example, Satoshi intentionally did not architect Bitcoin to be compliant with any surveillance regime, it has been an one-way conversation — mostly a monologue — from day 1. [↩]
Recall that in both the U.S. and E.U., access to central bank accounts are restricted to commercial banks and handful of non-banks. Rather than create narrow banks themselves or seek central bank access, stablecoin issuers are arguably de-stabilizing the highly concentrated U.S. banking system by building underaccountable shadow banks on top of systemically important financial institutions (SIFIs). If an aim for “DeFi” is protecting consumers and investors, concentrating more activity onto SIFIs is not the way to go. [↩]
One reviewer who previously worked at a central bank noted: “We need to understand narrow banks and think through what they would look like. Even I have skipped this because ‘The Federal Reserve won’t approve them so why bother.'” [↩]
In his November 2020 speech, Andy Haldane, chief economist at the Bank of England, said: “On financial stability, a widely-used digital currency would change the topology of banking in a potentially profound way. It could result in the emergence of something closer to narrow banking, with safe payments-based activities to some extent segregated from banks’ riskier credit-provision activities. In other words, the traditional model of banking would be disrupted.” [↩]
Ironically by vocally defending Tether or USDC, partisans that do not like the Federal Reserve or JP Morgan are actually defending the very entities they claim to dislike, because commercial bank-backed stablecoins are just tokenized deposits sitting in a bank. And each of those banks rely on dollar-clearing services provided by the New York Federal Reserve. In other words, the aspiration of “anarcho-capitalism” is in direct conflict with how all settlement, clearing, and payment FMIs operate today; to use a stablecoin necessarily involves needing an exogenous U-o-A maintained by the Fed. [↩]
Quizzically, the “moral hazard” issue – that taxpayers are once more on the line to bailout commercial banks – has been glossed over by many DeFi and CeDeFi proponents. Again, the benefits of commercial bank-backed stablecoins largely accrue to issuers, traders, and speculators. These are privatized gains. Unless issuers move to a different banking model, they are ultimately relying on socialized losses by taxpayers via FDIC. [↩]
Worth pointing out that the article above is about specific groups of people, not technology. Several years ago Steve Waldman authored the memorable “soylent blockchain” presentation. It is germane because chains – in practice – are (often) run by identifiable humans. [↩]
One reviewer commented: “There probably needs to be a new regulatory framework, such as a narrow bank or something enabled by the STABLE Act because stablecoin issuers do not fit well in existing models. In the U.S., issuers are stuck between obtaining a bank charter versus an MSB so the current framework might accidentally muzzle innovation. If stablecoins grow to a size where meaningful risk – shadow banking, systemic risk, reduced consumer protection – are visible then how to achieve regulatory outcomes without stifling innovation? On the one hand you have the argument ‘if it looks or talks like a bank it should be regulated as one’ and on the other extreme you have ‘if it is involves a blockchain it shouldn’t be regulated.’ Both those polar extremes are wrong. Blockchain advocacy is often full of hyperbole where the centralized implementation doesn’t really follow the decentralization thesis. On the other hand, the financial industry’s default position often is: technology companies that do what we do should be as heavily regulated we are. And then financial institutions use this to curb innovation and secure their moat. The question is: how to have an enlightened discussion without interference from lobbyists in the VC-backed tech world versus the banking industry? There is probably a middle ground approach that does not result in us having to take sides. Narrow banks are one approach although it also could become political.” [↩]
One area that cryptocurrency promoters often claim “innovation” is taking place is in the cross-border or remittance arena. Yet little more than anecdotes are provided to back up that narrative. For a detailed explanation for why this narrative is probably false, see: Does Bitcoin/Blockchain make sense for international money transfers? One reviewer commented: “This is not to dismiss the very real demand for banking services in underserved markets. The majority of companies around the world are SMEs and they provide the majority of global jobs, yet in many cases they have historically had trouble accessing banking services. This dovetails into “open banking” – access to APIs and bank data – which is a different approach from what the cryptocurrency-focused narrative often seeks to market.” Another reviewer explained: “The argument that stablecoins are not inherently as stable because they depend on the underlying creditworthiness of the backing institution is hard to argue against. At first glance, the current generation of stablecoins allow value to reach areas of new economic interest – inclusion – that traditional banks seem to ignore, yet this is likely accomplished by eschewing strict KYC gathering, AML, and CFT compliance that banks are required to conduct.” [↩]
This article does not explore projects like USC or JPM Coin, the latter of which is ultimately backed by the balance sheet of the bank itself. [↩]
Generally speaking, most stablecoins are issued as USD. As one commenter noted: “Recently a subsidiary of GMO, a Japanese IT giant, was authorized to issue a USD and a JPY stablecoin under New York State regulations. I think we’ll see much more of these cross-border combinations. And I don’t see regulators in New York State bowing to an emerging market central bank that doesn’t want to see its currency being wrapped into a stablecoin.” [↩]
One reviewer noted: “Instead of saying ‘e-cash’ I would say ‘e-banknotes’ or ‘shadow deposits’. I think ‘cash’ has specific properties that most of these blockchain/account-based payments systems don’t have. It is too generous to call them cash and for the banking laws, it is the deposit-equivalent that’s the real issue.” [↩]
Another reviewer commented: “In one scenario you effectively end up with a regulatory regime where any stablecoin issuer has to whitelist (or blacklist) the supported chains and then only custodial wallets or KYC’ed wallets can hold coin. An alternative is having to monitor activity and while this can become “theater,” compliance is still robust and the team can point to “we are doing something” that can be tweaked and tightened up. Monitoring obligations may be the route otherwise you end up having to authenticate every address as a stringent requirement. Mandatory KYC’ed addresses could make certain “digital cash” impossible to use.” [↩]
The terms within the STABLE Act also provide latitude for U.S. regulators to create ‘narrow bank’-like structures for these types of issuers. [↩]
The Board of Governors of the Federal Reserve oversees two FMUs in the United States: CLS and CHIPS. CLS was launched about 20 years ago in part to reduce Herstatt Risk. In all cases, users of FMIs and FMUs have large MSAs to agree to. [↩]
The term “Tether” itself connotes a purposeful tie to actual money. And like the term “smart contracts,” stablecoins are neither stable and nor coins. Just a risk disguised as a rational ‘crypto safe haven.’ [↩]
One reviewer commented: “‘1-1 fiat-backed at the Central Bank’ stablecoins are close to narrow banks but far from full license banks. Lending is the risky part of the license. The Ant Group IPO debacle is in part around this distinction. We need to think through what a “just lending” bank looks like.” [↩]
Some of these exchanges allow users to trade a variety of other financial instruments and even add leverage. [↩]
Promoters often claim that these protocols are just tools that help the unbanked but that is another way of saying the ends justify the means. [↩]
The observation around illicit deposit-taking is not new, I even wrote about it more than five years ago. [↩]
One reviewer noted: “The best argument stablecoin issuers have is “Paypal got to do it, why cant we?” the response to which is: Paypal shouldn’t have been allowed to do it, and we certainly shouldn’t repeat this mistake now when we have a real chance to fix up all of this mess.” [↩]
Another reviewer noted: “For stablecoin issuers this ‘fix’ could become a slippery slope resulting in a bifurcation of blacklisted versus white listed addresses (or coins). Today physical cash transactions are not KYC’ed but intermediaries have KYC obligations for a reason: because they are an intermediary engaged in regulated activities (e.g., holding client deposits). One of the innovations with cryptocurrencies was getting rid of account-based money but creating white and blacklisted addresses brings account-based money back in so if that happens why bother using it versus PayPal?” [↩]
State intervention already occurs via taxpayer subsidies to proof-of-work miners removing a raison d’être for proof-of-work mining. [↩]
We know empirically that the credit risk of commercial banks is not zero, hence why the supervisory departments at central banks regularly perform not just audits, but stress tests to see how financial institutions would weather systemic events. [↩]
It is quite common to hear professional coin traders claim that a governmental organization like FinCEN or SEC would never shut down an entity like Tether because the knock-on effect would be devastating… that Tether was “too important to fail.” Concentration of risk this early in the game is not a good thing. [↩]
The FDIC has a history of stepping in and protecting uninsured deposits as well. Do stablecoin issuers believe this is an implicit guarantee for future crises? [↩]
Office of the Comptroller of the Currency’s guidance from October permits national banks to hold fiat stablecoin reserves. This supports the argument that these “projects” are inextricably linked sovereign currencies. And while it is likely that Acting Commissioner Brooks is replaced under the upcoming Biden administration, changing that guidance may not happen. While it can be rescinded it is probably not a high priority and it is clear that some banks were already holding stablecoin reserves and the guidance just gave them more cover. A major caveat comes in its footnote #5 regarding a 1:1 ratio for collateralization that we know, for example, Tether Ltd has lied about before. [↩]
As noted in the Appendix: “Other relevant issues to maintaining the stability, or even basic credibility of a stablecoin relate to legal and operational issues. If the issuer of a stablecoin fails, the assets ideally should be in a legal structure that is “bankruptcy remote” i.e. the holders of the coins can claim the reserves in preference to other creditors of the issuer. The bankruptcy remoteness of the Libra foundation, or even the general recourse Libra holders would have to the reserves of the Libra foundation are currently unclear. For the stablecoins used in cryptocurrency trading such as Tether and the Gemini Dollar there are varying degrees of bankruptcy remoteness. JPM Coin (or almost any commercial bank-issued stablecoin) is supported by the overall balance sheet of the bank. Holders of JPM Coins would most likely be treated like any other bank account holder.” [↩]
Another reviewer commented: “The argument for exchanges and stablecoins to have direct Fed access to my mind is about protecting retail investors. Exchanges and stablecoin issuers encourage retail investors to make fiat deposits. These deposits are uninsured and there is no guarantee that the investor will ever get the money back. Tether specifically says in its legal documentation that it doesn’t guarantee to redeem USDT in actual dollars. Retail deposits can be lent to margin traders with or without the knowledge of the depositor, and they can also be leveraged up and traded by exchanges themselves, since exchanges seem to have no shame whatsoever about commingling funds. Fees can also be high, and naïve retail investors can be vulnerable to hacking if they leave their coins in hot wallets, as I suspect many do. This whole area desperately needs the sort of consumer protection that banks are forced to provide to their depositors. To my mind exchanges and stablecoin issuers should not be allowed to take retail fiat deposits at all unless they are licensed depository institutions, which would give them access to Fed liquidity. And retail fiat deposits on crypto exchanges should have FDIC insurance.” [↩]
A third systemic-like risk that a users faces is if and when a blockchain partitions and forks. Each issuer has a different view on handle these. For instance, according to the USDC User Agreement: “In the event of a fork of USDC, Circle shall, in its sole discretion, determine which fork of USDC it will support, if any.” [↩]
Note that Raphael Auer from the BIS wrote in response: “Interesting but that’s not what we know about the project.” Even if it turns out that the highly esteemed ex-PBoC source was wrong, the tweet still confirms that several things we call CBDCs are not direct claims on the Central Bank. And if they are not, maybe we should just call them e-money or similar terms for new forms of commercial bank money. [↩]
Projects like USC from Fnality are attempting to tokenize reserves at the central bank. While formal approvals have not been made, there is a possibility that non-banks are provided a pathway to opening an account at the central bank. For example, in July 2017, the Bank of England announced that it would allow direct access to RTGS accounts to non-bank payment service providers; this was followed up with a detailed information pack in December 2019. [↩]
There are several parallels between CeDeFi and permissioned-on-permissionless chains. For instance, introducing regulated intermediaries that collect KYC removes the raison d’etre for proof-of-work (as P-o-W was used to make Sybil attacks costly). [↩]
From a technical perspective, if these anarchic systems were fully resilient and sufficiently decentralized, it should not matter what laws are passed or enforced. Why? Because the assumption in 2008 and 2009 was that these proof-of-work networks would be operating in an adversarial environment. Currently the end-points (on-and-off ramps) act as weak, fragile links that can be compromised. As one reviewer quipped: “Based on the outcry on social media, cypherpunks seems to have gotten soft and forgot why proof-of-work is used.” [↩]
‘Nominalism‘ and why it is important to legally enforceable contracts and debt is a tangential point to this. As is nemo dat. [↩]
Some analysts and lawyers refer to a stablecoin as a “pegged coin.” [↩]
Note: TrueUSD (TUSD) was operating for an extended period without registering as a MSB. As of this writing, TrueCoin LLC (a subsidiary of TrustLabs) is now registered with FinCEN. [↩]
One reviewer commented: “Any system that involves trusting some central actor (a bank, an issuer) is not embracing the core element to cryptocurrency innovation, and is mostly just a way of using money over the internet. Since stablecoins (or coins issued by tokenized deposits at banks) fall into that category, I don’t think they’re fundamentally different from the banking I can already do today. I know some people disagree—they think the openness of the ledger still means something important—but I tend to think that’s not that big a deal if you have to rely on centralized actors again.” [↩]
Several of the “rebasing” tokens seem to be replicating the ‘Hayek Money‘ proposal from 2014. Whereas a number of the Seigniorage Shares projects frequently cite a paper authored by Robert Sams. Note: since rebase and Seigniorage Shares tokens do not custody any commercial bank-backed stablecoins, they may not be directly impacted by some of the proposed legislation. [↩]
Silvergate’s total cryptocurrency-related USD balances were up $500 million (39% QOQ) as of Q3 2020. Note: the Silvergate Exchange Network (SEN) is administered and operated by a single entity and is not a distributed ledger (blockchain). [↩]
There were several spikes for USDC beyond that amount, including one $24.1 billion spike on January 3, 2021. [↩]
Tether Ltd is incorporated in Hong Kong and registered with FinCEN, but in searching the Wyoming’s banking regulator, Tether Ltd is currently not listed. To be registered as a U.S.-based MSB, typically Tether Ltd would have to have a license with one of the state banking departments. What this means is: Tether Ltd is a foreign business that has chosen to register with FinCEN but Wyoming does not require MSBs that deal in cryptocurrency to get a state license. So Tether Ltd is operating in Wyoming as a transmitter, but does not have a license. That does not mean that the foreign jurisdiction where they reside regulates them. Many jurisdictions lack any sort of MSB framework. For instance, Canada does not have licenses for MSBs. So a Canadian business that transmits money does not operate by a separate set of rules from any other business, unlike in the U.S. where the state banking departments put limits on what sorts of assets MSBs and transmitters can hold. [↩]
There were several spikes for USDT beyond that amount, including one $211.3 billion spike on January 4, 2021. [↩]
There is leverage in the traditional foreign exchange marketplace too. Statista has a relevant chart showing average daily turnover in the global FX market. [↩]
One reviewer commented: “Credit is a huge part of the current monetary system. We would be wrong to ignore it when we talk about stablecoins, which are interconnected with the financial system. Stablecoin promoters who intend to disrupt this system often don’t understand the very system they are disrupting. For example, some issuers wouldn’t be able to answer how their stablecoins would account for potential inflation or deflation, how supply and demand for these coins would be stabilized, or what happens during a crisis. This also ties back to an understanding of interest rates, which is so often lacking among stablecoin disrupters and is an integral part of the current system. [↩]
Note: one of the common misconceptions of the STABLE Act is that stablecoin issuers would necessarily have to get a bank charter but the language of the actual bill provides lots of flexibility to regulators. [↩]
We do not want to conflate velocity with TVL or rehypothecation either. Without the ability to see an exchanges books, the leverage facilitated by on-chain lending protocols is likely a magnitude order less than the leverage provided by off-chain exchanges. [↩]
One reviewer commented: “The rapid growth in DeFi is directly correlated with the developments of the current generation of stablecoins, and this has been used to justify DeFi’s current value proposition. As a result, I do not see that as a sustainable way to create real value because of the dependency on these types of stablecoins. Programmable money and programmable assets is where the real innovation is and ideally neither should be reliant on pegged coins.” [↩]
In other words: if large portions of “DeFi” applications rely on USDC or USDT, arguably this is incompatible with cypherpunkism or the decentralize-all-the-things meme. [↩]
One reviewer noted that: “Cryptocurrency, like Bitcoin, was supposed to be sui generis. But if you peg or wrap to a fiat currency you are going to fall into regulatory problems. Even if DAI itself was just cryptocollateral they have a human-run governance mechanism and it is pegged to the dollar so it could fall under Securities law or Exchange regulations. If DAI remained entirely crypto, would be less problematic.” [↩]
Maker maintains a public forum in which new types of collateral are proposed and voted on. [↩]
In contrast, RAI only uses ETH as collateral and Seigniorage Shares is re-based solely on endogenous info. It is arguably hard to do but using endogenous data from the chain itself to rebase the coin value leads to a more resilient app and system (e.g. hard to switch off). [↩]
Coin promoters – some of whom call themselves as cypherpunks – can ignore whatever regulations they want but that doesn’t prevent regulators and law enforcement from attempting to regulate and enforce activities in their remit. Over time the modus operandi of some coin promoters has shifted away from an endogenous engineering effort: ‘we have built an anti-fragile sovereign network and exited, so who cares what the government does.’ It has shifted towards an exogenous model, wherein coin promoters ask their followers to write to policy makers and donate to coin lobbyists because a popular “dApp” relies on something that the government regulates. [↩]
Friedman LLP was the most recent auditor and they publicly walked away from Tether Ltd in 2018. See also research from professor John Griffin. [↩]
One germane social media comment: “Stablecoins are IOUs with collateral in state-issued money. You can not expect non-intervention from State if you peg your asset to money issued from State. Stablecoins are Statecoins.” Another said: “If your coin is pegged to the USD, I don’t think you’re sticking it to The Man quite as much as you think you are.” [↩]
Felix Salmon arguably had the most adroit take on the pushback against the STABLE Act. [↩]
Another example: during the summer of 2014, rumors circulated that the BitLicense was about to be enacted (it wasn’t until the following year). During one of these periods, billionaire Tim Draper and his son, Adam, hosted a public meetup at their “university” in San Mateo. Multiple speakers repeated the same erroneous claims that the license would stymie “innovation.” Another memorable exchange was an reddit AMA with Ben Lawsky (then-Superintendent of Financial Services and architect of the BitLicense) in which the word “innovation” was flung around a lot as well. [↩]
Executives from overseas cryptocurrency exchanges used to tell investors and potential investors that they had submitted paperwork to receive a BitLicense. This “impressive feat” was meant to show how “legit” the exchange was. One story involved Bobby Lee, then the CEO of BTC China, telling potential investors in the U.S. that BTC China had filed the paperwork with DFS. But what was left unsaid was that the application was mostly left blank and may actually have never been sent at all. [↩]
Following the WSJ exposé, ShapeShift implemented identification checks for all trading activity. [↩]
Note: I did say something similar to that on stage at the American Banker event. It was a panel that included Barry Silbert, who coincidentally was helping ShapeShift fundraise the next round at that time. It was the only panel whose video was not published online because not all of the panelists would give A/V permission to do so. The funding round was announced two months later. [↩]
Payward Inc is d/b/a Kraken. It is registered with FinCEN as a MSB and has licenses in more than 50 territories and states. Strangely, Kraken’s Chief Legal Officer – Marco Santori – recently said Kraken is not a MSB: “Kraken is not a money transmitter. We haven’t sought licenses in the U.S. This is an alternative path to that, speaking purely from the regulatory perspective. The SPDI charter will help us to satisfy those rules as we seek to bring more and more of the payments flow in-house.” Technically speaking, a MTL is a subset of the MSB but unclear what that means in the context of Kraken or Tether Ltd. [↩]
One of Kraken’s vocal investors, Caitlin Long, lobbied on their behalf in Wyoming and helped them gain approval for an SPDI. It will be interesting to see which bank(s) in New York handle the correspondence wiring between the two states. [↩]
Dozens, perhaps a couple hundred, ICOs have registered in Singapore. The accommodative stance from MAS stems in part due to political influence from senior leaders, some of whom are believed to own ICO tokens. [↩]
One reviewer commented: “It is probably too extreme to requires cryptocurrency exchanges and stablecoin issuers to become licensed banks. I think exchanges and stablecoin issuers that don’t deal with retail investors should be allowed to do what they like on the understanding that if they get into trouble, they will have no help whatsoever from the Fed Reserve or the U.S. government. But exchanges and stablecoin issuers that take retail deposits must be licensed and subject to banking regulation, and there may also need to be legislation to enforce structural separation of retail deposit-taking from crypto trading – something like a modern Glass-Steagall Act.” [↩]
Technically speaking Visa is a card association that provides products to intermediaries, including access to VisaNet. Visa directly competes with China UnionPay and Mastercard. They operate tangentially to Square or Stripe who operate payment gateways on behalf of merchants. In his debate hosted by The Block, Jeremy Allaire conflated USDC issuance with activity on PayPal and Venmo. This is apples-to-oranges because USDC issuance and redemption happens at the very edge. And unlike PayPal and Venmo (who can continuously surveil internal accounts), USDC via Centre cannot on Ethereum. In fact, PayPal will not allow cryptocurrency-related transfers because the organization would be unable to comply with the “Travel Rule” or other FinCEN reporting requirements which by definition would mean USDC operates under a less strict framework relative to commercial banks. Note: other brokers such as Robinhood, Sofi, and Webull also do not allow users to transfer coins. [↩]
There is some irony in how proof-of-work (P-o-W) chains have evolved. Initially P-o-W was used because Satoshi wanted to make Sybil attacks expensive in an adversarial environment with unknown participants including governments. Over time, as the dependency on U.S. and E.U. banks has grown, many promoters are now stating that governments better not (properly) regulate commercial bank backed-tokens despite some of these same promoters linking their KYC’ed wallets to other intermediaries. In theory, anarchic chains maneuver around The Man, by decentralizing and pseudonymizing the set of parties responsible for processing transactions. But in practice, most activity — more than 80% — still takes place between trusted intermediaries. [↩]
From a systemic standpoint holding specific parties (issuers) responsible for activities they permitted (or were involved in) is a positive development. Why? Because, like banks or even payment processors, stablecoin issuers would have to monitor malignant behavior more closely than it does today. [↩]
For perspective, at the state level there are MSB and/or MTO licenses that the entity such as a cryptocurrency exchange has to apply for. A couple of states don’t license this activity, hence why a few large cryptocurrency exchanges have 47 or 48 licenses. At the federal level the entity also registers with FinCEN (and then complies with the BSA). [↩]
I wrote the most widely cited paper on “permissioned chains,” the creation of which was spurred by the inability of P-o-W chains to provide settlement finality or meet other requirements of the PFMIs. [↩]
Bears mentioning that if any anarchic chain has to rely on exogenous legal or financial support then it is not sovereign or anarchic. For example, each day somewhere there are multiplecourts around the world in which aggrieved parties sue one another because of activities involving cryptocurrencies. While some of the outcomes remain as judicial precedent, others could become codified as statutes by legislatures. In either case, the disputes are not being handled on-chain. This off-chain dispute handling is another example of the “parasitic” reliance that anarchic chains continue to have on exogenous legal systems. [↩]
For example, Coin Center published an article scaremongering readers into thinking the STABLE Act would – among other allegations – criminalize node operators. Vocal maximalists did the same thing. Not only are these claims unfounded but neither of these groups are focused on consumer or taxpayer protections. Commercial entities involved in money transmission, payment services, and/or using financial market infrastructure have to comply with a sundry of requirements in each jurisdiction they operate in. Irrespective of how mining nodes or non-mining nodes are categorized in the U.S. (or elsewhere), a “sufficiently decentralized” network should be resilient in an adversarial environment, including one with State-sponsored law enforcement snooping around. No one but faux “crypto lawyers” are talking about outlawing anonymous ledgers or chains. In other words, non-neutral critics are dwelling on remote edge cases that are outside the Overton Window. No law enforcement is going to go door to door searching for a Raspberry Pi node. [↩]
One reviewer explained: “At both the state and federal level, governmental bodies in the U.S. have done a lot of heavy lifting and diligence to understand the cryptoasset and blockchain space. They have given it space to grow and develop, much more so than other innovations like drone deliveries which are just now being approved. For instance, the SEC created FinHub in 2018 which has its own permanent office; and in 2020 the SEC released a safe harbor proposal for special purpose broker dealers for custody of digital assets. If U.S. regulators wanted to kill the cryptoasset space, they could always go to the extent of cutting the cables, and destroying the servers, or using physical force and throwing everyone involved in jail, but what they have done was the opposite. It may have taken a couple of years to build capabilities and get it right, but they have devoted real resources and staff to make sure they understand what cryptoassets and blockchains are.” [↩]
According to a recent article from Politico, the Office of Terrorism and Financial Intelligence is one of the few areas at Treasury under Secretary Mnuchin that has seen a resource bump. This trend could continue under the Biden administration as the recently passed NDAA included provisions (Section 6102) to enhance FinCEN’s capabilities and widen the definition of what a financial institution and money service transmitter are to broadly include other entities such as all virtual asset service providers (VASPs). [↩]
A savvy prosecutor could probably make an easier case for why a mining pool / block maker is legally liable for say, knowingly processing ransomware payments because they are the “issuers” of coins. Whereas it may be harder to build a case against a vanilla non-mining node operator who merely performs non-administrative tasks. [↩]
Run-of-the-mill “validating” nodes are not equivalent to actual miners who process transactions and build blocks. Without re-earthing the multitudinal debates around UASF / SegWit2x circa 2016-2017, mining pools are objectively in a different league. Non-mining nodes are often (but not always) overstated in importance on anarchic chains. With Deadcoins.com as evidence, proof-of-work chains live and die by miner participation. [↩]
Of the ten pools, the sole exception was Bitfury, who uses its political connections in the Republic of Georgia to receive taxpayer subsidies for its massive mining operations. About 10% of the energy production in the Republic goes towards powering Bitfury’s mining rigs. [↩]
This is not an idle thought experiment. In 2016, fraudulent wiring instructions from a compromised SWIFT account of the Central Bank of Bangladesh resulted in multi-year, multi-national investigation. Whereas the hackers attempted to transfer $1 billion to the Philippines, because of the financial controls and fraud detection framework at the New York Federal Reserve (which clears these types of transactions), only 10% of the total funds were transferred and of the stolen funds about 15% has been recovered. In contrast, throughout 2020, the hacker(s) in control of the stolen Bitfinex coins continued to peel off portions of the heist into unknown wallets. The restitution to the Bitfinex victims is itself worth looking at, as it involved the exchange self-issuing two different IOUs (BFX and RRT). Further Balkanization via more tokens by intermediaries is not the answer to hacking, oversight and accountability are. [↩]
One reviewer commented: “In theory, all prudential regulations should be proportional to the risks. In addition to payment versus lending, most stablecoins are likely too small to be categorized as “systemic.” This is not an argument to not regulate them, it is one to phase in levels of regulation on stablecoins based on design and scale. Nobody wants to hear this, but here ETFs are probably a better parallel than banks. Maybe a way out is opening access to Central Bank accounts to stablecoin issuers (not individuals directly) and regulating other types of stablecoins as securities.” [↩]
In the Ethereum world there is clear separation between a reference design (Yellow Paper) and client implementation. In practice, there are multiple independent teams working on different client implementations written in different coding languages. In the event one team disappears or one implementation has a bug and crashes, the network can continue to work. Pluralism creates resiliency. In contrast Bitcoin is developed in the opposite manner: the Bitcoin Core implementation used by block makers is also the reference design. Confusingly, a group called “Bitcoin Core” acts as a gatekeeper to the Bitcoin Improvement Proposal (BIPs) and have used their position to lobby exchanges and miners to prevent or stifle certain alternative client implementations and/or BIPs from being adopted (such as SegWit2x). See: Who are the administrators of blockchains? [↩]
[Note: this is part of a standalone document written by Martin Walker in late 2019. It has been edited and condensed as it provides important considerations surrounding the topic of stablecoins. For more context, be sure to read the accompanying Parasitic Stablecoins article.]
In spite of the relative immaturity of “Stablecoins” as both an asset class and as a form of financial sector technology, they has recently attracted a huge degree of attention from regulators, central banks, academia, the media and many parts of the financial sector. This attention has particularly intensified since the announcement by Facebook of its own stablecoin (Libra) on June 18, 2019.
Reportedly prompted by this, a joint committee was formed by central banks from the G7 group of major economies, the International Monetary Fund (IMF) and the Bank for International Settlements (BIS).1 This group reported its own findings, focusing on potential regulatory and economic impact in October 2019.2
Defining stablecoins can be challenging business because there are already a significant number of variations and some of the most discussed stablecoins are still in development. The most basic and broadest definition includes three main characteristics,
They are intended to perform at least two of the main characteristics of money, acting as a means of exchange and as a short-medium term store of value
They use some variant of Distributed Ledger Technology (DLT) to record and transfer ownership in a similar way to cryptocurrencies such as Bitcoin and Ether
They are intended to have a value that is relatively stable compare to major currencies.
While most research on stablecoins focuses on the economic and regulatory implications, the purpose of the this paper is to present an analysis of the practical implications for key processes such as payments and settlement, not to mention the potential impact on systems within financial institutions and overall financial market infrastructure. Stablecoins as both an asset class and to some extent a form of financial sector. Consequently they have challenges to adoption in terms of competing with the current world and interacting with it.
Stability and Collateral
The most straightforward step to create a form of digital currency that has a stable value is to peg its value to a financial asset with a stable value. Most stablecoins are pegged in value to a specific currency. Tether is pegged in value to the U.S. dollar on a one-to-one basis. Others are pegged (or proposed to be pegged) to a basket of currencies. Libra was originally proposed to be pegged in value to a basket consisting of the U.S. dollar, euro, yen, British pound and Singapore dollar. Other stablecoins attempt to achieve a higher degree of stability by pegging their value to a basket of assets, including cryptocurrencies, in the belief that diversification alone will achieve a higher degree of stability. Finally there are stablecoins pegged in value to commodities such as gold or oil. Claiming to have a pegged value does not (as is discussed below) mean a stablecoin is fully backed by funds in that currency.
Maintaining a peg is much harder than simply claiming a stablecoin has a value pegged to another asset or basket of assets.3 The degree of stability depends on
The type of reserves
The proportion of reserves relative to the amount of stablecoins issued
The nature of the issuer of the stablecoins
The legal structure including the protection of the reserves from the issuers creditors in the event of the issues default
Real or proposed stablecoins have reserves in one or more of the following types
Deposits in a commercial bank marketed as providing one-to-one back – this is the backing claimed by Tether, the Gemini Dollar, Pax and many others.4
Backed by the balance sheet of the issuer where the issuer is a bank. JPM Coin, at least based on initial news about the proposed stablecoin, would be supported by the balance sheet (i.e. the assets and capital of JPMorgan). From a credit and valuation perspective it should be broadly equivalent to funds deposited in a JPMorgan bank account.
Backed by a basket of bank accounts and other financial assets – According to the Libra whitepaper the stablecoin would be supported by assets held by the Libra foundation consisting of bank deposits and short term debt denominated in a basket currencies, subsequently announced as the U.S. dollar, euro, yen, British pound and Singapore dollar.5 Potentially the set of assets held by the Libra Foundation could include central bank reserves, subject to being allowed to open reserve accounts.
Stablecoins backed by a reserve of cryptocurrencies can be one of the most transparent ways of demonstrating the existence of a reserve. If created correctly holders would be able to check the balances of cryptocurrencies held by addresses relevant to the stablecoin. Unfortunately due the relatively high correlation of all major cryptocurrencies to each other means it is unlikely that the degree of diversification that could be obtained would provide much stability.
Algorithmic stablecoins such as the proposed, “Basis” Coin are intended to be a form of currency that had stable value but which was not fully collateralised. The plan for Basis was for it to be partially collateralised but to use an algorithm to maintain stability by buying or selling the coin in the market. The problem with a “currency” created like this is that it creates the incentive to short the asset, perhaps one of the reasons Basis was abandoned.
It is easy to claim a stablecoin is pegged to the value of an established currency and is backed by reserves is not by itself, it is another matter to maintain a stable value for a stablecoin some of which, such as USDT, experience periods of extreme instability.
Central Banks could potentially issue a form of electronic money that had the same economic characteristics as physical cash or central bank reserves. This is typically referred to as Central Bank Digital Currency (CBDC). CBDC could be issued on some form of DLT (making it a form of stablecoin) or a centralised system. While there have been experiments by central banks with central bank money issued on distributed ledgers, no central bank has announced plans to create a “stablecoin.” The People’s Bank of China has been developing the concept of a form of using digital cash (potentially using DLT) for five years but nothing is in production yet. As of late-2019 the closest thing to a real world CBDC system was Ecuador’s failed attempt, the Dinero Electrónico, which was launched in 2015 and closed in 2018.6
Other relevant issues to maintaining the stability, or even basic credibility of stablecoin relate to legal and operational issues. If the issuer of a stablecoin fails, the assets ideally should be in a legal structure that is “bankruptcy remote” (i.e. the holders of the coins can claim the reserves in preference to other creditors of the issuer). The bankruptcy remoteness of the Libra foundation, or even the general recourse Libra holders would have to the reserves of the Libra foundation are currently unclear. For the stablecoins used in cryptocurrency trading such as Tether and the Gemini Dollar there are varying degrees of bankruptcy remoteness. In the USC model, Fnality funds would be set up in a bankruptcy remote structure. JPM Coin (or almost any commercial bank issued stablecoin) is supported by the overall balance sheet of the bank. Holders of JPM Coins would most likely be treated like any other bank account holder.
For any stablecoin to remain truly stable it would need an issuer willing to buy and sell the stablecoin at par, or a very small spread above and below par. Even existing stablecoins with better controls that Tether such as Pax or the Gemini Dollar shows significant fluctuations in price. Convertibility on demand causes challenges for stablecoins, it would increase the probability in most jurisdictions that issuers would need to treat the owners of their coins as their customers for AML/KYC purposes. It would also cause challenges in terms of liquidity management. According to the Libra white paper, only specified liquidity providers will be able to buy and sell Libra directly with the Libra foundation. Other holders of Libra will not be able to redeem their Libra directly. JPM Coins will simply be transferred to or from client’s existing J.P. Morgan bank accounts.
Auditing of the reserves and the controls that are put in place to ensure the reserves are segregated from the issuers other liabilities is another fundamental feature required for maintaining price stability against the assets pegged against. One of the major reasons for the volatility of Tether was the lack of a recognised audit of their reserves and the worry, subsequently proved to be correct, that the Tether was not fully backed by reserves held as bank balances.7
Payment and Settlement Processes
For stablecoins to be effective as a part of conventional Financial Market Infrastructure as opposed to just being a tool to support cryptocurrency trading, they need to support the following fundamental processes that involve the transfer of money, either one way movement or synchronised with the movement of money or securities in the other direction.
Payments in between two parties in the same jurisdiction in the local currency.
International payments typically involve a foreign exchange transaction as the sender’s home currency is converted in the recipient’s home currency. In many cases such as cross-border payments within the Eurozone there may be no need for a foreign exchange transaction.
Delivery versus Payment is the synchronised exchange of a security for cash. DVP is used in both the settlement of purchase/sale of securities and the temporary exchange of cash in securities in areas such as Repo and Securities Lending. In conventional financial markets. Currently DVP requires the use of a trusted third parties such as a Central Securities Depository/Securities Settlement System e.g. DTCC or Euroclear or a custodian.
Payment versus Payment, is the synchronised exchange of two different currencies. PVP is used for the majority of transactions by volume in the foreign exchange payments using the services of CLS Bank.
Holding a financial asset on behalf of the economic owner of the asset. Custodians provide of a variety of services in addition to basic safe keeping of assets including, lending securities, financing long positions and dealing with corporate actions and events.
Temporarily delivering financial assets to another party to offset credit risk is fundamental part of the operation of most financial markets. Collateral in the form of money, securities or other financial assets may be delivered to the counterparty, a central bank, a tri-party agent or a CCP depending on the nature of the transaction
Novation is the transfer or contractual obligations and rights from one of the original parties to a contract to another party.
Domestic payments between customers within the same bank are always the most technically and operationally simple to process. Most banks should have little difficulty in processing payments in anything less than a few seconds and at minimal cost. Fundamentally all users of a particular stablecoin will essentially have an “account” at the same virtual bank, or in the case of JPM Coin or Signet, the same actual bank. Even if a bank has archaic batch-based or even paper-based solutions for internal transfers, using DLT is just one of many possible approaches to speeding up transfers.
Domestic payments between parties that bank use different banks is more considerably more complicated than payments within the same bank because of the need for banks to manage intra-day liquidity in order to avoid running out of the funds required to meet their liabilities.
However huge progress has been made in this area over the last two decades. Payments between parties that bank at different banks has been made close to instant in most developed countries through the implementation of low cost and efficient Real-Time Gross Settlement (RGTS) systems and internationally via initiatives such as SWIFT gpi.
Previously settlement of domestic payments was based on systems that used Deferred Net Settlement (DNS), basically settlement of payments was made at the end of the day after all payment instructions had been received and the net amount each bank owed each other was calculated. The existence of RTGS in over 90 countries has demonstrated that making payments instantly and settling in central bank cash does not remove the problems of liquidity or even credit risk. Central Banks have found the need to implement additional measures to avoid problems resulting from the “lumpy” nature of payments flow between banks, stress conditions and banks passively releasing their own payments after receiving payments from other banks.8
To deal with these issues central banks introduced a variety of mechanisms including Liquidity Savings Mechanisms (LSM), which group together payments before releasing to get smoothing payment flow, targets for the proportion of payments released immediately, and lower fees for the releasing payments earlier during the day. Stablecoins, if they reach sufficient scale, would not get rid of any of these problems and it is likely they would have to replicate the same mechanisms. It is worth noting that as part of its experiment with DLT in domestic payments (Project Ubin) the Monetary Authority of Singapore implemented an LSM using DLT.9
While small scale international payments for many countries can take minutes, wholesale payments can still take days, particularly if they involve the settlement of a related foreign exchange transaction. Based on analysis by SWIFT some of the key sources of delays in international payments include, errors within the systems and processes of both the sending and recipient banks, the need to carry out checks for Anti-Money Laundering (AML) and combatting the financing of terrorism (CFT) and in some countries the operations of exchange controls.
Stablecoins do not innately solve any of these issues, particularly where the desired end result of a payment in a deposit in the bank account of the ultimate recipient in the appropriate currency. More retail-focused stablecoins such as Libra may simplify international payments if Libra is used to directly purchase goods and services. However, holders of Libra (assuming Libra is backed by assets in a basket of currencies) will be exposed to the market risk of fluctuations in exchange rates. It is also unclear what the costs will be on converting into and from Libra.
The need for payment-versus-payments is an essential need for wholesale FX trading, to avoid settlement or “Herstatt” risk. This is risk that one party to an FX transaction delivers the currency they have sold but the other party does not deliver the currency they are owed, for example due to bankruptcy.
PVP currently requires a trusted third-party to manage cash flows including the release of funds when both parties have delivered the required currency. The majority of foreign exchange transactions are settled through CLS Bank, which provides multilateral netting and connections to the RTGS systems of 17 central banks. On a typical day CLS settles $5 trillion of transactions. The ability to net settlements on a multilateral basis for over 90 of the world’s largest financial institutions allows CLS to reduce the net amount of funds that have to be transferred by 96%.10
The potential opportunity claimed for some stablecoins is the ability to implement a PVP mechanism without the need for having a third party involved and a shorter (if not instant) settlement cycle. The mechanisms required to support PVP using a stablecoin depend on where and how the two currencies are represented. Excluding cryptocurrency related stablecoins such as Tether or Pax, there are the following combinations.
Scenario 1 – Currency 1 and Currency 2 are stablecoins created by the same issuer
Scenario 2 – Currency 1 and Currency 2 are stablecoins created by different issuers
Scenario 3 – Currency 1 is a stablecoin and Currency 2 is a fiat currency
Scenario 1 – USC is currently planned for up to 5 currencies and also plans to have separate ledgers for each currency. Therefore to achieve PVP they would need to create smart contracts that operate on two ledgers simultaneously. Fnality plans to use an architecture called Ion produced by Clearmatics but this is still a work in progress.11 Ion is also planned to support PVP between different ledger technologies such as Ethereum and Hyperledger Fabric.
A more commonly discussed model for dealing with assets on different ledgers, potentially ledgers implemented using different DLT is the “Atomic Swap” where a smart contract on one ledger will only allow the transfer of funds if funds have been transferred on the other ledger:
“Atomic swaps solve this problem through the use of Hash Timelock Contracts (HTLC). As its name denotes, HTLC is a time-bound smart contract between parties that involves the generation of a cryptographic hash function, which can be verified between them. Atomic swaps require both parties to acknowledge receipt of funds within a specified timeframe using a cryptographic hash function. If one of the involved parties fails to confirm the transaction within the timeframe, then the entire transaction is voided, and funds are not exchanged.”12
All the proposed technical models for achieving PVP for ledger-based assets are in the early stages of development. In some proposed stablecoins the degree of centralisation of the stablecoin would make it easier to use an established technology and process design to achieve PVP.
Achieving PVP between a stablecoin and a conventional currency, without involving an intermediary is considerably more problematic. The nature of conventional forms of money mean they are inherently centralised either as a record at a commercial bank or a central bank. Possible models of interaction with existing payment infrastructure is described in the next section “Interaction with Current Financial Market Infrastructure.”
In terms of shortened settlement cycles, stablecoins used for PVP are likely to come into competition with services such as CLS Now, which allows same day settlement of FX transactions using PVP for Canadian dollars, Euros, Pound Sterling and US dollars.
Interest Charges and Payments
It is very easy in a low interest rate environment to forget stablecoins are likely to need some capacity for the payment and collection of interest on balances. This is a particularly strong requirement even now for stablecoins that are proposed to be based by central bank reserves.
For currencies (at time of writing) where the central bank has negative interest rates on balances in reserve accounts (for example the -0.5 % charged by the European Central Bank), it will be necessary to pass on the charge to the holders of stablecoins otherwise the issuer of stablecoins will rapidly become involvement. The issuer of the stablecoins (who holds the backing funds in a reserve account) will need to carefully track who held what balances for what time periods and charge relevant holder, deducting interest owed from balance in the stablecoin or be able to charge interest directly if there are insufficient balances in their stablecoin wallet to pay interest. This inherently introduces and element of credit risk.
Similarly, where a central bank pays interest on reserve accounts it will be necessary for interest to largely be paid on to the relevant stablecoin holder otherwise there is a major disincentive (even at low positive rates) for firms to hold balances in stablecoins for anything other than the shortest possible duration.
Delivery versus payment is the synchronised exchange of a security for cash. DVP is used in both the settlement of purchase/sale of securities and the temporary exchange of cash in securities in areas such as Repo and Securities Lending. Currently DVP requires the use of a trusted third parties such as a Central Securities Depository (e.g. DTCC or Euroclear or a custodian).
DVP presents many of the same challenges and opportunities as PVP. Three key scenarios would need to be dealt which are similar to the PVP scenarios.
Scenario 1 – Stablecoin and securities are both created by the same issuer that contains the same overall network but data is stored on different ledgers
Scenario 2 – Stablecoin and securities are recorded on different ledgers run by different organisations and potentially using different forms of DLT.
Scenario 3 – Stablecoins would need to be exchanged for securities where ownership is recorded on a central database controlled by a Central Securities Depository or a Share Registrar.
Neither Fnality, JP Morgan, nor Libra have currently announced plans to issue securities on the ledgers they are planning to build to support their stablecoins. This currently leaves only scenarios 2 & 3 as plausible short-term possibilities. Scenario 2 raises the same challenges described for PVP but assumes a significant number of securities would be available as securities that are initially issued as on a distributed ledger or are tokenised versions of conventional securities.
A “tokenised” security is one where the original security is “immobilised” i.e. held in trust by a third party such as custodian and economically and legally equivalent representation of the security is recorded on a Distributed Ledger. There is currently only a small number of securities either issued on distributed ledgers or tokenised. Those that have been issued are typically small scale pilots. Interacting with a CSD to achieve DVP is problematic for the same reasons as trying to achieve PVP between a stablecoin and a conventional asset.
In the existing financial world, financial assets are held in the name of a third party for a variety of reasons including security and the desire to gain access to the range of service offered by custodians. Custodians provide a range of services that go beyond simply safe keeping of assets. These include operating lending programmes for securities, lending funds against the security of assets held and the processing of corporate actions on securities.
Keeping cryptocurrencies and other crypto-assets with a third party has grown in popularity because of the inherent vulnerability to theft of that most cryptocurrencies and crypto-assets. Obtaining a private key is all that is necessary to transfer all the assets associated with that key.
It is nearly impossible to cancel ore reverse transactions if assets are stolen or even sent to the wrong party by mistake. This is a feature included in cryptocurrencies such as Bitcoin, by design. Reversing transactions in the event of crime or area depends on either law enforcement seizing the private keys or other parties co-operating to return assets (which may have costs) – This is due to lack of central control. Anyone can attempt to “fork” most blockchain based systems but this technical process which basically comes down to re-writing history and pretending certain events did not happen is dependent on the co-operation of a critical mass of infrastructure providers called “miners.” And the loss of the private key means the assets are essentially gone for ever and impossible to retrieve.
Custody of most crypto-assets means handing over the private keys to a third party and attempting to ensure that private key is not used by the third party or their staff to steal. With some custodians, private keys are printed on paper and kept in physical safes. Private keys are broken up into pieces and distributed across multiple systems. In the worst case this simply increases the risk of losing access to the crypto assets.
The need for this form of custody essentially depends on the extent to which a stablecoin is operated on a decentralised ledger. For Libra the extent of decentralisation is currently unclear. For Fnality and JPM Coin the high degree of central issuance makes it unlikely that cryptocurrency type of custody would be required. It is likely that organisations wishing to hold wholesale forms of stablecoins may wish a third party to hold their balances in order to outsource the processing of stablecoin transactions, including payments, receipts and conversion to or from conventional currencies.
The final area of processing that stablecoins would need to support is the ability to give or receive them as collateral. Collateral is provided either to a counterparty or trusted third party such as tri-party agent or CCP to offset the credit risk arising from other financial transactions such as derivatives trades. In principal there should be no major issues providing stablecoins as long as the recipient has the technical infrastructure to process stablecoin transactions, value stablecoins and the ability to represent them correctly in systems such as their risk, finance, accounting and operational systems.
Inter-Operating and Competing with Existing Infrastructure
Stablecoins that are designed to appeal to a wider range of users than cryptocurrencies have to be capable of integration with existing financial market infrastructure. To be accepted by regulators they also need to comply with the appropriate regulations for each jurisdiction. This section describes the types of market infrastructure that will need to be integrated with and the challenges that creates.
The Challenge of Integration
One of the major and inherent weaknesses in the design of cryptocurrencies is the problems that arise when a new form of financial infrastructure is designed without giving any thought to how to integrate with existing infrastructure, whether in terms of market level infrastructure or internal to financial services firms.
The current cryptocurrency industry did not grow to its existing size by operating as a parallel payments and banking system that provides alternative ways to make payments or store value. It grew by throwing away the basic principles of decentralisation and disintermediation by recreating centralised systems (i.e., intermediaries) that kept a parallel record of cryptocurrency holdings to that stored on the ledgers of the relevant cryptocurrency. The repeated hacks, thefts, and other failings consistently demonstrated that this centralised infrastructure to support decentralised assets was seldom built with any regard to meeting the BIS Principles, or even in some cases local laws.13
Challenges to integration largely arise from the factors present in most forms of DLT:
Lack of central control over the operation of the system
Lack of central control of the deployment of changes to code
General inability to stop transactions
General inability to reverse transactions
Global visibility of all transactions
Owners not identifiable
Dependence on a cryptocurrency to pay for processing of transactions
Many of these features have been abandoned or worked around as the various forms of DLTs have evolved but to vary degree represent challenges both in terms of integration to FMI and the operation of the key processes related to settlements and payments. Sometimes to the point where it is questionable why a form of DLT makes any sense at call compared to conventional Centralised or Distributed Systems.
Forms of inter-operability
The following are the potential conventional forms of infrastructure that the next generation of proposed stablecoins will would potentially need to interact with.
In the following section we focus on the conventional types of financial market infrastructure described below that would be significantly impacted by the more widespread adoption of stablecoins.14
“A set of instruments, procedures, and rules for the transfer of funds between or among participants; the system includes the participants and the entity operating the arrangement.” This includes the various RTGS.
Central Securities Depositories (CSD)
“An entity that provides securities accounts, central safekeeping services, and asset services, which may include the administration of corporate actions and redemptions, and plays an important role in helping to ensure the integrity of securities issues (that is, ensure that securities are not accidentally or fraudulently created or destroyed or their details changed).”
Securities Settlement Systems (SSS)
“An entity that enables securities to be transferred and settled by book entry according to a set of predetermined multilateral rules. Such systems allow transfers of securities either free of payment or against payment.”
Central Counterparties (CCP)
“An entity that interposes itself between counterparties to contracts traded in one or more financial markets, becoming the buyer to every seller and the seller to every buyer and thereby ensuring the performance of open contracts.”
“CLS Bank (CLS) is a limited purpose bank for settling FX, based in New York with its main operations in London. It is owned by 69 financial institutions which are significant players in the FX market. It currently settles trades in 17 currencies. CLS removes principal risk by using PVP – you get paid only if you pay. On settlement day, each counterparty to the trade pays to CLS the currency it is selling – eg by using a correspondent bank, as with the example in the previous box. However, unlike the previous example, CLS pays out the bought currency only if the sold currency is received. In effect, CLS acts as a trusted third party in the settlement process.”16
Internal Financial System Infrastructure
The core internal infrastructure of banks and financial institutions. This includes systems used for risk management, P&L calculation, transaction execution and accounting
Payment Systems (PS)
Stablecoins that are backed (in whole or in part) by bank balances at commercial or central banks will need some degree of integration with a payments system or the payments infrastructure of a given bank. This will be necessary to process the receipt of funds that preceded the issuance of new coins, outgoing payments when there is a redemption and potentially payments or receipts of interest on stablecoin balances. A stablecoin based on central bank reserves would generally need to be connected to some of Real-Time Gross Settlement system to minimise delays in the issuance of new coins.
Such integration is generally straightforward assuming the issuer of stablecoins is allowed to access directly relevant payment systems. A more interesting question is the impact of stablecoins as a competitor to conventional payment systems.
A stablecoin denominated in a single currency needs to demonstrate it has some form of superiority in terms one or more of the following
Reduced Operational Risk
Ability make payment conditional on other parts of a financial transaction (as in the case of PVP, DVP etc.)
While at the same time dealing with the challenges of ensuring there is sufficient liquidity in the stablecoin network for parties to meet their obligations. The experience of introducing RTGS in over 90 central banks since 1980s demonstrated that allowing a pure system of gross settlements in payments, with participants free to release payments at any time can cause liquidity issues that need to be dealt with by technical changes, such as the implementation of Liquidity Saving Mechanisms (LSM).17
To quote the New York Fed:
“Liquidity-saving mechanisms (LSMs) are queuing arrangements for payments that operate alongside traditional real-time gross settlement (RTGS) systems. LSMs allow banks to condition the release of queued payments on the receipt of offsetting or partially offsetting payments;”18
Some central banks also created rules/targets for when payments should be released or financial incentives for early release of payments.
Retail focused stablecoins need to be able compete with faster payments, credit card and debit card networks. Payments mechanisms that can be highly efficient in many economies. In cross-border payments, stablecoins need to be able to demonstrate they are a more efficient mechanism for dealing with the major areas of delays and costs such as compliance with AML rules and in some markets exchange controls.
Central Securities Depositories & Securities Settlement Systems
For infrastructure such as Euroclear, DTCC, ASX’s CHESS system or Takasbank in Turkey to perform delivery versus payment, they need to have access to a security register to update ownership records and a funds belonging to participants, either held directly at the FMI or at a Central Bank. They also need to be able to provide trade capture, matching and netting capabilities.
For a stablecoin to be used in the DVP settlement, the FMI needs to be able to directly access stablecoin balances belonging to the participants in trades, either directly or on behalf of participants by a third party. This would require work by both the CSD/SSS and the stablecoin provider. There is no obvious benefit from this arrangement. Other systems belonging to the CSD/SSS would need to be modified to represent what is effectively a new currency. For countries that have long established infrastructure in this area, it quite likely adding an additional currency would require additional effort.
Central Counterparties (CCP)
Any organisation likely to acquire large balances in high quality stablecoins is likely to want to be able to provide those stablecoins as collateral in bilateral transactions, with central banks and with Central Counterparties. Should CCPs chose to accept stablecoins they would need to make significant changes to their systems to interact with the relevant distributed ledgers and set them up as new currencies or asset classes within their systems.
CLS is such a fundamental part of the global financial market infrastructure that any stablecoin that is used on a very large scale is likely to need some degree of integration. It should be remembered though that the vast majority of currencies (by number not importance) are not supported by CLS. Potentially a stablecoin could be added as another CLS currency allowing the benefits of multilateral netting and integration into the core global FX processing. However it would depend on a very high degree of demand and a many regulatory approvals.
In many ways stablecoins compete directly with existing CLS services so it is also questionable the extent to which CLS may support their adoption.
Interoperability with Financial Sector Internal Systems
There are two main areas where the internal systems of financial sector firms would require modification. Their outward facing interfaces that would need to interact with a range of distributed ledgers (unless they outsource this interaction to third parties – essentially creating a new class of correspondent bank) and modifications to inward facing systems such as those belonging to the risk, finance, trading, operations and treasury departments. Perhaps the closet analogy was the creation of an offshore version of the Chinese Yuan, commonly known as “CNH.” Though no wholescale re-engineering was required, it did commonly require changes to be made across a great many systems to recognise the difference between CNH and the on-shore version of the Yuan, “CNY.” This had a particularly large impact for those banks offering services in CNH.
Having two versions (or more) of essentially the same currency creates a great deal of scope for confusion in trading, treasury and support processes. Subtle differences in liquidity and conversion costs also mean that the different versions of the same currency have to be treated differently in many different ways including charges, interest rates and the curves used in pricing positions.
Interoperability with Distributed Ledger Based Infrastructure
Interoperability with emerging infrastructure based on DLT is also likely to create a number of challenges.
Some forms of Market Infrastructure in-progress (or beta) such as ASX’s CHESS system (for securities settlement) and the HQLA-X system for exchange of High-Quality Liquid Assets for lower grade assets are essentially centralised systems that use elements of DLT as part of the overall system design. Interfaces would need to be like any other form of FMI. Those interfaces would need to take into consideration security, privacy and the need for agreed data standards. There would also be the complications of adding what is effectively a new currency.
One of the proposed methods of allowing interaction between different types of ledger or even different instances of the same DLT but recording different assets or used by different parties, is the Atomic Swap. Using this method, funds on the two different ledgers are only released when both parties acknowledge that assets have been transferred. If the two acknowledgements are not received within the agreed time, the assets will be transferred back to the original addresses.
Atomic Swaps are still an emerging technology that have been widely tested in cryptocurrencies. However on a theoretical level they raise governance issues. If assets are on ledgers ultimately controlled by two different parties, whose has governance over the transaction? It also provides an element of optionality to each party to change their mind about whether to go ahead with the transaction. They could simply not deliver and have their asset returned to them. There are similar problems in the current world. Some counterparties have high rates of settlement failure on securities related trades because of issues in their operational processes or systems. Others at times have financial incentives to allow trades to fail, which had created significant problems in the operation of the Repo market.19 This has resulted in stricter rules and fines in many jurisdictions.
Creating stablecoins as forms of either financial market infrastructure (i.e. used by multiple financial bodies in the case of USC or as essentially internal systems, as is in the case of JPM Coin, Wells Fargo Digital Cash or Signet) clearly does not require the use of any form of Distributed Ledger Technology. Most of the use cases ultimately involve some form of book transfer of funds within essentially the same systems. Allowing customers of the same bank to transfer funds between each other in real-time 24*7 at little to no cost is a service provided by many banks today. The only bottleneck to allowing this in other banks is either a lack of willingness to provide the service or the use of antiquated systems that rely on batch processing.
Liquidity issues out of hours
At the market level, real-time payments within a currency bloc, that settle in central bank money have been implemented using Real-Time Gross Settlement Systems in over 90 countries to date. Some of those payments systems such as the Eurosystem’s TARGET2 have been extended to support securities settlement (T2S) and smaller scale instant payments (TIPS). For the cross-border market CLS connects together the RTGS of 17 currencies to allow PVP settlement against central bank reserves.
The challenges faced in creating creditable stablecoins that can grow beyond simply supporting speculation in cryptocurrency trading are large. Stablecoins backed by Central Bank reserves require the explicit backing of the relevant central banks. Stablecoins such as Libra have attracted extreme scrutiny if not outright opposition from Central Banks and politicians both because of concerns over the stability of the financial system and a lack of trust by some politicians in Facebook as an organisation. Any stablecoin that is regarded as a key part of Financial Market Infrastructure is likely to be required to meet strict regulatory controls, reflecting the principles laid out by the BIS in “Principles for financial market infrastructures.”
Creating interoperability between the infrastructure on which stablecoins operate and existing infrastructure, not to mention potential future infrastructure that runs on different versions of DLT is a non-trivial task, not made any easier by the use of DLT. Such interoperability will be vital if stablecoins ever hope to be anything more than parallel RTGS systems.
Finally the obstacles that have been encountered by RTGS in managing liquidity are unlike to be removed by the use of DLT. In many countries the introduction of RTGS, identified the need to create mechanisms to ensure firms did not hold back payments, creating intra-day funding needs, intra-day credit risk and general systemic risk. If is very likely that if stablecoins were used in a significant volume of transactions there would be a need to introduce many of those measure described that had to introduced for RTGS such as Liquidity Savings Mechanisms.
Then there are the challenges with DLT. None of the various forms of DLT have proven themselves at scale and in a regulated environment and it is questionable whether they a better form of technology, even for implementing stablecoins that existing technologies.
Stablecoins may succeed in the long-run if they can demonstrate an ability to support better ways to manage liquidity including broader, if not continuous, settlement cycles for both money and securities. Finally one of the key concepts between more advanced forms of DLT such as Ethereum or Fabric was to allow parties to agree bilaterally or in groups to deploy agreed business logic in the form of “Smart Contracts” that can be executed when transactions are processed. This type of flexibility could be a potential path to the a higher degree of standardisation in processing financial transactions without the need to have a central, and inherently slow moving body, setting standards for a whole area of business or jurisdiction.
[Note: I neither own nor have any trading position on any cryptocurrency. I was not compensated by any party to write this. The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
Summer has nearly arrived in the northern hemisphere and several friends have reached out to ask several unanswered questions and rumors.
Note that many of the questions below are about commercial and trade secrets where there is no obligation to make the information public.
For instance, we could openly ask how much Cargill (the largest private corporation in the US) spends to manufacture its wares but they are under no obligation to provide that to anyone beyond their managers, shareholders, and regulators.
Similarly, most of the companies (and individuals) below are under no obligation to provide answers. However since we think it is in the public interest to know who benefits from certain decision-making (such as who first knew about #NoBugFix last year), we are publishing them here with the aim of answering them over time.
This is a non-exhaustive list and arranged in no particular order:
(1) We were promised a public audit, so who hacked Bitfinex in August 2016? Was it an inside job? Compromised BitGo account? Who was moving the ‘stolen’ coins last month? Will the current NY AG lawsuit versus Bitfinex/Tether reveal these details?1
(2) Ripple’s co-founders gave (granted?) ~80 billion XRP to Ripple Inc. back in January 2013 when it was still called OpenCoin. How much XRP was/is given to early investors like a16z and/or future partners?
(3) When R3 sued and settled with Ripple in 2018, rumors circulated that R3 won the equivalent of ~$500m in XRP and were limited to selling just as Jed McCaleb is constrained by.2 How much was the settlement for and how much XRP has been sold? How much do XRP sales account for R3 and other organizations revenue? For instance, Ripple has sold at least $1.1 billion in XRP to finance its operations through mid-2019. What are the ramifications if XRP is deemed a security?
(4) Three years ago several Bitcoin Core developers were allegedly involved with an astroturfing campaign (such as Antbleed) via coordination in a “Dragon’s Den” Slack room. Was this real and if so, who are these people? Are they still active?
(5) A couple years ago, Jackson Palmer and Angela Walch separately asked who were the people that had merge access in the Bitcoin Core repo. They were rebuffed and told this is a necessary secret to maintain. Is this a secret? If so, why the lack of transparency and who made this decision? How common is this secrecy in other coin projects?
(6) As Bitfinex is an investor in Blockstream, what’s the formal relationship between the two organizations today, specifically with respect to Tether?3 Do either organizations operate OTC trading desks? If so, where and how are those licensed or legally structured?
(7) It is alleged in a lawsuit that EOS organizers recycled its year-long ICO proceeds back into its own sale thereby inflating its raise and generating hype. How much actual coin money from retail investors was sent into this generally solicited ICO?
(6) In April 2017 Bitfinex (briefly) sued Wells Fargo regarding the cutting off of correspondence banking… and a week later withdrew the suit. What were the names of the Taiwanese banks that were supposedly at the center of this (non) compliance controversy? Did these banks eventually reopen accounts on behalf of Bitfinex or Tether?
(7) Based on an interview with George Fogg, a 2015 FT article pointed out that Bitcoin (and likely other coins) has a lien problem: that due to rampant thefts and DNM activity there were probably more claims on specific bitcoins than there were bitcoins.4 What percentage of bitcoin (or other coins) are encumbered today?
(8) A rumor since 2014 is that a US-based coin exchange signed a deferred adjudication agreement with the federal government due to money laundering issues. If true, will it be revealed if/when an IPO is filed?
(9) Since SAFTs are largely considered cadavers in the US, what (if anything) will happen to its creators and early promoters? Enriched and sauntering off into the sunset? Or disbarred and disgorged?
(10) Will deposit-taking coin intermediaries ever be required to comply with federal laws as banks do in the US? Will they simply end up lobbying and moving shell entities into the state of Wyoming for an SPDI?
(11) FinCEN carved out a loophole for proof-of-work miners in 2013. Yet in practice, mining pool operators can and do select or censor transactions.5 Will they be held liable as an MTO or PSP as more value is moved through their machines and regulators catch-on?
(12) It is alleged that Craig Wright has plagiarized and used ghost writers for publishing papers. Who are they and how much were they paid?
(13) Last year, a former senior executive at a US-based coin exchange is alleged to have undue influence on listing coins based on his bags. What, if any, are the internal controls erected to prevent this type of behavior in coin exchanges? Several coin creators and issuers have joined and/or created coin exchanges in the past.6 Have any of them used their position to profit off of the asymmetric knowledge on listing their coins (or others)? If so, how to prevent this in the future?
(14) Lightning Network was frequently marketed as being ‘just around the corner’ yet it appears to have stagnated in activity over the past 18 months. Who(m) is responsible for this continued delay? Will it reach its marketed potential in the next year or too much of a Rube Goldberg machine? When will LN hubs need to become compliant with the Travel Rule?
(15) Who acquired the @Bitcoin user on Twitter last year? Did the acquisition or transfer violate the Terms of Service?
(16) Regarding the revolving door: how many former regulators now work at coin intermediaries? And vice-versa: how many former coin employees work with regulators? With the push for additional stablecoins and potential CBDCs, will there be transparent interactions between regulators (and politicians) and vendors? If a single vendor oversees a proprietary codebase, how will this not result in a Hold-Up problem?
(17) At least one Chinese exchange, pre-2017, went out of its way to support scams like MMM. How many exchanges knowingly profited from allowing MMM or BitConnect-like actors to operate? Are regulated stablecoin issues such as Paxos aware of this?
(18) bitFlyer was accused of knowingly laundering money for the Yakuza. How many other exchanges have done so as well? In a given year, what percentage of exchange revenue comes from laundering the proceeds of organized crime?
(19) A conspiracy theory (joke?) is that whenever a coin exchange operator in South Korea gets a tax bill, they hack themselves in order to reduce the tax liability. Is this true and if so, how much has been pilfered?
(20) Jackson Palmer, Gwern Branwen, and others have poked into the original source code of Bitcoin and found the seeds of a marketplace and poker lobby.7 Was the original goal to also include a coin exchange or DNM?
(21) Why is Coinlab stilldragging its feet during the never ending Mt. Gox bankruptcy proceedings? 8
(22) Was that really Gerald Cotten’s body or is he just mostly dead? Did Cotten act alone as the narrative leads us to believe or did Michael “identity theft” Patryn have a roll in the missing funds? As it was during their honeymoon, is Jennifer Robertson aware of anything odd about the circumstances surrounding Cotten’s death?
(23) Late last year, one of the allegations against Virgil Griffith included somehow helping move a computer system to act as a mining rig across the border to North Korea. We have heard rumors of used, second-hand mining hardware making its way across the same border in the past. Hardware manufacturers have said it is difficult to police because even if they KYC the original buyer, they have no control of where used hardware is sold over time. How much hashrate for Bitcoin or Ethereum and other PoW coins are generated out of North Korea?
(24) Common conversations at events imply that virtually every coin exchange has been hacked yet most simply eat the losses without publicly disclosing it. How many major hacks of coin exchanges in the US have still not been disclosed?9
(25) Several podcasters have openly bragged about not paying taxes on their coin dealings. For instance, the co-creator of a coin launched in 2014 from an organization based in California, now avoids California due to not having paid the state’s capital gains tax. How many others are virtue (vice) signaling? Or are they still counting on lax enforcement?
(26) Ethereum Classic (ETC) is technically the original Ethereum chain. During the debates over the ETH-ETC hard fork in late July 2016, a small handful of investors including Barry Silbert were vocally claiming on social media to support ETC.10 Several subsequent separateinvestigationsinto Silbert’s social media activity raised questions around anti-touting provisions of securities laws. If ETH or ETC was a security in 2016 due to a coordinated hard fork that was notsufficiently decentralized, who could be held liable for actively promoting a coin to unsophisticated investors? For instance, earlier this year actor Steven Seagal was penalized for not disclosing his paid endorsement of Bitcoiin2Gen (B2G). Does touting matter if a coin is or is not a security?
(27) The scandal and fallout around Joi Ito (and MIT) knowingly accepting funds from sex offender Jeff Epstein is still on-going. Last year we learned that Epstein was not just interested in Bitcoin, but he reached out to invest and fund Bitcoin-related companies and efforts (perhaps even DCI). For instance, Elizabeth Stark (from Lightning Labs) pointed out that she turned down an investment offer. Did Epstein put money into entities such as Digital Garage, which Ito co-founded?11 What about Digital Garage’s portfolio companies?
(28) The IOTA mainnet was stopped for days then weeks, and the non-anonymous founders fought in public about past grievances including funds that were supposed to build hardware devices… that were unaccounted for. The IOTA network, like EOS and Cardano, are arguably still centralized due to the smattering of nodes operated by a handful of entities. At what point are these types of networks deemed centralized money transmission operators (MTO) with the need to register with FinCEN and other similar regulators?12
(29) Where is Binance’s headquarters? Their executives often claim to not have offices – even when they are visited by the police… yet these same Binance executives appear in photo-ops on islands and jurisdictions found on the FATF blacklist. Where are they domiciled from a legal perspective? Do they pay taxes somewhere?
(30) In 2017, OKCoin and Huobi were penalized for not disclosing to their customers that they were re-investing deposits in other financial products. It is rumored that other coin exchanges have used their customer deposits and cash reserves to manipulate various coin prices which ultimately wreck retail investors, all because they can see trader’s positions and know exactly what amount of manipulation will close positions. How common is this?
(31) What happened to all of the funds donated to the dubiously self-serving ‘DefendCrypto’ effort? Recall that Kik conducted an ICO because it was running out of fundraising options… and then later sued by the SEC. Were all of the ‘community donations’ simply handed over to their lobbying organization (Blockchain Association) to spend carte blanche?
(32) Why do some coin exchanges employ outspoken tribalists or maximalists? What does this mean for how the exchange treats trades and orders for non-tribal-approved coins?
(33) How much do coin lobbying organizations charge to get fines or sanctions reduced? At least one DC-based organization removed the name of a prominent coin exchange (despite accepting their funds) after a lawsuit from NY AG was announced. Do these types of advocacy / lobbying organizations return the funds from illicit actors? When will the coin holdings of staff at coin lobbying organizations be required to be disclosed?13
(34) Over the past five years, numerous corporates and enterprises have publicly announced partnerships with more than a dozen different coin issuers. Most of these are vanity projects that end after 3-6 months. However, prior to the public announcement, it is alleged that insiders acquire coins with the expectation of a jump in prices.14 How common is this and how to remove this temptation from future decision-makers?
(35) CryptoDeleted was silenced by embarrassed social media personalities as it screen grabbed their boisterous coin shilling. How many other times has this specific type of suspension occurred on Twitter and other platforms with respect to documenting coin shills?
(36) Without providing any proof at the time, several prominent coin promoters claimed to have – or will have – donated large quantities of money to charitable organizations. In the case of Brock Pierce, more than two years ago his plans to donate $1 billion was uncritically reported on. Binance and other coin intermediaries that are in continuous legal limbo, also frequently claim to donate to causes in developing countries or for COVID-19. How much has actually been donated? Do operators believe such donations make up for listing P&D coins that fleeced retail investors?
(37) During the height of the fraudulent ICO boom days of 2017, dozens of coin funds were purportedly spun up to capitalize off the quick pump-and-dump on retail investors that was taken place globally.15 At the time, one article listed 15 such funds, most of whom appear to have fallen to the way side, and at least one (Polychain) that was sued by multipledifferent LPs for lack of transparency. How many of these funds got early access discounts and quietly dumped coins as soon as the coin got listed? How many actually paid taxes on the rumored ill-gotten gains?
(38) Soldering ASIC mining chips into always-on devices has repeatedly proven to be a bad deal for the consumer due to the fixed unit of labor within each device. Yet nearly every year starting with the 21.co toaster and Bitfury light bulb, a new manufacturer jumps into the fray to release yet another one of these environmental hazards. As an aggregate, how many of these all-in-one Earth sizzling devices have been shipped to consumers?
(39) Whatever happened to Halong mining? Their Dragonmint rig was repeatedly hyped by prominent maximalists back in late 2017 and early 2018. They shipped some units but they’ve been silent for a couple of years. Just one-and-done?
(40) With the release of the latest Raspberry Pi 4 and increasingly cheap SSDs, will node operators begin to (again) support larger block sizes? Aside from politics and ideology, what are the show-stopping technical reasons for not doing so? Too much to sync for a mobile device?
Bonus! Is ransomware fully dependent on the liquidity of cryptocurrencies? If so, will regulators and law enforcement eventually close down coin exchanges in order to snuff out this evergrowingparasite?
Again, this list is non-exhaustive and fairly US-centric. It also doesn’t even scratch the surface of C-level executives and apparatchiks who repeatedly use their social media platforms to push “buy the dip” memes onto unsophisticated investors.
Acknowledgements: many thanks to AC, GW, JS, CP, VB, AW, RS, AC, and CK for their feedback and suggestions.
Send to Kindle
Tether Inc. has repeatedly misled the public about the 1:1 backing of its coin. As it has not regularly released an independent audit, some researchers such as Nicholas Weaver, hypothesize that there could be an imbalance that inflates bitcoins price level. [↩]
Note: other partners, co-founders, and early employees are supposedly constrained by similar limits, not just McCaleb. [↩]
Did Blockstream really own a Gulfstream IV? If so, why did a small software company need one? Why did they remove their team page a couple years ago? [↩]
As we have mentioned elsewhere, a fundamental problem for all current cryptocurrencies is that they are not exempt from nemo dat and have no real fungibility because they purposefully were not designed to integrate with the legal system. [↩]
Some mining pools have a service that enables certain customers to pay higher fees to expedite transactions. [↩]
For instance, Charlie Lee (the creator of Litecoin), worked at Coinbase and claims to have had no influence on Coinbase’s decision to list Litecoin. Bobby Lee, his older brother, ran a coin exchange in China called BTCC. Back in 2014, BTCC introduced a marketing campaign for listing Litecoin (“Brothers Reunited“) which Charlie was purportedly involved in. [↩]
Update 6/9/2020: According to a reader who compiled the code: “Original Bitcoin source code included the poker lobby and an eBay-like marketplace with a review system and essentially a sub-currency called “atoms” which were kind of like seller reputation / review kudos tokens.” [↩]
As an aside, is there any additional connotation to Mt. Gox and the term Mutum Sigillium (which means a sealed deposit)? [↩]
As an aside, one US exchange allegedly confiscated and sold CLAM coins that were airdropped on its user base, without their knowledge. [↩]
Other ‘coinfluencers’ involved in the ETC split include Charles Hoskinson. [↩]
Related: what about DeFi infrastructure, how many developers will be forced to adhere to rules and compliance requirements? Clearly most are not in-line with the PFMIs! Also, what was given (negotiated) with the dForce hacker? [↩]
A couple sources claim that multiple personnel at three different DC-based lobbying groups including Coin Center have large undisclosed coin holdings (such as ZEC) which are believed to be a direct conflict-of-interest with how these organizations market themselves as “neutral.” [↩]
For instance, a Fortune 100 company has investigated a former project lead who purchased a large quantity of a coin without disclosing it to the management team; it is believed this person may have even chosen to do this project with the coin issuer in the first place just for the ‘cheap’ coins because from a technical perspective, there was little merit in pursuing this architecture. [↩]
One interesting story during this time frame was in September 2017, when several Chinese government agencies launched a large crackdown of ICOs and shut down many coin exchanges. Law enforcement perused WeChat chat histories to identify P&D ring leaders. A prominent coin investor based in Shanghai was supposedly tipped off and booked a seat on a private airplane from Shanghai for Los Angeles. Upon landing this person then flew to Georgia where they had a home and remained for several months. During this time this individual, in an agreement with Chinese governmental bodies, disgorged a large part of their ill-gotten coin earnings and later returned to China. [↩]
It’s been about six years since I began tracking the fintech space through my market research role at a couple of different firms. Fads have come and gone, a few have stayed. For instance, in the United States, P2P lending was all the rage in the early part of the last decade but has wasted away, despite a growing economy. In China, P2P lending became intertwined with the informal ‘shadow’ banking sector which not only blew up, but led to now notorious multi-billion dollar Ponzi schemes.
We can partially see this illustrated via The Disruption House (TDH), a data and benchmarking analytics firm focused on the financial sector, which found that some of the fintech exuberance peaked almost five years ago.
While this is not a fully comprehensive or exhaustive survey (TDH primarily focuses on wholesale capital markets), what has led to this particular decline? Part of it is unrealistic expectations that promoters failed to manage during the initial marketing phase… such as blockchains killing banks!
Another recurring issue is capital costs. Contrary to the narrative that a couple of bros with laptops in a Silicon Valley café can whip together an app that finally crushes too-big-to-fail banks, most, if not all of the fintech sectors require large capital investments to build out and eventually integrate Widget X, or Base Layer Y, into the existing financial infrastructure.
For example, last fall Apple humblebragged about its partnership with Goldman Sachs for the Apple Card, where on the one hand Apple tried to take credit for creating the product as a tech company but didn’t mention that Goldman also spent $300 million to develop it.
In response, Yakov Kofner, a managing partner at Gartner who focuses on payments and fintechs in general, mentioned last month that: “FSIs love to PR its Agile culture and open banking scale, but when it comes to launching a new product it somehow still requires hundreds-of-million budget and thousands of developers.”
Most startups, irrespective of geographic region, simply do not have the runway to build out these types of products, at least if we’re talking about apps with actual users and not mockups solely intended as Powerpoint viewership.
Another recurring issue is, even after launching a product, a lack of continued traction. Typically, a company that is actually experiencing real continual growth will boast specific metrics, milestones, and KPIs. But in the fintech world, we often see obfuscation:
In some corners of the financial press (like Alphaville), fintech became synonymous with simple user-interface facelifts, or at worst scams.
Despite this possibly cynical take, there are some bright spots of actual engagement. For instance, a couple weeks ago Zelle announced that it processed $56 billion in payments involving 230 million transactions during Q4 2019. This amounted to growth of 14% and 17%, quarter-over-quarter. Altogether they processed $187 billion in payments involving 743 million transactions in 2019. This amounted to growth of 57% and 72% year-over-year.
Yet according to a payments expert, Zelle may be double counting some send-receive volume and that growth is mostly legacy transfers moving to a new rail rather than some new payment use case or business model. In addition, in the United States, Venmo (and others including Square Cash) which is slowly catching up to Zelle in volume, arguably created a new use case, payment model, and improved customer experience (CX). Will these apps eventually vacuum in other features, pulling a reverse of what WeChat did over the years?
To be holistic, let’s look at some other relevant charts from other regions.
CB Insights is an analytics company that, like TDH, tracks venture funding into startup ecosystems. In contrast to TDH, CBI saw increased activity globally in 2018, largely due to the Ant Financial raise. According to an analyst at CBI: “Fintech deals are down year over year, and the deals happening are at later stages.” Note: TDH looks narrowly at the European market whereas CBI’s remit is wider.
Lest we be accused of having an American-centric view (which obviously we do), FTPartners provided some already dated numbers… because the UK is no longer part of Europe as of a few days ago. Will Brexit impact local fundraising?
According to Dealroom, since 2013 fintech-related companies have “created over 2x more value than any tech sector in Europe.” That is interesting considering that venture rounds (and valuations) in Europe are often stereotyped as lagging their peers at the same stage in the United States.
But as we see below, for the past few years, that stereotype appears incorrect.
According to Dealroom, traditional banks are not able to acquire their way into fintech because “they do not have the mandate as their valuation multiples are too low and synergies are likely limited. Instead, financial institutions and other corporates are more involved via partnerships or by investing in minority stakes.”
As someone who has previously worked for a company (R3) that became bank (majority) owned, I find it unusual that some of these companies aren’t fully acquired by a bank or two. But we’ve been told, especially in terms of lending platforms, that some banks – at least in the short run – have found it as an alternative source to try and generate revenue from. So maybe this is just an experimental era? It also bears mentioning that the track record of such acquisitions, or setting up captive fintech subsidiaries, is abysmal, with many ending up being shut down altogether.
China is a touchstone today, more so than other times because of the ongoing coronavirus epidemic. This has also turned a bit personal as my wife is from northern China, as is our au pair. While we are all hoping for the best and for a speedy recovery, it is likely that deals and deal flow this year will look a lot different than they have in the past few years.
Perhaps the most well known of the most recent exits (and coincidentally largest) is ZhongAn, an insurance company, who exited at an inflated valuation. How do we know? Because it has lost more than 60% from its peak after going public in late 2017.
We could, but won’t, go into the topic of P2P lending, but we’d like to give readers an idea of what happened aside from the aforementioned Ponzi schemes. According to the South China Morning Post: due to rampant fraud, all of China’s 427 remaining P2P lenders (from 6,000 back in 2015) will have to either close down within two years or become qualified small loan financial institutions.
Worth pointing out that this sector, P2P lending, meant the original fintechs before that word became popular. While they all started as P2P, they quickly pivoted to institutional capital. Many of them also promised incredible data insights by using social media feeds only to later default back to good old credit scores and cash flow analysis.
Does that mean all of the companies in the CBI chart above will suffer the same fate? No, but remaining grounded and realistic in the face of relentless positive press releases might be the balanced approach.
To round out this important region, let’s look at a larger breakdown.
According to FinTech Global, fintech investments between 2014-Q1 2019 in China reached a cumulative $60.1 billion. The largest aggregate was payment and remittances companies, which received $24.7 billion in funding. It’s also worth pointing out that one company, Ant Financial, distorts the overall number as it raised $14 billion in its series C and is currently valued in the private market at around $150 billion. Is this another WeWork valuation or a more legitimate Plaid valuation?
From the charts above it appears we are too early to say much other than the fintech world as a whole has a lot of work to do to deliver the claims it made to users. Capital seems ample but identifying legitimate operators, as in any sector, appears to be one of the largest ongoing challenges.
It is generally faux pas to add a new factoid in the conclusion of an article, but we’ll self-certify this exception.
The spastic world of cryptocurrencies and blockchains arguably has yet to deliver on its ballyhooed promises beyond speculation, ransomware, and get-rich-quick schemes.
In aggregate, despite the billions in deals, as shown in the diagram above, there is a marked decrease in the word “blockchain” during earnings calls in 2019 compared to the previous year.
Why? Hype is subsiding. If we measure success based on user growth, increased revenue, and acquisitions (or public listings) we do not see much new activity outside the realm of mining, trading on exchanges, and throwing large conferences. And most activity targeting “the enterprise” is hovering around the relatively mundane documentation management and provenance arenas.
To be fair, there is a fundamental difference between conventional fintechs and the wild anarchic world of cryptocurrencies. There are definitely fintechs which brought massive value – and markedly improved CX – to businesses and consumers, including Lemonade, Next Insurance, and of course Ant Financial. Besides, valuations may not be the best measurement of the success of an industry.
Let’s follow-up in a couple of years to see what infrastructure is used and sustainable business models have silenced critics. Until then, a healthy dose of skepticism is warranted and seems justified in an era of anonymous twitter accounts reliably documenting… VCs congratulating themselves.
More than a couple of people have asked for an update to a popular post published 14 months ago.
What has changed?
Before we begin, a quick reminder: the basic security model behind proof-of-work (PoW) blockchains is to make it economically costly to successfully rewrite the chain’s history. Finite resources, whether it is in the form of electricity or semiconductors, have to be consumed.
Therefore, a PoW chain such as Bitcoin, cannot simultaneously be secure and inexpensive to operate. Because if it was inexpensive to operate it would also be inexpensive to successfully attack.
For Bitcoin, Bitmain announced its S17e system which can churn out 64TH/s. Each machine consumes ~2880 watts at the wall. The first of these units are scheduled to be shipped to customers in November (however other less powerful variants shipped during the summer).
The current Bitcoin hashrate has been oscillating around 100 million TH/s the past few weeks.
If the entire network was comprised of the unreleased S17e-based machines, there would be around 1.56 million of them. In a given year these would gulp down about 39.4 billion kWh. But we know that is not the case yet. Thus, this will serve as our lower bound.
Bitmain is also shipping several other newly released systems, including the T17e. Like its cousin above, the T17e also consumes about ~2880 at the wall. But it is not as efficient per hash: creating only 53 TH/s with the same amount of electricity.
Why manufacture and sell two (or more) different machines that draw roughly the same amount of power?
Cost. the T17e costs $1665 and the S17e is $2483. The target market for the T17e is supposedly for miners who have low or no electricity costs.
How many T17e’s would it take to generate the 100 million TH/s network hashrate? About 1.88 million; or an additional 300,000 more machines than the S17e.
A quick pause. these types of bulk purchases are not idle speculation. In the middle of last summer, during a two-week period of time, the equivalent of 100,000 mining machines was added to the Bitcoin network (likely early variants of the S17). This is a reversal from last November, wherein the equivalent of ~1.3 million S9s were taken offline during one month.
Again, we know that in practice that there are many more less efficient miners still online. But crunching the numbers, 1.88 million machines each pulling in 2.88 kWh over one entire year results in… ~47.6 billion kWh annually.
Another Bitmain machine purchasable today is the new T17 that generates 40 TH/s, drawing about 2200 watts at the wall. It would take about 2.5 million of these to generate the Bitcoin hashrate all while consuming… ~48.2 billion kWh per year.
To be thorough, Bitmain released the S9 SE in July which generates 16 TH/s, drawing 1280 watts. It’s unclear how many of these have been sold but if the entire network was comprised of these: 6.25 million would need to be used. And they would collectively guzzle ~70 billion kWh. This would be a plausible upper bound.
For comparison, if Bitcoin (T17) were its own country it would at minimum consume roughly the same amount of electricity as Romania or Algeria. If the network were comprised of just S9 SE’s, that’d be about the energy footprint of Austria. In either case, very little is value is produced in return… aside from memes and lots of social media posts. And no, despite historical revisionism by maximalists, “hodling” is not what Bitcoin was originally designed for.
As mentioned in the previous post: no other payment system on earth uses the same amount of electricity, let alone aggregate number of machines, as a PoW coin network. That is a dubious distinction.
In looking at my previous post you will see a similar figure. In August 2018, using the (older) S9 machine (~13 TH/s) as a baseline, the Bitcoin network consumed about ~50.5 billion kWh / year.1 Some of these types of machines (like the S9 SE) are still on.
Thus whenever you hear a PoW promoter claim that:
Bitcoin doesn’t use much electricity; or
Bitcoin’s electricity usage will naturally decline over time; or
Bitcoin is more efficient than traditional payment systems
You can rightly tell them all of those claims are empirically false. In fact, the only way for the resource demands of a PoW coin to decline is if there was a long decline in the coin price.
What do taxpayers – who underwrite the state-owned utility companies – get in return for subsidizing these energy guzzlers? New economic zones of growth and prosperity?
Nope. According to Chainalysis, in a given day more than 90% of activity on the Bitcoin network is simply movement from one intermediary to another. 2 Coin trading is by far the largest category.
And since most of these coin intermediaries increasingly require some form of KYC / AML compliance, the Bitcoin network has morphed into a expensive permissioned-on-permissionless network that has the drawbacks of both and the benefits of neither. There is no point in using PoW in a network in which all major participants are known: Sybils no longer exist.
A common refrain by PoW promoters is, Christmas lights and set-top boxes also consume huge amounts of energy!
First of all, that’s a whataboutism. But it also ignores how several Bitcoin mining manufacturers have actually tried to embed chips into these wares.
Bitmain has a couple of routers called the Antrouter that will mine either BTC or LTC for you.
As you can imagine, a fixed unit of labor eventually becomes unprofitable once difficulty levels increase. It’s the same fundamental problem that faced the 21.co toasters. Thus neither of these took off (the light bulb didn’t ship) even though retail users often keep both their home routers and living room lights on all day. Historically PoW equipment becomes e-waste fast and the last thing consumers want is embedded e-waste that guzzles electricity.3
We haven’t even touched on other PoW coins such as Ethereum, Bitcoin Cash, or Monero… but it is worth pointing out that nearly all of the money going to miners via the block reward is value leaking from the system, either to semiconductor manufacturers or state-owned utilities.
This isn’t idle speculation either, as Nvidia counted on massive consumption of its GPUs in early 2018 which didn’t materialize due to the crash in coin prices. This led to a glut of high-end GPUs in its channel partners, which hit Nvidia’s bottom line and was later reflected by a 50% decline in share prices (the same phenomenon impacted AMD too):
Apart from a couple of small investments, the value that a couple of semiconductor manufacturers or a clique of state-owned utilities receives via mining is money that is not being invested towards developing the chain itself.
And some of these mining manufacturers have privatized gains at the expense of taxpayers. For instance, Bitfury, used its political connections to obtain cheap land in the Republic of Georgia where it setup massive mining farms:
“The efforts have given Georgia, with 3.7 million people, a dubious distinction. It is now an energy guzzler, with nearly 10 percent of its energy output gone into the currency endeavor.”
In Kyrgyzstan, 45 “crypto” mining firms consumed more energy than three local regions combined:
“[They] consumed 136 megawatts of electricity, which is more than the amount consumed by three Kyrgyzstan regions: Issyk-Kul, Talas and Naryn.”
Uzbekistan’s Ministry of Energy has introduced a new bill that would dramatically increase the electricity price to miners who are viewed as being “very energy intensive.”
We could probably create an entire post on these types of stories too.
At least Bitcoin is “decentralized,” right?
While the farms may be geographically dispersed to areas with the cheapest electricity, the mining pools, mining manufacturers, and other infrastructure participants are a small and centralized enough group that they can fit into a hotel for regular conferences.
Unlike Bitcoin, Bitcoin Cash has seen a dramatic decline in hashrate since it peaked at over 5 million TH/s earlier in the summer. It is now oscillating around 2.5 million TH/s.
For Bitcoin Cash, with a Bitmain S17e system, remember it generates 64TH/s and consumes ~2880 watts at the wall. If the entire network was comprised of the unreleased S17e-based machines, there would be around 40,000 of them. In a given year these would use about 985 million kWh. This will serve as our lower bound.
Bitmain’s S9 SE generates 16 TH/s, drawing 1280 watts. It’s unclear how many of these have been sold but if the entire network was comprised of these: ~156,000 would need to be used. And they would collectively use ~1.75 billion kWh. This would be a plausible upper bound.
Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 150, betweenBenin and The Bahamas. Compared with last year (when it was around 122), this decline is largely due to the nearly 60% price decline in BCH. This once again illustrates that hashrate follows price (e.g., miners expend capital chasing seigniorage).
Coupled with “the thirdening” in February (in which block rewards declined from 3 to 2 ETH), and an overall decline in ETH prices, hashrate also declined over the past year:
According to Coinwarz, the hashrate is oscillating around 200 TH/s, about 1/3 it was when the previous article was written.
A proposed ASIC from Linzhi that hasn’t been built or shipped aims to generate 1400 MH/s with an electricity consumption level of 1 kWh. As the story goes:
To put those figures in perspective, NVIDIA’s GTX TitanV 8 card is now one of the most profitable piece of equipment on the ethash algorithm, able to compute 656 MH/s at an energy consumption level of 2.1 kWh, according to mining pool f2pool’s miner profitability index.
There are a couple of other ASICs on the market including one from Innosilicon and another from Bitmain. The previous post looked at the same Innosilicon A10 on the market, so to simplify things and because the Bitmain machine is roughly just as efficient, let’s reuse it here.
The A10 generates 485 MH/s and consumes ~850 W. The Ethereum network is around 200,000,000 MH/s. That’s the equivalent of 412,371 A10 machines.
Annually these would consume about 3.1 billion kWh per year. Around 132, about as much as Senegal or Papua New Guinea.
If we used the GTX TitanV 8 card, as described in the article above, we find that 304,878 GPUs would be used. These would consume 5.6 billion kWh per year. That’d be around the same amount that Mongolia does annually.
This is one of the reasons why Ethereum is transitioning over to proof-of-stake. As Vitalik Buterin said last year:
I would personally feel very unhappy if my main contribution to the world was adding Cyprus’s worth of electricity consumption to global warming.
Will the nebulously defined “DeFi” on an actual proof-of-stake system change the usage dynamics in the future?4
Litecoin, better known as Bitcoin’s other testnet, has seen its hashrate decline along with its price.
For simplicity sake, let’s call it an even 300 TH/s which coincidentally it was at 14 months ago too. CoinWarz says it is also currently around that, who are we to argue with them?
As mentioned in the previous article, Bitmain’s L3+ is still around. It generates ~500 MH/s with ~800 watts. A slightly more powerful L3++ is on the market as well.
There are the equivalent of about 600,000 L3+ machines generating hashes.
As an aggregate:
A single L3+ will consume 19.2 kWh per day
600,000 will consume 11.5 million kWh per day
Annually: 4.2 billion kWh per year
It would be placed around 124th, between Moldova and Cambodia.
According a distributor, the Antminer L3++ specifications:
Hash Rate: 580 MH/s ±5%
Power Consumption: 942W + 10% (at the wall, with APW3 ,93% efficiency, 25C ambient temp)
If only L3++’s were used, the outcome would be about the same. 5
This consumption is pretty absurd once we factor in things like how there is only a couple of active developers who basically just merge changes from Bitcoin into Litecoin.6 In other words, one of the largest PoW networks has very few users or developers, yet consumes the same amount of energy as Moldolva. How is that a socially useful innovation?
Note: an easy way to double-check our math on this specific one: the price of LTC is nearly the same today as it was 14 months ago. Ceteris paribus, miners will expend capital no higher than the coin price, to ‘win’ the seigniorage.
In terms of mining, it appears that several decisions makers (administrators?) in the Monero world really dislike ASICs. So much so that they routinely coordinate forks that include “ASIC-resistant” hashing algorithms. Stories like this are mostly just PR because we know that any PoW coin with a high enough value, will eventually become the target of an ASIC design team.7
From the chart above, you can clearly see when the forks occurred that added “ASIC-resistance.”
Compared with the previous article, the hashrate has declined by about 1/3rd to about 325 MH/s. And it is believed that most of this hashrate is generated by GPUs and CPUs.
There are lots of how-toguides for building a Monero mining rig. Rather than getting into the weeds, based on this crazy 12-card Vega build, the user was able to generate 28,100 hashes/sec and consume 1920 watts. That’s about 2341 hashes per card (more than 10% faster than the one used in the previous article).
That’s about 138,829 GPUs each sipping 160 watts. Altogether these consume 194 million kWh annually. That’s likely a lower bound for GPU mining.
If we reused the Vega 64 mentioned in the previous article, there would be about 162,500 GPUs at the current hashrate. These would consume around 228 million kWh annually.
Not surprisingly, coupled with the “ASIC-resistant” fork and a coin price decline of nearly 50%, this resulted in about 1/3 energy used from the previous year. But this is still not an upper bound because it is likely that CPUs contribute to a non-insignificant portion of the hashrate via persistent botnets and cryptojacking.
Based on the same electricity consumption chart as the others, Monero would be placed somewhere above Grenada and the Mariana Islands. Perhaps a bit higher if lots of CPUs are used. Remember, this is called CPU-cycle theft for a reason.8
In aggregate, based on the numbers above, these five PoW coins likely consume between 56.7 billion kWh and 81.8 billion kWh annually. That’s somewhere around Switzerland on the low end to Finland or Pakistan near the upper end. It is likely much closer to the upper bound because the calculations above all assumed little energy loss ‘at the wall’ when in fact there is often 10% or more energy loss depending on the setup.
This is a little lower than last year, where we used a similar method and found that these PoW networks may consume as much resources as The Netherlands. Why the decline? All of it is due to the large decline in coin prices over the preceding time period. Again, miners will consume resources up to the value of a block reward wherein the marginal cost to mine equals the marginal value of the coin (MC=MV).9
This did not include other PoW coins such as Dash, Ethereum Classic, or Bitcoin SV… although it is likely that based on their current coin value they each probably consume less than either Litecoin or Bitcoin Cash.
Thus to answer the original question at the beginning, the answer is no.
PoW networks still consume massive amounts of electricity and semiconductors that could otherwise have been used in other endeavors. Some of these power plants could be shut down entirely. PoW-based cryptocurrencies crowd out and bid up the prices of semiconductor components.10 Apart from a few stories designed to pull on our heartstrings, little evidence exists (yet) for PoW coins creating socially useful economic output beyond moving coins from one intermediary to another.
And because most coins are mined via single-use ASICs, they generate large amounts of e-waste which leaks value from towards a small clique of semiconductor manufacturers and (mostly) state-owned utilities, neither of whom typically contribute back to the coin ecosystem.11 Will this change in the next 14 months?
I – and many others – have written about this before. PoW mining is a Red Queen’s race — miners are incentivized via block rewards to expend additional capital on mining, but the total reward available to miners is fixed. Thus while chip efficiency may increase each generation, miners as a whole increase capital outlays for equipment rather than reduce. [↩]
According to The Token Analyst, nearly 7% of all mined bitcoins reside in exchanges. [↩]
Another way some have used to describe Bitcoin is an ASIC-based proof-of-stake. But really it is DPOS but not with the “D” that you may be thinking. Since mining equipment rapidly depreciates (with a typical lifespan of less than 18 months), Bitcoin arguably uses depreciating proof-of-stake. [↩]
According to both DappRadar and State of the Dapps, there has been about a marketed increase in “users” and Dapps (although they combine all Dapp platforms, not just Ethereum). [↩]
Although obviously, as in all examples above, there are loses in efficiency as the energy travels from the power plant all the way through the grid and into a home or office. [↩]
If there is only one actual developer maintaining the Litecoin codebase, how is this ‘sufficiently decentralized’ or not an administrator under FinCEN’s definition? Even the “official” foundation is basically out of funds. [↩]
Wouldn’t it be interesting if a few botnet operators or sites like The Pirate Bay were moonlighting as Monero developers, so they could directly benefit from CPU mining? [↩]
Outright theft continually takes place. For instance, a Singaporean allegedly stole $5 million worth of computing power to mine bitcoin and ether, and “for a brief period, was one of Amazon Web Services (AWS) largest consumers of data usage by volume.” [↩]
A friend of mine sent me a copy of The Truth Machine which was published in February 2018. Its co-authors are Michael Casey and Paul Vigna, who also previously co-wrote The Age of Cryptocurrency a few years ago.
I had a chance to read it and like my other reviews, underlined a number of passages that could be enhanced, modified, or even removed in future editions.
Overall: I do not recommend the first edition. For comparison, here are several other reviews.
This book seemed overly political with an Occupy Wall Street tone that doesn’t mesh well with what at times is a highly technical topic.
I think a fundamental challenge for anyone trying to write book-length content on this topic is that as of 2018, there really aren’t many measurable ‘success’ stories – aside from speculation and illicit activities – so you end up having to fill a couple hundred pages based on hypotheticals that you (as an author) probably don’t have the best optics in.
Also, I am a villain in the book. Can’t wait? Scroll down to Chapter 6 and also view these specific tweets for what that means.
Note: all transcription errors are my own. See my other book reviews on this topic.
on p. x they write:
The second impact is the book you are reading. In The Age of Cryptocurrency, we focused primarily on a single application of Bitcoin’s core technology, on its potential to upend currency and payments.
Would encourage readers to peruse my previous review of their previous book. I don’t think they made the case, empirically, that Bitcoin will upend either currency or payments. Bitcoin itself will likely exist in some form or fashion, but “upending” seems like a stretch at this time.
On p. xi they write in a footnote:
We mostly avoid the construct of “blockchain” as a non-countable noun.
This is good. And they were consistent throughout the book too.
They spent several pages discussing ways to use a blockchain for humanitarian purposes (and later have a whole chapter on it), however, it is unclear why a blockchain alone is the solution when there are likely other additional ways to help refugees.
For instance, on p. 3 they write:
Just as the blockchain-distributed ledger is used to assure bitcoin users that others aren’t “double-spending” their currency holdings – in other words, to prevent what would otherwise be rampant digital counterfeiting – the Azraq blockchain pilot ensures that people aren’t double-spending their food entitlements.
But why can’t these food entitlements be digitized and use something like SNAP cards? Sure you can technically use a blockchain to track this kind of thing, but you could also use existing on-premise or cloud solutions too, right? Can centralized or non-blockchain solutions fundamentally not provide an adequate solution?
On p. 4 they write:
Under this new pilot, all that’s needed to institute a payment with a food merchant is a scan of a refugee’s iris. In effect, the eye becomes a kind of digital wallet, obviating the need for cash, vouchers, debit cards, or smartphones, which reduces the danger of theft (You may have some privacy concerns related to that iris scan – we’ll get to that below.) For the WFP, making these transfers digital results in millions of dollars in saved fees as they cut out middlemen such as money transmitter and the bankers that formerly processed the overall payments system.
Get used to the “bankers” comments because this book is filled with a dozen of them. Intermediaries such as MSBs and banks do take cuts, however they don’t really dive into the fee structure. This is important because lots of “cryptocurrency”-focused startups have tried to use cryptocurrencies to supposedly disrupt remittances and most basically failed because there are a lot of unseen costs that aren’t taken into account for.
Another unseen cost that this book really didn’t dive into was: the fee to miners that users must pay to get included into a block. They mention it in passing but typically hand-waved it saying something like Lightning would lower those costs. That’s not really a good line of reasoning at this stage in development, but we’ll look at it again later.
On p. 6 they write:
That’s an especially appealing idea for many underdeveloped countries as it would enable their economies to function more like those of developed countries – low-income homeowners could get mortgages, for example; street vendors could get insurance. It could give billions of people their first opening into the economic opportunities that the rest of us take for granted.
That sounds amazing, who wouldn’t want that? Unfortunately this is a pretty superficial bit of speculation. For example, how do street vendors get insurance just because of the invention of a blockchain? That is never answered in the book.
On p. 7 they write:
The problem is that these fee-charging institutions, which act as gatekeepers, dictating who can and cannot engage in commercial interactions, add cost and friction to our economic activities.
Sure, this is true and there are efforts to reduce and remove this intermediation. The book also ignores that every cryptocurrency right now also charges some kind of fee to miners and/or stakers. And with nearly all coins, in order to obtain it, a user typically must buy it through a trusted third party (an exchange) who will also charge a markup fee… often simultaneously requiring you to go through some kind of KYC / AML process (or at least connect to a bank that does).
Thus if fee-charging gatekeepers are considered a problem in the traditional world, perhaps this can be modified in the next edition because these type of gatekeepers exist throughout the coin world too.
On p. 8 they list a bunch of use-cases, some of which they go into additional detail later in the book. But even then the details are pretty vague and superficial, recommend updating this in the next edition with more concrete examples.
On p. 9 they write:
Silicon Valley’s anti-establishment coders hadn’t reckoned with the challenge of trust and how society traditionally turns to centralized institutions to deal with that.
There may have been a time in which the majority of coders in the Bay area were “anti-establishment” but from the nearly 5 years of living out here, I don’t think that is necessarily the case across the board. Recommend providing a citation for that in the future.
On p. 10 they write:
R3 CEV, a New York-based technology developer, for one, raised $107 million from more than a hundred of the world’s biggest financial institutions and tech companies to develop a proprietary distributed ledger technology. Inspired by blockchains but eschewing that lable, R3’s Corda platform is built to comply with banks’ business and regulatory models while streamlining trillions of dollars in daily interbank securities transfers.
This whole paragraph should be updated (later in Chapter 6 as well):
The ‘community’ version of Corda is open sourced and available on github, so anyone can download, use, and modify it. There is also a Corda Enterprise version that requires a license and is proprietary.
While initially eschewing the term “blockchain,” Corda is now actively marketed as a “blockchain” and even uses the handle @cordablockchain on Twitter, on podcast advertisements, and in public presentations.1
I am unaware of any current publicly announced project that involves streamlining trillions of dollars in daily interbank securities transfers. Citation?
On p. 10 they briefly mention the Hyperledger Project. Recommend tweaking it because of its own evolution over the years.
While it’s quite possible that many ICOs will fall afoul of securities regulations and that a bursting of this bubble will burn innocent investors, there’s something refreshingly democratic about this boom. Hordes of retail investors are entering into early stage investment rounds typically reserved for venture capitalists and other professional.
This paragraph aged horribly since the book was published in February.
All of the signs were there: we knew even last year that many, if not all, ICOs involved overpromising features and not disclosing much of anything to investors. As a result, virtually every week and month in 2018 we have learned just how much fraud and outright scams took place under the guise and pretext of the “democratization of fund raising.”
For instance, one study published this summer found that about 80% of the ICOs in 2017 were “identified scams.” Another study from EY found that about 1/3 of all ICOs in 2017 have lost “substantially all value” and most trade below their listing price.
Future versions of this book should remove this paragraph and also look into where all of that money went, especially since there wasn’t – arguably – a single cryptocurrency application with a real user base that arose from that funding method (yet).
On p. 11 they write:
Not to be outdone, Bitcoin, the grandaddy of the cryptocurrency world, has continued to reveal strengths — and this has been reflected in its price.
This is an asinine metric. How exactly does price reflect strength? They never really explain that yet repeat roughly the same type of explanation in other places in this book.
Interestingly, both bitcoin’s price and on-chain transaction volume have dramatically fallen since this book was first published. Does that mean that Bitcoin weakened somehow?
On p. 12 they write:
Such results give credence to crypto-asset analysts Chris Burniske and Jack Tatar’s description of bitcoin as “the most exciting alternative investment of the 21st century.”
Firstly, the Burniske and Tatar book was poorly written and wrong in many places: see my review
Secondly, bitcoin is a volatile investment that is arguably driven by a Keynesian beauty contest, not for the reasons that either book describes (e.g., not because of remittance activity).
On p. 12 they write:
The blockchain achieves this with a special algorithm embedded into a common piece of software run by all the computers in the network.
To be clear: neither PoW nor PoS are consensus protocols which is implied elsewhere on page 12.
On p. 12 they write:
Once new ledger entries are introduced, special cryptographic protections make it virtually impossible to go back and change them.
This is not really true. For coins like Bitcoin, it is proof-of-work that makes it resource intensive to do a block reorganization. Given enough hashrate, participants can and do fork the network. We have seen it occur many times this year alone. There is no cryptography in Bitcoin or Ethereum that prevents this reorg from happening because PoW is separate from block validation.2
On p. 13 they write:
Essentially, it should let people share more. And with the positive, multiplier effects that this kind of open sharing has on networks of economic activity, more engagement should in turn create more business opportunities.
These statement should be backed up with supporting evidence in the next edition because as it stands right now, this sounds more like a long-term goal or vision statement than something that currently exists today in the cryptocurrency world.
On p. 13 they mention “disintermediation” but throughout the book, many of the cryptocurrency-related companies they explore are new intermediaries. This is not a consistent narrative.
On p. 14 they write:
If I can trust another person’s claims – about their educational credentials, for example, or their assets, or their professional reputation – because they’ve been objectively verified by a decentralized system, then I can go into direct business with them.
This is a non sequitur. Garbage in, garbage out (GIGO) — in fact, the authors make that point later on in the book in Chapter 7.
On p. 15 they write:
Blockchains are a social technology, a new blueprint for how to govern communities, whether we’re talking about frightened refugees in a desolate Jordanian output or an interbank market in which the world’s biggest financial institutions exchange trillions of dollars daily.
This is vague and lacks nuance because there is no consensus on what a blockchain is today. Many different organizations and companies define it differently (see the Corda example above).
Either way, what does it mean to call a blockchain “social technology”? Databases are also being used by refugee camp organizers and financial infrastructure providers… are databases “social technology” too?
On p. 17 they write:
Its blockchain promised a new way around processes that had become at best controlled by middlemen who insisted on taking their cut of every transaction, and at worst the cause of some man-made economic disasters.
This is true and problematic and unfortunately Bitcoin itself doesn’t solve that because it also has middlemen that take a cut of every transaction in the form of a fee to miners. Future editions should add more nuance such as the “moral hazard” of bailing out SIFIs and TBTF and separate that from payment processors… which technically speaking is what most cryptocurrencies strive to be (a network to pay unidentified participants).
On p. 18 they write:
Problems arise when communities view them with absolute faith, especially when the ledger is under control of self-interested actors who can manipulate them. This is what happened in 2008 when insufficient scrutiny of Lehman Brother’s and other’s actions left society exposed and contributed to the financial crisis.
This seems to be a bit revisionist history. This seems to conflate two separate things: the type of assets that Lehman owned and stated on its books… and the integrity of the ledgers themselves. Are the authors claiming that Lehman Brother’s ledgers were being maliciously modified and manipulated? If so, what citation do they have?
Also a couple pages ago, the authors wrote that blockchains were social technology… but we know that from Deadcoins.com that they can die and anything relying on them can be impacted.
Either way, in this chapter the authors don’t really explain how something Bitcoin itself would have prevented Lehman’s collapse. See also my new article on this topic.
On p. 19 they write:
A decentralized network of computers, one that no single entity controlled, would thus supplant the banks and other centralized ledger-keepers that Nakamoto identified as “trusted third parties.”
Fun fact: the word “ledger” does not appear in the Bitcoin white paper or other initial emails or posts by Nakamoto.
Secondly, perhaps an industry wide or commonly used blockchain of some kind does eventually displace and remove the role some banks have in maintaining certain ledgers, but their statement, as it is currently worded, seems a lot like of speculation (projection?).
We know this because throughout the book it is pretty clear they do not like banks, and that is fine, but future editions need to back up these types of opinions with evidence that banks are no longer maintaining a specific ledger because of a blockchain.
On p. 20 they write:
With Bitcoin’s network of independent computers verifying everything collectively, transactions could now be instituted peer to peer, that is, from person to person. That’s a big change from our convoluted credit and debit card payment systems, for example, which routes transactions through a long sequence of intermediaries – at least two banks, one or two payment processors, a card network manager (such as Visa or Mastercard), and a variety of other institutions, depending on where the transaction take place.
If we look back too 2009, this is factually correct of Bitcoin at a high level.3 The nuance that is missing is that today in 2018, the majority of bitcoin transactions route through a third party, some kind of intermediary like a deposit-taking exchange or custodial wallet.4 There are still folks who prefer to use Bitcoin as a P2P network, but according to Chainalysis, last year more than 80% of transactions went through a third party.5
On p. 20 they write:
Whereas you might think that money is being instantly transferred when you swipe your card at a clothing store, in reality the whole process takes several days for the funds to make all those hops and finally settle in the storeowner’s account, a delay that create risks and costs. With Bitcoin, the idea is that your transaction should take only ten to sixty minutes to fully clear (not withstanding some current capacity bottlenecks that Bitcoin developers are working tor resolve). You don’t have to rely on all those separate, trusted third parties to process it on your behalf.
This is mostly incorrect and there is also a false comparison.
In the first sentence they gloss over how credit card payment systems confirm and approve transactions in a matter of seconds.6 Instead they focus on settlement finality: when the actual cash is delivered to the merchant… which can take up to 30+ days depending on the system and jurisdiction.
The second half they glowingly say how much faster bitcoin is… but all they do is describe the “seen” activity with a cryptocurrency: the “six block” confirmations everyone is advised to wait before transferring coins again. This part does not mention that there is nosettlement finality in Bitcoin, at most you get probabilistic finality (because there is always chance there may be a fork / reorg).
In addition, with cryptocurrencies like Bitcoin you are only transferring the coins. The cash leg on either side of the transaction still must transfer through the same intermediated system they describe above. We will discuss this further below when discussing remittances.
On p. 20 they write:
It does so in a way that makes it virtually impossible for anyone to change the historical record once it has been accepted.
For proof-of-work chains this is untrue in theory and empirically. In the next edition this should be modified to “resource intensive” or “economically expensive.”
On p. 20 they write:
The result is something remarkable: a record-keeping method that brings us to a commonly accepted version of the truth that’s more reliable than any truth we’ve ever seen. We’re calling the blockchain a Truth Machine, and its applications go far beyond just money.
It is not a “truth machine” because garbage in, garbage out.
In addition, while they do discuss some historical stone tablets, they don’t really provide a metric for how quantitatively more (or less) precise a blockchain is versus other methods of recording and witnessing information. Might be worth adding a comparison table in the next edition.
On p. 21 they write:
A lion of Wall Street, the firm was revealed to be little more than a debt-ravaged shell kept alive only by shady accounting – in other words, the bank was manipulating its ledgers. Sometimes, that manipulation involved moving debt off the books come reporting season. Other times, it involved assigning arbitrarily high values to “hard-to-value” assets – when the great selloff came, the shocking reality hit home: the assets had no value.
The crash of 2008 revealed most of what we know about Wall Street’s confidence game at that time. It entailed a vast manipulation of ledgers.
This was going well until that last sentence. Blockchains do not solve the garbage in, garbage out problem. If the CFO or accountant or book keeper or internal counsel puts numbers into blocks that do not accurately reflect or represent what the “real value” actually is, blockchains do not fix that. Bitcoin does not fix that.
Inappropriate oversight, rubber stamp valuations, inaccurate risk models… these are off-chain issues that afflicted Lehman and other banks. Note: they continue making this connection on pages 24, 28, and elsewhere but again, they do not detail how a blockchain of some kind would have explicitly prevented the collapse of Lehman other other investment banks.
The real problem was never really about liquidity, or a breakdown of the market. It was a failure of trust. When that trust was broken, the impact on society – including on our political culture – was devastating.
How about all of the above? Pinning it on just one thing seems a little dismissive of the multitude of other interconnecting problems / culprits.
On p. 22 they write:
By various measures, the U.S. economy has recovered – at the time of writing, unemployment was near record lows and the Dow Jones Industrial Average was at record highs. But those gains are not evenly distributed; wage growth at the top is six times what it is for those in the middle, and even more compared to those at the bottom.
If the goal of the authors is to rectify wealth inequalities then there are probably better comparisons than using cryptocurrencies.
Why? Because – while it is hard to full quantify, it appears that on cursory examination most (if not all) cryptocurrencies including Bitcoin have Gini coefficients that trends towards 1 (perfectly unequal).
On p. 23 they write about disinformation in the US and elsewhere. And discuss how trust is a “vital social resource” and then mention hyperinflation in Venezuela. These are all worthy topics to discuss, but it is not really clear how any of these real or perceived problems are somehow solved because of a blockchain, especially when Venezuela is used as the example. The next edition should make this more clear.
On p. 29 they write:
On October 31, 2008, whil the world was drowning in the financial crisis, a little-noticed “white paper” was released by somebody using the pen name “Satoshi Nakamoto,” and describing something called “Bitcoin,” an electronic version of cash that didn’t need state backing. At the heart of Nakamoto’s electronic cash was a public ledger that could be viewed by anybody but was virtually impossible to alter.
One pedantic note: it wasn’t broadly marketed beyond a niche mailing list on purpose… a future edition might want to change ” a little-noticed” because it doesn’t seem like the goal by Nakamoto was to get Techcrunch or Slashdot to cover it (even though eventually they both did).
Also, it is not virtually impossible to alter.7 As shown by links above, proof-of-work networks can and do get forked which may include a block reorganization. There is nothing that technically prevents this from happening.
Szabo, Grigg, and others pioneered an approach with the potential to create a record of history that cannot be changed – a record that someone like Madoff, or Lehman’s bankers, could not have meddled with.
I still think that the authors are being a little too liberal with what a blockchain can do. What Madoff did and Lehman did were different from one another too.
Either way, a blockchain would not have prevented data – representing fraudulent claims – from being inserted into blocks. Theoretically a blockchain may have allowed auditors to detect tampering of blocks, but if the information in the blocks are “garbage” then it is kind of besides the point.
On p. 32 they write:
Consider that Bitcoin is now the most powerful computing network in the world, one whose combined “hashing” rate as of August 2017 enabled all its computers to collectively pore through 7 million trillion different number guesses per second.
Let the record show that period of time is 36,264 trillion trillion times longer than the current best-estimate age of the universe. Bitcoin’s cryptography is pretty secure.
This should be scrapped for several reasons.
The authors conflate the cryptography used by digital signatures with generating proofs-of-work.8 There are not the same thing. Digital signatures are considered “immutable” for the reasons they describe in the second part, not because of the hashes that are generated in the first.9
Another problem is that the activity in the first part — the hash generation process — is not an apples-to-apples comparison with other general computing efforts. Bitcoin mining is a narrowly specific activity and consequently ASICs have been built and deployed to generate these hashes. The single-use machines used to generate these hashes cannot even verify transactions or construct blocks. In contrast, CPUs and GPUs can process a much wider selection of general purpose applications… including serialize transactions and produce blocks.
For example: it would be like comparing a Falcon 9 rocket launch vehicle with a Toyota Prius. Sure they are nominally both “modes of transportation” but built for entirely different purposes and uses.
An additional point is that again, proof-of-work chains can and have been forked over the years. Bitcoin is not special or unique or impervious to forks either (here’s a history of the times Bitcoin has forked). And there are other ways to create forks, beyond the singular Maginot Line attack that the authors describe on this page.10
On p. 33 they write:
Whether the solution requires these extreme privacy measures or not, the broad model of a new ledger system that we laid out above – distributed, cryptographically secure, public yet private – may be just what’s needed to restore people’s confidence in society’s record-keeping systems. And to encourage people to re-engage in economic exchange and risk-taking.
This comes across as speculation and projecting. We will see later that the authors have a dim view of anything that is not a public blockchain. Why is this specific layout the best?
Either way, future versions should include a citation for how people’s confidence level increase because of the use of some kind of blockchain. At this time, I am unaware of any such survey.
On p. 34 they quote Tomicah Tilleman from the Global Blockchain Business Council, a lobbying organization:
Blockchain has the potential to push back against that erosion and it has the potential to create a new dynamic in which everyone can come to agree on a core set of facts but also ensure the privacy of facts that should not be in the public domain.
This seems like a non sequitur. How does a blockchain itself push back on anything directly? Just replace the word “blockchain” with “database” and see if it makes sense.
Furthermore, as we have empirically observed, there are fractures and special interest groups within each of these little coin ecosystems. Each has their own desired roadmap and in some cases, they cannot agree with one another about facts such as the impact larger block sizes may have on node operators.
On p. 35 they write:
If it can foster consensus in the way it has been shown to with Bitcon, it’s best understood as a Truth Machine.
This is a non sequitur. Just because Nakamoto consensus exists does not mean it that blockchains are machines of truth. They can replicate falsehoods if the blocks are filled with the incorrect information.
On p. 38 they write:
Consider how Facebook’s secret algorithm choose the news to suit your ideological bent, creating echo chambers of like-minded angry or delighted readers who are ripe to consume and share dubious information that confirms their pre-existing political biases.
There are some really valid points in this first part of the chapter. As it relates to cryptocurrencies, a second edition should also include the astroturfing and censoring of alternative views that take place on cryptocurency-related subreddits which in turn prevent people from learning about alternative implementations.
We saw this front-and-center in 2015 with the block size debate in which moderators of /r/bitcoin (specifically, theymos and BashCo) banned any discussion from one camp, those that wanted to discuss ways of increasing the block size via a hardfork (e.g., Bitcoin XT, Bitcoin Classic).
This wasn’t the first or last time that cryptocurrency-related topics on social media have resulted in the creation of echo chambers.
On p. 43 they write:
The potential power of this concept starts with the example of Bitcoin. Even though that particular blockchain may not provide the ultimate solution in this use case, it’s worth recalling that without any of the classic, centrally deployed cybersecurity tools such as firewalls, and with a tempting “bounty” of more than $160 billion in market cap value at the time we went to print, Bitcoin’s core ledger has thus far proven to be unhackable.
There is a lot to unpack here but I think a future edition should explain in more detail how Bitcoin is a type of cybersecurity tool. Do they mean that because the information is replicated to thousands of nodes around the world, it is more resilient or redundant?
Either way, saying that “Bitcoin’s core ledger” is “unhackable” is a trope that should be removed from the next edition as well.
Why? Because when speaking about BTC or BCH or any variant of Bitcoin, there is only one “ledger” per chain… the word ‘core’ is superfluous. And as described above, the word “unhackable” should be changed to “resource intensive to fork” or something along those lines. “Unhackable” is anarchronistic because what the authors are probably trying to describe is malicious network partitions… and not something from a ’90s film like The Net.
Continuing on p. 43 they write:
Based on the ledger’s own standards for integrity, Bitcoin’s nine-year experience of survival provides pretty solid proof of the resiliency of its core mechanism for providing decentralized trust between users. It suggest that one of the most important non-currency applications of Bitcoin’s blockchain could be security itself.
This last sentence makes no sense and they do not expand on it in the book. What is the security they are talking about? And how is that particularly helpful to “non-currency applications of Bitcoin’s blockchain”? Do they mean piggy-backing like colored coins try to do?
On p. 44 they write:
The public ledger contains no identifying information about the system’s users. Even more important, no one owns or controls that ledger.
Well technically speaking, miners via mining pools control the chain. They can and do upgrade / downgrade / sidegrade the software. And they can (and do) fork and reorg a chain. Is that defined as “control”? Unclear but we’ll probably see some court cases if real large loses take place due to forks.
On p. 44 they write:
As such there is no central vector of attack.
In theory, yes. In practice though, many chains are highly centralized: both in terms of block creation and in terms of development. Thus in theory it is possible to compromise and successfully “attack” a blockchain under the right circumstances. Could be worth rephrasing this in the next edition.
On p. 44 they write:
As we’ll discuss further in the book, there are varying degrees of security in different blockchain designs, including those known as “private” or “permissioned” blockchains, which rely on central authorities to approve participants. In contrast, Bitcoin is based on a decentralized model that eschews approvals and instead banks on the participants caring enough about their money in the system to protect it.
This is a bit of a strawman because there are different types of “permissioned” blockchains designed for different purposes… they’re not all alike. In general, the main commonality is that the validators are known via a legal identity. How these networks are setup or run does not necessarily need to rely on a centralized authority, that would be a single point of trust (and failure). But we’ll discuss this later below.
On p. 44 they write:
On stage at the time, Adam Ludwin, the CEO of blockchain / distributed ledger services company Chain Inc., took advantage of the results to call out Wall Street firms for failing to see how this technology offers a different paradigm. Ludwin, whose clients include household names like Visa and Nasdaq, said he could understand why people saw a continued market for cybersecurity services, since his audience was full of people paid to worry about data breaches constantly. But their answers suggested they didn’t understand that the blockchain offered a solution. Unlike other system-design software, for which cybersecurity is an add-on, this technology “incorporates security by design,” he said.
It is unclear from the comments above exactly how a blockchain solves problems in the world of cybersecurity. Maybe it does. If so, then it should be explored in more detail than what is provided in this area of the book.
As an aside, I’m not sure how credible Ludwin’s comments on this matter are because of the multiple pivots that his companies have done over the past five years.11
On p. 45 they write:
A more radical solution is to embrace open, “permissionless” blockchains like Bitcoin and Ethereum, where there’s no central authority keeping track of who’s using the network.
This is very much a prescriptive pitch and not a descriptive analysis. Recommend changing some of the language in the next edition. Also, they should define what “open” means because there basically every mining pool doxxes themselves.
Furthermore, some exchanges that attempt to enforce their terms-of-service around KYC / AML / CTF do try to keep track of who is doing what on the network via tools from Chainalysis, Blockseer, Elliptic and others. Violating the ToS may result in account closures. Thus, ironically, the largest “permissioned” platforms are actually those on the edges of all cryptocurrencies.
It’s not about building a firewall up around a centralized pool of valuable data controlled by a trusted third party; rather the focus is on pushing control over information out to the edges of the network, to the people themselves, and on limiting the amount of identifying information that’s communicated publicly. Importantly, it’s also about making it prohibitively expensive for someone to try to steal valuable information.
This sounds all well and good, definitely noble goals. However in the cryptocurrency world, many exchanges and custodial wallets have been compromised and the victims have had very little recourse. Despite the fact that everyone is continually told not to store their private keys (coins) with an intermediary, Chainalysis found that in 2017 more than 80% of all transactions involved a third-party service.
On p. 45 they write:
Bitcoin’s core ledger has never been successfully attacked.
They should define what they mean by “attacked” because it has forked a number of times in its history. And a huge civil war took place resulting in multiple groups waging off-chain social media campaigns to promote their positions, resulting in one discrete group divorcing and another discrete group trying to prevent them from divorcing. Since there is only de facto and not de jure governance, who attacked who? Who were the victims?
On p. 45 they write:
Now, it will undoubtedly be a major challenge to get the institutions that until now have been entrusted with securing our data systems to let go and defer security to some decentralized network in which there is no identifiable authority to sue if something goes wrong. But doing so might just be the most important step they can take to improve data security. It will require them to think about security not as a function of superior encryption and other external protections, but in terms of economics, of making attacks so expensive that they’re not worth the effort.
This seems a bit repetitive with the previous couple of page, recommend slimming this down in the next edition. Also, there are several class action lawsuits underway (e.g., Ripple, Tezos) which do in fact attempt to identify specific individuals and corporations as being “authorities.” The Nano lawsuit also attempted to sue “core developers.”
On p. 46 they write:
A hacker could go after each device, try to steal the private key that’s used to initiate transactions on the decentralized network, and, if they’re lucky, get away with a few thousand dollars in bitcoin. But it’s far less lucrative and far more time-consuming than going after the rich target of a central server.
The ironic part of this is that generally speaking, the private keys controlling millions of bitcoins are being housed in trusted third parties / intermediaries right now. In some cases these are stored on a centralized server. In other cases, the cold wallet managed by hosting providers such as Xapo (which is rumored to secure $10 billion of bitcoin) does geographically split the keys apart into bunkers. Yet at some point those handling the mutli-sig do come together in order to move the coins to a hot wallet.12
On p. 47 they write:
It seems clear to us that the digital economy would benefit greatly from embracing the distributed trust architecture allowed by blockchains – whether it’s simply the data backups that a distributed system offers, or the more radical of an open system that’s protected by a high cost-to-payout ratio.
What does this mean? Are they saying to add proof-of-work to all types of distributed systems? It is only useful in the Bitcoin context in order to make it expensive to Sybil attack the network… because participants were originally unknown. Does that same problem exist in other environments that they are thinking of? More clarity should be added in the next edition.
On p. 48 they write:
The idea, one that’s also being pursued in different forms by startups such as Gem of Los Angeles and Blockchain Health of San Francisco, is that the patient has control over who sees their records.
This is one of the difficulties in writing a long-form book on this general topic right now: projects and companies frequently pivot.
For instance, a couple months after the book was published, Gem announced its “Universal Token Wallet,” a product which currently dominates its front page and social media accounts of the company. There have been no health care-related announcements from the company in over a year.
Similarly, Blockchain Health no longer exists. Its CEO left and joined Chia as a co-founder and the COO has joined the Neighborly team.
On p. 50 they write:
It was a jury-rigged solution that meant that the banking system, the centralized ledger-keeping solution with which society had solved the double-spend problem for five hundred years, would be awkwardly bolted onto the ostensibly decentralized Internet as its core trust infrastructure.
I think there are some legitimate complaints to made towards how online commerce evolved and currently exists but this seems a tad petty. As backwards as financial institutions are (rightly and wrongly) portrayed, it’s not like their decision makers sat around in the early ’90s trying to figure out how to make integrating the Web an awkward process.
On p. 50 they write:
Under this model, the banks charged merchants an interchange fee of around 3 percent to cover their anti-fraud costs, adding a hidden tax to the digital economy we all pay in the form of higher prices.
Again, like their statement above: there are some very legitimate gripes to be had regarding the existing oligopolistic payment systems, but this specific gripe is kind of petty.
Fraud exists and as a result someone has to pay for it. In the cryptocurrency world, there is no recourse because it is caveat emptor. In the world of courts and legal recourse, fees are levied to cover customer service including fraud and insurance. It may be possible to build a payment system in which there is legal recourse and simultaneously no oligopolistic rent seeking but this is not explored in the book. Also, for some reason the fee to miners is not brought up in this section, yet it is a real fee users must pay… yet they do not receive customer service as part of it.
Lastly, the Federal Reserve (and other central banks) monitor historical interchange fees. Not all users are charged the ~3% as mentioned in the book.
On pages 52 and 53 they write uncritically about Marc Andresseen and VCs who have invested in Bitcoin and cryptocurrencies.
a16z, the venture firm co-founded by Andresseen, arguably has a few areas that may be conflicts-of-interest with the various coin-related projects it has invested in and/or promoted the past several years (e.g., investing in coins which are listed on an exchange they also are an investor and board member of such as 0x). Those ties are not scrutinized in a chapter that attempts to create a black and white narrative: that the legacy players are centralized rent-seekers and the VCs are not. When we know empirically that some VCs, including a16z, have invested in what they believe will become monopolies of some kind.
On page 54 and 55 they write about “Code is not law,” a topic that I have likewise publicly presented on.
Specifically they state:
One risk is that regulators, confused by all these outside-the-box concepts, will overreact to some bad news – potentially triggered by large-scale investors losses if and when the ICO bubble bursts and exposes a host of scams. The fear is that a new set of draconian catchall measures would suck the life out of innovation in this space or drive it offshore or underground. To be sure, institutions like the Washington-based Coin Center and the Digital Chamber of Commerce are doing their best to keep officials aware of the importance of keeping their respective jurisdictions competitive in what is now a global race to lead the world in financial technology.
This is word for word what coin lobbyists have been pitching to policy makers around the world for years. Both Coin Center and Digital Chamber of Commerce lobby on behalf of their sponsors and donors to prevent certain oversight on the cryptocurrency market.13 An entire book could probably be written about how specific people within coin lobbying organizations have attempted to white wash and spin the narrative around illicit usage, using carefully worded talking points. And they have been effective because these authors do not question the motivations and agenda these special interest groups have.
Either way, Bitcoin and many other cryptocurrencies were born in the “underground” and even “offshore.” It is unclear what the authors are trying to excuse because if anything, regulators and law enforcement have arguably been very light handed in the US and most regions abroad.
If anything, once a foreign registered ICO or coin is created, often the parent company and/or foundation opens an office to recruit developers in San Francisco, New York, and other US cities. I know this because all the multiple “blockchain” events I have attended overseas the past two years in which organizers explain their strategy. The next edition of this book could explore this phenomenon.
On p. 57 they write:
By The DAO founders’ own terms, the attacker had done nothing wrong, in other words. He or she had simply exploited one of its features.
Excellent point that should be explored in further detail in the next edition. For instance, in Bitcoin there have been multiple CVEs which if exploited (at least one was) could have resulted in changes in the money supply. Is that a feature or a bug?
And the most recent one, found in pre-0.16.3, was partially downplayed and hidden to prevent others from knowing the extent of potential damage that could have been done.
On p. 59 they write:
The dependence on a trusted middleman, some cryptocurrency purists would argue, overly compromises a blockchain’s security function, rending it unreliable. For that reason, some of them say, a blockchain is inappropriate for many non-currency applications. We, however, view it as a trade-off and believe there’s still plenty of value in recording ownership rights and transfers to digitally represented real-world assets in blockchains.
I think this whole section should be reworded to describe:
what types of blockchains they had in mind?
how the legal hooks into certain blockchains behave versus anarchic chains?
being more precise with the term purist… do they mean maximalists or do they mean someone who points out that most proposed use-cases are chainwashing?
On pages 59 and 60 they write:
Permissioned blockchains – those which require some authorized entity to approve the computers that validate the blockchain – by definition more prone to gatekeeping controls, and therefore to the emergence monopoly or oligopoly powers, than the persmissionless ideal that Bitcoin represents. (We say “ideal” because, as we’ll discuss in the next chapter, there are also concerns that aspects of Bitcoin’s software program have encouraged an unwelcome concentration of ownership – flaws that developers are working to overcome.)
It would be beneficial in the next edition to at least walk through two different “permissioned blockchains” so the reader can get an idea of how validators become validators in these chains. By not including them, each platform is painted in the same light.
And because they are still comparing it with Bitcoin (which was designed for a completely different type of use-case than ‘permissioned chains’ are), keep in mind that the way mining (block making) is done in 2018 is very different than when it was first proposed in the 2008 paper. Back then, mining included a machine that did two things: validated blocks and also generate proofs-of-work. Today, those two functions are completely separate and because of the relatively fierce competition at generating hashes, there are real exit and entry costs to the market.
In many cases, this means that both the mining pool operators and hash generators end up connecting their real world government-issued identities with their on-chain activity (e.g., block validation). It may be a stretch to say that there is an outright monopoly in mining today, but there is a definite trend towards oligopoly in manufacturing, block producing, and hash generation the past several years. This is not explored beyond a superficial level in the book.
On p. 60 they write:
Until law changes, banks would face insurmountable legal and regulatory opposition, for example, to using a system like Bitcoin that relies on an algorithm randomly assigning responsibility at different stages of the bookkeeping process to different, unidentifiable computers around the world.
This is another asinine comment because they don’t explicitly say which laws they would like changed. The authors make it sound like the PFMIs are holding the world back when the opposite is completely true. These principals and best practices arose over time because of the systemic impact important financial market infrastructures could have on society as a whole.
Proof-of-work chains, the ones that are continually promoted in this book, have no ability to prevent forks, by design. Anarchic chains like Bitcoin and Ethereum can only provide probabilistic finality. Yet commercial best practices and courts around the world demands definitive settlement finality. Why should commerce be captured by pseudonymous, unaccountable validators maintained in jurisdictions in which legal recourse is difficult if not impossible?
On p. 60 they continue:
But that doesn’t mean that other companies don’t have a clear interest in reviewing how these permissioned networks are set up. Would a distributed ledger system that’s controlled by a consortium of the world’s biggest banking institutions be incentivized to act in the interest of the general public it serves? One can imagine the dangers of a “too-big-to-fail blockchain” massive institutions could once again hold us hostage to bailouts because of failures in the combined accounting system.
This has been one of Michael Casey’s talking points for the past three years. I was even on a panel with him in January 2016 in which he called R3 a “cartelchain,” months before Corda even existed. His justified disdain towards traditional financial institutions — and those involved with technology being developed in the “permissioned” world — pops up throughout this book. I do think there are some valid critiques of consortia and permissioned chains and even Corda, but those aren’t presented in this edition of the book.
He does make two valid observations here as well: regulated commerce should have oversight. That is one of the reasons why many of the organizations developing “permissioned blockchains” have plans to or already have created separate legal entities to be regulated as some type of FMI.
The other point is that we should attempt to move away from recreating TBTF and SIFI scenarios. Unfortunately in some cases, “permissioned chains” are being pitched as re-enabler of that very scenario. In contrast, dFMI is a model that attempts to move away from these highly intermediated infrastructures. See also my new article on SICNs.
On p. 60 they write:
Either way, it’s incumbent upon us to ensure that the control over the blockchains of the future is sufficiently representative of broad-based interests and needs so that they don’t just become vehicles for collusion and oligpolistic power by the old guard of finance.
The ironic part of this statement is — while well-intended — because of economies of scale there is an oligopoly or even monopoly in most PoW-mined coins. It is unclear how or why that would change in the future. In addition, with the entrance of Bakkt, ErisX, Fidelity and other large traditional financial organizations (e.g., the old guard) into the cryptocurrency world, it is hard to see how “permissionless ecosystems” can prevent them from participating.
On p. 61 they write:
As we stated in The Age of Cryptocurrency, Bitcoin was merely the first crack at using a distributed computing and decentralized ledger-keeping system to resolve the age-old problem of trust and achieve this open, low-cost architecture for intermediary-free global transactions.
But as the authors have stated elsewhere: proof-of-work chains are inherently costly. If they were cheap to maintain then they would be cheap to fork and reorg. You cannot simultaneously have a cheap (“efficient”) and secure PoW network… that’s a contradiction.
That way, no authorizing entity could block, retract, or decide what gest entered into the ledger, making it censorship resistant.
Could be worth referencing Eligius, a pool run by Luke-Jr. that would not allow Satoshi Dice transactions because its owners religious views.14
On p. 67 they write:
These computers are known as “miners,” because in seeking to win the ten-minute payout, they engage in a kind of computational treasure hunt for digital gold.
I understand the need to make simple analogies but the digital gold one isn’t quite right because gold does not have an inflexible supply whereas bitcoin does. I’ve pointed this out in other book reviews and it bears repeating because of how the narrative of e-cash to HODLing has changed over the last few years.1516
Proof of work is expensive, because it chews up both electricity and processing power. That means that if a miner wants to seize majority control of the consensus system by adding more computing power, they would have to spend a lot of money doing so.
This is correct. Yet six pages earlier they say it is a “low-cost” infrastructure. Needs to be a little more consistent in this book. Either PoW is resource intensive or it is not, it cannot be both.
On p. 68 they write:
Over time, bitcoin mining has evolved into an industrial undertaking, with gigantic mining “farms” now dominating the network. Might those big players collude and undermine the ledger by combining resources? Perhaps, but there are also overwhelming disincentives for doing so. Among other considerations, a successful attack would significantly undermine the value of all the bitcoins the attacking miner owns. Either way, no one has managed to attack Bitcoin’s ledger in nine years. That unbroken record continues to reinforce belief in Bitcoin’s cost-and-incentive security system.
It’s worth pointing out that there are ways to fork Bitcoin beyond the singular Maginot Line attack. As mentioned above, Bitcoin and many other coins have forked; see this history. Hundreds of coins have died due to lack of interest by miners and developers.
It could also be argued that between 2015-2017, Bitcoin underwent a social, off-chain attack by multiple different groups attempting to exert their own influence and ideology onto the ecosystem. The end result was a permanent fracture, a divorce which the principal participants still lob social media bombs at one another. There isn’t enough room to discuss it here, but the astroturfing actions by specific people and companies in order to influence others is worth looking into as well. And it worked.
On p. 71 they write:
The caveat, of course, is that if bad actors do control more than 50 percent of the computing power they can produce the longest chain and so incorporate fraudulent transactions, which other miners will unwittingly treat as legitimate. Still, as we’ve explained, achieving that level of computing power is prohibitively expensive. It’s this combination of math and money that keeps Bitcoin secure.
I probably would change some of the wording because with proof-of-work chains (and basically any cryptocurrency), there are no terms of service or end user license agreement or SLA. At most there is only de facto governance and certainly not de jure.
What does that mean? It means that we really can’t say who the “bad actors” are since there is no service agreement. Barring an administrator, who is the legitimate authority in the anarchic world of cryptocurrencies? The original pitch was: if miners want to choose to build on another tree or fork, it’s their decision to do so… they don’t need anyone’s permission to validate blocks and attempt to update the chain as they want to. The next edition should explicitly say who or what is an attacker or what a fraudulent transaction is… these are points I’ve raised in other posts and book reviews.
Also, the authors mention that computational resources involved in PoW are “prohibitively expensive” here. So again, to be consistent they likely should remove “low-cost” in other places.
On p. 71 and 72 they write:
In solving the double-spend problem, Bitcoin did something else important: it magically created the concept of a “digital asset.” Previously, anything digital was too easily replicated to be regarded as a distinct piece of property, which is why digital products such as music and movies are typically sold with licensing and access rights rather than ownership. By making it impossible to replicate something of value – in this case bitcoins – Bitcoin broke this conventional wisdom. It created digital scarcity.
No it did not. This whole passage is wrong. As we have seen with forks and clones, there really is no such thing as this DRM-for-money narrative. This should be removed in the next edition.
Scarcity effectively means rivalrous, yet anyone can copy and clone any of these anarchic chains. PoW might make it relatively expensive to do a block reorg on one specific chain, but it does not really prevent someone from doing what they want with an identically cloned chain.
For instance, here is a list of 44 Bitcoin forked tokens that arose between August 2017 and May 2018. In light of the Bitcoin and Bitcoin Cash divorce, lobbying exchanges to recognize ticker symbols is also worth looking into in a future edition.
On p. 73 they write:
Many startups that were trying to build a business on top of Bitcoin, such as wallet providers and exchanges, were frustrated by an inability to process their customers’ transactions in a timely manner. “I’ve become a trusted third party,” complained Wences Casares, CEO of bitcoin wallet and custodial service Xapo. Casares was referring to the fact that too many of his firms’ transactions with its customers had to be processed “off-chain” on faith that Xapo would later settle the transaction on the Bitcoin blockchain.
This is one of the most honest statements in the book. The entire cryptocurrency ecosystem is now dominated by intermediaries.
Interestingly, Xapo moved its main office from Palo Alto to Switzerland days after Ripple was fined by FinCEN for violating the BSA. Was this just a coincidence?
On p. 73 they wrote:
Making blocks bigger would require more memory, which would make it even more expensive to operate a miner, critics pointed out. That could drive other prospective miners away, and leave Bitcoin mining even more concentrated among a few centralized players, raising the existential threat of collusion to undermine the ledger.
This wasn’t really the argument being made by the “small blockers.” Rather, it was disk space (not memory) that was — at the time — perceived as a limitation for retail (home) users in the long run. Yet it has been a moot point for both Bitcoin and Bitcoin Cash as the price per gigabyte for a hard drive continues to decline over time… and because in the past year, on-chain transactions on both chains havefallen from their peak in December 2017.
In practice, the “miners” that that authors refer to are the roughly 15 to 20 or so mining pools that in a given day, create the blocks that others build on. Nearly all of them maintain these nodes at a cloud provider. So there is already a lot of trust that takes place (e.g., AWS and Alibaba are trusted third parties). Because of economies of scale, spinning up a node (computer) in AWS is relatively inexpensive.
It really isn’t discussed much in the book, but the main argument throughout the 2nd half of 2017 was about UASF — a populist message which basically said miners (mining pools) didn’t really matter. Followers of this philosophy emphasized the need to run a node at home. For instance, if a UASF supporter based in rural Florida is attempting to run a node from his home, there could be a stark difference between the uptime and bandwidth capacity he has at home versus what AWS provides.
On p. 74 they write:
Without a tally of who’s who and who owns what, there was no way to gauge what the majority of the Bitcoin community, composed of users, businesses, investors, developers, and miners, wanted. And so, it all devolved into shouting matches on social media.
I wrote about this phenomenon in Appendix A in a paper published in November 2015. And what eventually happened was a series of off-chain Sybil attacks by several different tribes, but especially by promoters of UASF who spun up hundreds — thousands of nodes — and acted as if those mattered.
Future editions should also include a discussion on what took place at the Hong Kong roundtable, New York agreement, and other multilateral governance-related talks prior to the Bitcoin Cash fork.
On p. 74 they write:
A hard-fork-based software change thus poses a do-or-die decision for users on whether to upgrade or not. That’s bad enough for, say, word processing software, but for a currency it’s downright problematic. A bitcoin based on the old version could not be transferred to someone running software that support the new version. Two Bitcoins. Two versions of the truth.
The authors actually accidentally proved my earlier point: that public chains, specifically, proof-of-work chains, cannot prevent duplication or forks. Proof-of-work only makes it resource intensive to do double-spend on one specific chain.
This is one of the reasons why regulated financial organizations likely will continue to not issue long lifecycle instruments directly onto an anarchic chain like Bitcoin: because by design, PoW chains are forkable.
Also, future editions may want to modify this language because there are some counterarguments from folks like Vitalik Buterin that state: because hard forks are opt-in and thus lead to cleaner long-term outcomes (e.g., less technical debt).
On p. 75 they write a lot about Lightning Network, stating:
So, there are no miners’ fees to pay and no limit on how many transaction can be done at any time. The smart contracts prevent users from defrauding each other while the Bitcoin blockchain is used solely as a settlement layer, recording new balance transactions whenever a channel is opened or closed. It persists as the ultimate source of proof, a guarantee that all the “off-chain” Lightning transactions are legitimate.
What is not discussed in this edition is that:
Lightning has been massively hyped with still relatively subdued traction
Lightning is a separate network – it is not Bitcoin – and thus must be protected and secured through other non-mining means
Lightning arguably distorts the potential transition to a fee-based Bitcoin network in much the same way that intermediaries like Coinbase do. That is to say, users are paying intermediaries the fees instead of miners thus prolonging the time that miners rely on block rewards (as a subsidy) instead of user fees.
The SegWit/Lightning combination was in their minds the responsible way to make changes. They had a duty, they believed, to avoid big, disruptive codebase alterations and instead wanted to encourage innovators to develop applications that would augment the powers of the limited foundational code. It’s a classic, security-minded approach to protocol development: keep the core system at the bottom layer of the system simple, robust, and hard to change – some of the words “deliberately dumb” – and thus force innovation “up the stack” to the “application layer.” When it works you get the best of both worlds: security and innovation.
The authors should revise this because this is just repeating the talking points of specific Core developers, especially the last line.
Empirically it is possible to create a secure and “innovative” platform… and do so with multiple implementations of a specification. We see that in other cryptocurrencies and blockchain-related development efforts including Ethereum. The Bitcoin Core participants do not have a monopoly on what is or is not “security minded” and several of them are vocally opposed to supporting multiple implementations, in part, because of the politics around who controls the BIP process.
In fact, it could be argued that by insisting on the SegWit/Lightning approach, they caused a disruption because in point of fact, the amount of code that needed to be changed to increase the block size is arguably less than what was needed to build, verify, and release SegWit.
It’s not worth wading deep into these waters in this review, but the next edition of this book should be more even handed towards this schism.
On p. 76 they write:
But a group of miners with real clout was having none of it. Led by a Chinese company that both mined bitcoin and produced some of the most widely used mining equipment, this group was adamantly opposed to SegWit and Lightning. It’s not entirely clear what upset Jihan Wu, CEO of Bitmain, but after lining up with early Bitcoin investor and prominent libertarian Roger Ver, he launched a series of lobbying efforts to promote bigger blocks. One theory was that Bitmain worried that an “off-chain” Lightning solution would siphon away transaction fees that should be rightly going to miners; another was that because such payment channel transactions weren’t traceable as on-chain transactions, Chinese miners were worried that their government might shut them down. Bitmain’s reputation suffered a blow when revelations emerged that its popular Ant-miner mining rigs were being shipped to third-party miners with a “backdoor” that allowed the manufacturer-cum-miner to shut its opponents’ equipment down. Conspiracy theories abounded: Bitmain was planning to subvert SegWit. The company denied this and vowed to disable the feature. But trust was destroyed.
There is a lot of revisionism here.
But to start with, in the process of writing this review I reached out and contacted both Roger Ver and separately an advisor at Bitmain. Both told me that neither of the authors of this book had reached out to them for any comment. Why would the authors freely quote Bitcoin Core / SegWit developers to get their side of this debate but not reach out to speak with two prominent individuals from the other side to get their specific views? The next edition should either include these views and/or heavily revise this section of the book.
There are a few other problems with this passage.
Multiple different groups were actively lobbying and petitioning various influential figures (such as exchange operators) during this time period, not just Jihan and Roger. For instance, as mentioned above, the Hong Kong roundtable and New York agreement were two such examples. Conversely, SegWit and UASF was heavily promoted and lobbied by executives and affiliates at Blockstream and a handful of other organizations.
Regarding this “backdoor,” let’s rewind the clock and look at the overt / covert tempest in a teapot.
Last April Bitmain was alleged by Greg Maxwell (and the Antbleed campaign) of having maybe kinda sorta engaged in something called covert mining via Asicboost. Jimmy Song and others looked into it and said that there was no evidence covert was happening. At the time, some of the vocal self-identified “small block” supporters backing UASF, used this as evidence that Bitmain was a malicious Byzantine actor that must be purged from Bitcoinland. At the time, Greg proposed changing the PoW function in Bitcoin in order to prevent covert Asicboost from working.
In its defense, Bitmain stated that while Asicboost had been integrated into the mining equipment, it was never activated… partly because of the uncertain international IP / patent claims surrounding Asicboost. Recently, they announced a firmware upgrade that miners could activate overt Asicboost… a few days after another organization did (called “braiins”).
So why revisit this?
Two months ago Sia released code which specifically blocked mining equipment from Bitmain and Innosilicon. How and why this action is perceived as being fair or non-political is very confusing… they are definitely picking favorites (their own hardware). Certainly can’t claim to be sufficiently decentralized, right?
Yet in this section of the book, they don’t really touch on how key participants within the tribes and factions, represented at the time. Peruse both lists and look at all of the individuals at the roundtable that claim to represent “Bitcoin Core” in the governance process versus (the non-existent) reps from other implementations.
Even though the divorce is considered over, the tribes still fling mud at one another.
For example, one of the signatories of the HK roundtable, Adam Back, is still heckling Bitmain for supposedly not being involved in the BIP process. Wasn’t participation supposed to be “voluntary” and “permissionless”? Adam is also now fine with “overt” Asicboost today but wasn’t okay with it 18 months ago. What changed? Why was it supposedly bad for Bitmain to potentially use it back then but now it’s kosher because “braiins” (Slush) is doing it? That seems like favoritism.
Either way, the book passage above needs to be rewritten to include views from other camps and also to remove the still unproven conspiracy theories.
On p. 76 they write:
Meanwhile, original bitcoin went on a tear, rallying by more than 50 percent to a new high above $4,400 over a two-week period. The comparative performance of the pair suggested that small-block BTC and the SegWit reformers had won.
The next edition should change the wording because this comes across one-sided.
While an imperfect comparison, a more likely explanation is that of a Keynesian beauty contest. Most unsophisticated retail investors had heard of Bitcoin and hadn’t heard of Bitcoin Cash. Bitcoin (BTC) has brand recognition while Bitcoin Cash and the dozens of other Bitcoin-named forks and clones, did not.
Based on anecdotes, most coin speculators do not seem to care about the technical specifications of the coins they buy and typically keep the coins stored on an intermediary (such as an exchange) with the view that they can sell the coins later to someone else (e.g., “a greater fool“).
On p. 77 they write:
Bitcoin had gone through a ridiculous circus, one that many outsiders naturally assumed would hurt its reputation and undermine its support. Who wants such an ungovernable currency? Yet here was the original bitcoin surging to new heights and registering a staggering 650 percent gain in less than twelve months.
The problem with cherry picking price action dates is that, as seen in the passage above, it may not age well.17
For example, during the write-up of this review, the price of bitcoin declined from where it was a year ago (from over $10,000 then down to around $4,000). What does that mean? We can all guess what happened during this most recent bubble, but to act like non-tech savvy retail buyers bought bitcoin (BTC) because of SegWit is a non sequitur. No one but the tribalists in the civil war really cared.
On p. 77 they write:
Why? Well, for one, Bitcoin had proven itself resilient. Despite its civil war, its blockchain ledger remained intact. And, while it’s hard to see how the acrimony and bitterness was an advantage, the fact that it had proven so difficult to alter the code, to introduce a change to its monetary system, was seen by many as an important test of Bitcoin’s immutability.
There are a few issues here.
What do the authors mean by the “blockchain ledger remained intact”? I don’t think it was ever a question over whether or not copies of the Bitcoin blockchain (and/or forks thereof) would somehow be deleted. Might want to reword this in the future.
Segwit2x / Bitcoin Cash proponents were not trying to introduce a change to Bitcoin’s monetary system. The supply schedule of bitcoins would have stayed the same. The main issue was: a permanent block size increase from 1 MB to at least 2 MB. That proposal, if enacted, would not have changed the money supply.
What do the authors mean by “Bitcoin’s immutability”? The digital signatures are not being reversed or changed and that is what provides transactions the characteristic of “immutability.”
It is likely that the authors believe that a “hard fork” means that Bitcoin is not immutable. That seems to conflate “immutability” of a digital signature with finality (meaning irreversibility). By design, no proof-of-work coin can guarantee finality or irreversibility.
Also, Bitcoin had more than a dozen forks prior to the block size civil war.
On p. 77 and 78 they write:
Solid censorship resistance was, after all, a defining selling point for Bitcoin, the reason why some see the digital currency becoming a world reserve asset to replace the outdated, mutable, fiat-currency systems that still run the world. In fact, it could be argued that this failure to compromise and move forward, seen by outsiders as Bitcoin’s biggest flaw, might actually be its biggest feature. Like the simple, unchanging codebase of TCP/IP, the gridlocked politics of the Bitcoin protocol were imposing secure rigidity on the system and forcing innovation up the stack.
This is not what “censorship resistance” means in the context of Bitcoin. Censorship resistance is narrow and specific to what operators of miners could do. Specifically, the game theory behind Nakamoto Consensus is that it would be costly (resource intensive) for a malicious (Byzantine) actor to try and attempt to permanently censor transactions due to the amount of hashrate (proof-of-work) a Byzantine actor would need to control (e.g., more than 50%).
In contrast, what the authors described in this book was off-chain censorship, such as lobbying by various special interest groups at events, flamewars on Twitter, removing alternative views and voices on reddit, and via several other forms.
The “world reserve asset” is a loaded phrase that should be clarified in the next edition because the passage above comes across a bit like an Occupy Wall Street speech. It needs more of an explanation beyond the colorful one sentence it was given. Furthermore, as I predicted last year, cryptocurrencies continue to rely on the unit-of-account of “fiat systems” and shows no signs of letting up in this new era of “stablecoins.”
The authors definitely need to remove the part that says “unchanging codebase of TCP/IP” because this is not true. TCP/IP is a suite of protocol standards and its constituent implementations continue to evolve over time. There is no single monolithic codebase that lies unchanged since 1974 which is basically the takeaway from the passage above.18
In fact, several governing bodies such as IFTF and IAB continue to issue RFCs in order to help improve the quality-of-service of what we call the internet. It is also worth pointing out that their analogy is flawed for other reasons discussed in: Intranets and the Internet. In addition, the next version of HTTP won’t be using TCP.
As far as whether innovation will move “up the stack” remains to be seen but this seems to be an argument that the ends justify the means. If that is the case, that appears to open up a can of worms beyond the space for this review.
On p. 78 there is a typo: “BTH” instead of “BCH”
On p. 78 they write:
That’s what BTC, the original Bitcoin, promises with its depth of talent at Core and elsewhere. BTH can’t access such rich inventiveness because the community of money-focused bitcoin miners can’t attract the same kinds of passionate developers.
Strongly recommend removing this passage because it comes across as a one-sided marketing message rather than a balanced or neutral explanation using metrics. For instance, how active are the various code repositories for Bitcoin Core, Unlimited, and others? The next edition should attempt to measure how to measure “depth.”
For example, Bitmain has invested $50 million into a new fund focused on Bitcoin Cash called “Permissionless Ventures.” 2-3 years from now, what are the outcomes of that portfolio?
On p. 78 they write about permissioned blockchains:
Under these arrangements, some authority, such as a consortium of banks, choose which entities get to participate in the validation process. It is, in many respects, a step backward from Nakamoto’s achievement, since it makes the users of that permissioned system dependent once again, on the say-so of some trusted third party.
This is a common refrain throughout the book: that the true innovation was Bitcoin.
But it’s an apples-to-oranges comparison. Both worlds can and will co-exist because they were designed for different operating environments. Bitcoin cannot provide the same finality guarantees that “permissioned chains” attempt to do… because it was designed to be forkable. That’s not necessarily a flaw because Satoshi wasn’t trying to create a solution to a problem banks had. It’s okay to be different.
On p. 79 they write:
Most importantly, permissioned blockchains are more scalable than Bitcoin’s, at least for now, since their governance doesn’t depend upon the agreement of thousands of unidentified actors around the world; their members can simply agree to increase computing power whenever processing needs rise.
This doesn’t make sense at all. “Permissioned chains” in the broadest sense, do not use proof-of-work. As a result, there is no computational arms race. Not once have I been in a governance-related meeting involving banks in which they thought the solution to a governance-related issue was increasing or decreasing computational power. It is a non sequitur and should be removed in the next edition.
Also, there are plenty of governance issues involving “permissioned chains” — but those are typically tangential to the technical challenges and limitations around scaling a blockchain.
On p. 79 they write:
To us, permissionless systems pose the greatest opportunity. While there may well be great value in developing permissioned blockchains as an interim step toward a more open system, we believe permissionlessness and open access are ideals that we should strive for – notwithstanding the challenges exposed by Bitcoin’s “civil war.”
The authors repeat this statement in a couple other areas in the book and it doesn’t really make sense. Why? Because it is possible for both operating environments to co-exist. It doesn’t have to be us versus them. This is a false dichotomy.
Also, if any of these “permissioned chains” are actually put into production, it could be the case that end users could have “open access” to the platform, with the exception of participating in the validation of blocks. That’s pretty much how most coin users experience a cryptocurrency network today (e.g., via permissioned endpoints on Coinbase).19
On p. 80 they write:
The problem was that Bitcoin’s single-purpose currency design wasn’t ideally suited for these non-currency applications.
A side note maybe worth mentioning in a footnote is that Satoshi did attempt to build a marketplace early on but gave up.
On p. 81 they mention Nick Szabo with respect to smart contracts. Could be worth exploring the work of Martín Abadi which predates Szabo (the idea of distributed programs that perform authorizations predates Szabo’s “smart contracts”). Mark S Miller has also done work in this area.
On p. 82 they write about Ethereum:
“Android for decentralized apps.” It would be an open platform much like Google’s smartphone operating system, on which people could design any new application they wanted and run it, not on a single company-owned server but in a decentralized manner across Ethereum’s ownerless network of computers.
This is probably not the best analogy because there is a difference between Google Android and Android Open Source Project. One of them includes proprietary tech. Also, Google can and does add and remove applications from the Play store on a regular basis based on its terms and conditions.
Lastly, someone does in fact own each of the computers that constitute the Ethereum blockchain… mining farms are owned by someone, mining pools are owned by someone, validating nodes are owned by someone. And so forth.
On p. 82 they write about Vitalik Buterin:
Now he was building a universally accessible, decentralized global supercomputer.
The next edition should drop the “supercomputer” verbiage because the Ethereum chain is only as powerful as the least powerful mining pool node… which in practice is typically a common computer located in a cloud provider such as AWS. This isn’t something like Summit over at Oak Ridge.
On p. 82 they write:
Now, with more than six hundred decentralized applications, or Dapps, running on Ethereum, he is looking vindicated. In just the first eleven months of 2017, the system’s internal currency, ether, rose from just over $8 to more than $400. By then the entire market cap for ether stood at $39 billion, a quarter that of Bitcoin’s. The success has made the wunderkind Buterin an instant multi-millionaire and turned him into a cultlike figure for the holders of ether and related tokens who’ve become rich.
The next version of the book should explicitly spell out what are the metrics for success. If it is solely price of a coin going up, what happens when the price of the coins goes down like it has in the past year?
For instance, ether (ETH), peaked in mid-January at around $1,400 and has been hovering near $100 the past several weeks. Does that mean Vitalik is no longer vindicated? Also, what is he vindicated from?
Lastly, it would be worth exploring in the next edition what Dapps are currently being used on a regular basis. As of this writing, the most popular Dapps are gambling apps (like proof-of-weak-hands / FOMO3D) and a few “decentralized exchanges” (DEX).
On p. 82 they write:
Ethereum co-founder Joseph Lubin only added to the complexity when he setup ConsenSys, a Brooklyn-based think tank-like business development unit tasked with developing new use cases and applications of the technology.
ConsenSys markets itself as a “venture studio” — a bit like YCombinator which incubates projects and provides some seed financing to get it off the ground. These projects are typically referred to as “spokes” (like a hub-and-spoke model). As of this writing there are over 1,100 employees spread across several dozen spokes. There is more to it than that and it would be interesting to see it explored in the next edition.
On p. 83 they write:
For example, the Parity Wallet, which was designed by Ethereum co-founder and lead architect Gavin Wood as a way to seamlessly engage, via a browser, with Ethereum smart contracts, lost $30 million in a hack.
Actually, Parity had a couple issues in 2017 and it is likely that the book may have been sent to publication around the same time the bigger problem occurred on November 13, 2017. The second one involved a Parity-developed multisig wallet… and $150 million in ether that is now locked away and cannot be accessed (barring a hardfork). Most developers — including those at Parity — characterize this instance as a “bug” that was accidentally exploited by a developer.
On p. 84 they write:
These kinds of dynamics, with large amounts of money at stake, can foster concerns that founders’ interests are misaligned with other users. Ethereum’s answer was the not-for-profit Ethereum Foundation, which was tasked with managing the pool of ether and other assets from the pre-mine and pre-sale- a model since used by many of the ICO token sales.
It would be interesting to explore how this foundation was created and how itevolved and who manages it today. For instance, at one point in 2014 there were conversations around creating a commercial, for-profit entity led in part by Charles Hoskinson who later left and founded Cardano.
On p. 85 they write about The DAO:
After a few modest coding changes failed, they settled on a drastic fix: Ethereum’s core developers “hard-forked” the Ethereum blockchain, implementing a backward-incompatible software update that invalidated all of the attacker’s transactions from a certain date forward. It was a radical move. To many in the cryptocurrency community, it threw into question Ethereum’s all-important claim to immutability. If a group of developers can force a change in the ledger to override the actions of a user, however unsavory those actions are, how can you trust that ledger won’t be tampered with or manipulated again in the interest of one group over another? Does that not destroy the whole value proposition?
This passage should probably be revised because of the usage of the word immutable.
Also, it could be argued that Bitcoin Core and other “core” groups act as gate keepers to the BIP process (or its equivalent) could lobby on behalf of special interest groups to push specific code changes and/or favor certain outcomes on behalf of specific stakeholders.
In either case, it is the miners that ultimately install and use the code. While some developers (like Bitcoin Core) are highly influential, without miners installing and running software, the rules on the network cannot be changed.
Well, in many respects, the Ethereum team operated as policymakers do during real-world crises. They made hard decisions that hurt some but were ultimately taken in the interests of the greater good — determined, hopefully, through as democratic a process as possible. The organizers went to great lengths to explain and gain support for the hard fork.
The next edition should strive to be more specific here: what exactly made the decision making around the hard fork democratic. Who participated, who didn’t participate. And so forth.
Continuing on p. 85:
And, much like the Segwit2x and other Bitcoin reform pro-miners didn’t accept it. For all intents and purposes, the fix was democratic – arguably, much more so than non-participatory democratic models through which crisis policymaking is enacted by national governments. And since Ethereum is more of a community of software engineers than of cryptocurrency investors, it was less contentious than Bitcoin’s struggle over hard-fork proposals.
This makes very little sense as it is written because the authors don’t define or specify what exactly made any of the decision making democratic. Who was enfranchised? Who got to vote and make decision? Also, how do the authors know that Ethereum is “more of a community of software engineers than of cryptocurrency investors.” Is there any hard numbers to back that assertion up?
And lastly how do we measure the level of contentiousness? Is there an objective measure out there?
On p. 85 they write about Ethereum Classic:
This created much confusion and some interesting arbitrage opportunities – as well as some lessons for bitcoin traders when their own currency split two years later – but it can also be viewed as the actions of a dissenting group non-violently exercising their right to secede. More than a year later, Ethereum Classic is still around, though it trades at a small fraction of Ethereum’s value, which means The DAO attacker’s funds – whose movements on the public Ethereum blockchain have been closely watched – are of lower value than if they’d been preserved in ETH.
I don’t think we can really say for sure how much the The DAO fund (and child DAO fundss) would be worth since that is an alternative timeline.
Also, there are some vocal maximalists that have created various Ethereum-branded tribes which are okay with The DAO attacker having access to those funds. Will be interesting to see if there are any sociological studies to reference in a new edition.
On p. 86 they write:
These hacks, and the scrambles to fix them, seem nuts, right? But let’s put them in perspective. First, is this monetary chaos anything less unsettling than the financial crisis of 2008? Or the audacity of the subsequent Wall Street trading scandals?
This is a whataboutism. Also, strangely the authors are saying the bar for judgement is as low as the financial engineering and socialized loses of the GFC. Isn’t the narrative that cryptocurrencies are supposed to be held to a higher standard because the coin creators seek to architect a world that doesn’t have arbitrary decision making?
On p. 87 and 88 they write:
When the FBI auctioned the 144,000 bitcoins (worth $1.4 billion as of late November 2017) that it seized from Ross Ulbricht, the convicted mastermind of the Silk Road illicit goods marketplace, those coins fetched a significantly higher price than others in the market. The notion was that hey had now been “whitewashed” by the U.S. government. In comparison, other bitcoins with a potentially shady past should be worth less because of the risk of future seizure. That’s hardly fair: imagine if the dollar notes in your wallet were hit with a 10 percent tax because the merchant knew that five years ago, unbeknownst to you, they had been handled by a drug dealer. To avoid these distortions and create a cryptocurrency that works more like fungible cash, Wilcox’s Zcash uses sophisticated “zero-knowledge proofs” to allow miners to prove that holders of the currency aren’t’ double-spending without being able to trace the addresses.
What the authors likely mean by “whitewashed” is probably “cleansed.” In the US there have been discussions on how this could take place via the existing Uniform Commercial Code (see Section 3.3). To date, there hasn’t been a specific update to the UCC regarding this issue (yet) but it has been discussed in multiple places such as Bitcoin’s lien problem.
As far as the “fairness” claim goes, it could be worth revising the passage to include a discussion around nemo dat quod non habetand bona fide purchasers. Legal tender is explicitly exempt because of the very scenario the authors describe. But cryptocurrencies aren’t legal tender, so that exemption doesn’t exist (yet).
Lastly, only “shielded” transactions in Zcash provide the functionality described in the passage above… not all transactions on Zcash utilize and opt-in to this mode.
On p. 89 they describe EOS. Worth updating this section because to-date, they have not achieved the 50,000 transactions per second on mainnet that is stated in the book. There has also been a bit of churn in the organizations as Ian Grigg (named in the book) is no longer at the organization, nor are employees 2 through 5.
On p. 90 they write about proof-of-stake:
One criticism of the model has been that without the electricity consumption costs of proof of work, attackers in a proof-of-stake system would simply mine multiple blocks to boost their chances of inserting a fraudulent one into the ledger.
This “nothing at stake” scenario is a valid criticism of some early attempts at building a proof-of-stake mechanism but isn’t valid for some other proposals (such as, theoretically, “Slasher“).
On p. 91 they write:
It was clear that investors bought into Brave’s promise of a token that could fundamentally change the broken online advertising industry.
How do we know this was clear to investors? Anecdotally it appears that at least some investors participated as speculators, with the view that the token price would increase. A future edition should probably change the wording unless there is a reference that breaks down the motivation of the investors.
Other models include that of the decentralized computer storage platform Storj, which allows hard-drive-starved users to access other’s excess space in exchange for storj tokens.
Could be worth pointing out that Storj had two public ICOs and it is still unclear if that will result in legal or regulatory issues. Putting that aside, currently Storj has just under 3,000 users. This stat is worth looking at again in future versions, especially in light of less-than-favorable reviews.
On p. 98 they talk about BAT:
The point is that it’s all on the community – the society of BATs users – not on external investors, to bear the risk of that happening
Once the 1 billion tokens had sold out in twenty-four seconds, it was revelead that only 130 accounts got them and that the biggest twenty holdings covered more than two-thirds of the total. Those distortions left many investors angry.
There is currently a debate around whether these types of ICOs in 2017 (and earlier) were investment contracts (e.g., securities). In the US, this has led to more than a hundred subpoenas with some quiet (and not so quiet) enforcement action.
The language used in this chapter (and elsewhere in the book) suggests that the participants involved in the ICO were investing with the expectation of profit in a common enterprise managed by the Brave team. Worth revisiting in a future edition.
On p. 102 they write about ERC20 tokens:
But because of the ERC-20 solution, they didn’t need to develop their own blockchain with all the independent computing power that would require. Instead, Ethereum’s existing computing network would do the validation for them.
This piggybacking may be initially helpful to token issuers but:
it is a form of centralization which could have legal and regulatory consequences with respect to being viewed as notsufficiently decentralized
in the long run this could create a top-heavy issue as miners are not being compensated in proportion to the amount of value they are trying to secure (see Section 2.1)
On p. 102 they write:
This low-cost solution to the double-spending challenge launched a factory of ICOs as issuers found an easy way to tap a global investing community. No painful negotiations with venture capitalists over dilution and control of the board. No wining and dining of Wall Street investment banks to get them to put their clients on the order book. No wait for SEC approval. Just straight to the general public: here are more tokens; they’re cool, buy them. It was a simple, low-cost formula and it lowered the barrier to entry for some brilliant innovators to bring potentially world-changing ideas to market. Unfortunately, it was also a magnet for scammers.
Could be worth updating this section to include more details on the scams and fraud that took place throughout 2017. Many of the tokens that raised capital from outside investors during this time not only have not delivered a working product, but in most cases, the token underperformed both ether and bitcoin.
Also bears mentioning that beginning in late 2017 through the time of this writing, there was a clear divergence between public sale ICOs and private sale of tokens… the latter of which basically involves a private placement to accredited investors, including the same type of funds that the passage above eschewed.
On p. 104 they write about Gnosis:
With the other 95 percent controlled by the founders, those prices meant that the implied valuation of the entire enterprise stood at $300 million – a figure that soon rose above $1 billion as the Gnosis token promptly quadrupled in price in the secondary market. By Silicon Valley standards, it meant we had the first ICO “unicorn.”
Actually, Ethereum did an ICO back in 2014 — and as the price of ether (measured in USD) increased, it is likely that ETH could be seen as the first ICO “unicorn.” But that’s not really an apples-to-apples comparison though because ETH (or Gnosis) holders do not have say, voting rights, which equity holders of a traditional company would. Plus, “marketcap” is a poorly defined metric in the coin world (see Section 6).
On p. 104 and 105 they write:
One day, Paul received a call from a businessman who’d read one of his stories in The Wall Street Journal and wanted more information about how to get started and where to get legal advice. The man said he’d tried to reach the lawyer Marco Santori, a partner at the law firm Cooley who’d been quoted in the story, but couldn’t get through. Santori later told us that he was getting so many calls about ICOs, he simply couldn’t answer them all.
In January 2018, the SEC Chairman gave a public speech in which he singled out the “gatekeepers” (legal professionals) regarding the advice they gave clients. Could be worth revisiting who the main ICO-focused lawyers and lawfirms were during this time period and where they are now and if there were any enforcement actions undertaken.
On p. 105 they write:
“Most of these will fail,” said Olaf Carlson-Wee, the CEO of Polychain Capital, citing poorly conceived ideas and a lack of coding development. “Most of these are bad ideas from the beginning.” That said, Polychain is an investment firm that Carlson-Wee founded expressly to invest in these new projects. In fact, most of the people investing seemed to be taking a very VC-like approach to it. They understood that most of the projects would fail. They just hoped to have a few chips down on the one winner.
Carlson-Wee’s comments seem accurate insofar as the inability of many projects to execute and deliver based on the narratives each pitched investors. However, it could be worth digging into Polychain itself, which among other drama, may have “flipped” tokens due to a lack of lock-up periods.2021
On p. 108 and 109 they compare Blue Apron and block.one (EOS). Even though it’s not an apples-to-apples comparison could be worth revisiting this in the future because of the churn and drama with both organizations.
Pages 110 and 111 aged quickly as most of the ICO rating websites and newsletters have fallen to the wayside due to payola scandals and inability to trust the motivations behind the ratings.
Similarly, the authors describe accredited investors and SAFTs. There is a typo here as the authors likely mean that an individual needs to have an income of $200,000 not $200 million. The SAFT model has fallen out of favor for several reasons that could be explored in a future version.22
On p. 112 they write about ASICs:
But developers of Vertcoin have shown that it’s also possible to create a permanent commitment to ASIC-resistance by introducing something from the real, non-digital world of social organizations: a pact. If the platform’s governing principles include a re-existing commitment from all users of the coin to accept a fork – a change to the code – that would add new, ASIC-resistant elements as soon as someone develops such a chip, the coin’s community can protect the distributed, democratic structure of a GPU-led mining network.
Putting aside the fanciful ASIC-resistance utopia that is peddled by some coin issuers, the passage above raises a couple flags.
Who gets to decide what the governing principles are? Do these principles get to change overtime? If the answer is yes to either, who are those decision makers and how are they chosen? So far, there has not really been any “democratic” way of participating in that decision making process for any cryptocurrency. How can that change in the future?
Why is a GPU-led mining network considered more democratic? In practice, most of these farms are located in basically the same type of structure and geography as ASIC-based equipment… in some cases they are swapped out over time. In light of the Sia coin fork… which clearly shows favoritism at play, a future edition of the book could include a chart or spectrum explaining how the mining of one coin more or less democratic versus another.
On p. 113 there is more discussion of ICOs and token sales as it relates to “open protocols” but in practice it has largely been reinventing the same intermediated system we have to do, but with fewer check and balances or even recourse for retail investors.
On p. 114 they speculate that:
This speaks to our broader notion that tokens, by incentivizing the preservation of public goods, might help humanity solve the Tragedy of the Commons, a centuries-in-the-making shift in economic reality.
That’s a big claim that requires evidence to back it. Let’s revisit next time.
On p. 115 they write:
Much like Wall Street bond traders, these will “make markets” to bring financial liquidity to every countervailing pair of tokens – buying some here and selling other there – so that if anyone wants to trade 100 BATs for a third of a Jackson Pollock, they can be assured of a reasonable market price.
But how does a blockchain actually do this? They mention Lykke as an startup that could help match tokens at a fair price… but to-date there is nothing listed on Lykke that really stands out as different than what you could fine at other cryptocurrency exchanges. Perhaps a future version of the book could walk the reader step-by-step through how a blockchain can enable this type of “fairness” whereas previous technology could not.
On p. 116 they discuss several projects they label as “interoperability” initiatives including Interledger, Cosmos, sidechains, and Lightning. It may be helpful for the reader to see a definition for what “interoperability” means because each of these projects — and its supporters — may be using the term in a different way. Perhaps a comparison chart showing the similarities and differences?
On p. 117 they write:
In an age where U.S. presidents peddle “alternative facts” and pundits talk openly about our “post-truth society,” using the truth machine to put a value on honesty sounds appealing.
On the face of it, that end goal seems like more than a stretch because it’s unclear how a blockchain (today) controls off-chain behavior. The example they go on to use is Augur. But Augur is a futures market and there are many of those already in existence. How would Augur or a futures market “with a blockchain” prevent politicians from lying? Walking through this process could be helpful to the reader.
On p. 118 they mention Erick Miller’s investment fund called CoinCircle… and a couple of “special value tokens” called Ocean Health Coin and Climate Coin.
Maybe worth following up in the next edition because neither has launched and each of the pitches sounds very handwavy, lacking in substance. Also, one of the ICOs CoinCircle advised – Unikrn – is part of a class action lawsuit.
Most of p. 119 and 120 come across as more political discourse, which is fine… but unclear how a blockchain in some form or fashion could directly impact the various issues raised. Perhaps the next edition could include a chart with a roadmap in how they see various projects achieving different milestones?
If the reader is unfamiliar with IoT then the first 1/3 of chapter five is pretty helpful and informative.
Then there are some speedbumps.
On p. 130 they write about authenticating and verifying transactions involving self-driving cars:
The question, though, is: would this transaction be easily processed if it were based on a private blockchain? What are the chances, in a country of more than 230 million cars, that both vehicles would belong to the same closed network run by a group of permissioned validating computers? If they weren’t part of the same network, the payment couldn’t go through as the respective software would not be interoperable.
This is a red herring. Both “permissioned” and “permissionless” blockchains have similar (though not identical) scaling challenges. And interoperability is a separate issue which has been a known hurdle for years.
In fact, recently the Hyperledger Fabric team announced that it now supports the EVM. This comes a couple weeks after Hyperledger joined EEA as a member and vice-versa. Maybe none of these immediate efforts and experiments amount to many tangible outputs in the short-run but it does show that several ecosystems are attempting to be less tribal and more collaborative.
Also, the issue of payments is also separate from a blockchain-related infrastructure. Payments is a broad term and can include, for instance, a proposed central bank digital currency (e.g., “cash on ledger”)… or it can involve plugging into existing external payment systems (like Visa or ACH). It would be helpful if the next edition was more specific.
Continuing on p. 130 they write:
Other car manufacturers might not want to use a permissioned verification system for which, say GM, or Ford, is the gatekeeper. And if they instead formed a consortium of carmakers to run the system, would their collective control over this all-important data network create a barrier to entry for newer, startup carmakers? Would it effectively become a competition-killing oligopoly?
These are possible scenarios and good questions but this is kind of an unfair characterization of consortia. Let’s flip it around: why shouldn’t carmakers be allowed to build their own blockchains or collaborate with others who do? Do they need someones permission to do so? Depending on local regulations, maybe they do need permission or oversight in a specific jurisdiction. That could be worth exploring in another version.
On this topic they conclude that:
A truly decentralized, permissionless system could be a way around this “walled-garden” problem of siloed technology. A decentralized, permissionless system means any device can participate in the network yet still give everyone confidence in the integrity of the data, of the devices, and of the value being transacted. A permissionless system would create a much more fluid, expansive Internet of Things that’s not beholden to the say-so and fees of powerful gatekeepers.
That sounds well and good and a bit repetitive from earlier passages which said something similar. The passage aboves seems to be redefining what make something “permissioned” and “permissionless.” What does it mean for every device participate on a ‘decentralized, permissionless system’? Does that mean that each device is capable of building and/or creating a new block? If so, how do they choose which chain to build on?
And why is it so hard to imagine a world in which open-sourced platforms are also permissioned (e.g., validation is run by known, identifiable participants)… and these platforms are interoperable. Could be worth exploring because that scenario may be just as likely as the ones presented in this chapter.
Lastly, how does a “permissionless system” create a more fluid IoT world? These claims should be explored in more detail next time.
On p. 131 and 132 they write about IOTA, a specific project that markets itself as a purpose-built blockchain for IoT devices. But that project is beset by all kinds of drama that is beyond the scope of this review. Suffice to say that the February software build of IOTA cannot be run on most resource constrained IoT devices.
On p. 138 they mention in passing:
Exergy is a vital concept for measuring energy efficiency and containing wasteful practices; it doesn’t just measure the amount of energy generated but also the amount of useful work produced per each given amount of energy produced.
Fun fact: back in May 2014 I wrote an in-depth paper on Bitcoin mining that utilized the concept of “exergy.”
On pages 139-145 they talk about a number of vendors, use-cases, and platforms typically centered around the supply chain management world. Would be interesting to see which of these gained traction.
On p. 147 they write:
Blockchain-proven digital tokens point to what blockchain consultant and entrepreneurs Pindar Wong calls the “packetization of risk.” This radical idea introduces a negotiable structure to different phases of the chain. Intermediate goods that would otherwise be encumbered by a pre-established chain of unsettled commitments can instead be put out to bid to see if other buyers want to take on the rights and obligations associated with them.
It would be useful in this explanation to have a diagram or two to explain what Pindar proposes because it is a bit hard to follow.
On p. 147 they write:
This is why many people believe that the concept of a “circular economy” – where there is as much recycling as possible of the energy sources and materials in production – will hinge on the transparency and information flows that blockchain systems allow.
Does this mean that other “non-blockchain” systems do not allow transparency and information flows?
On p. 147 they write:
The principal challenge remains scaling. Open-to-all, permissionless blockcahins such as Bitcoin’s and Ethereum’s simply aren’t ready for the prime time of global trade. If all of the world’s supply chains were to pass their transactions through a permissionless blockchain, there would need to be a gargantuan increase in scalability, either off-chain or on-chain. Solutions may come from innovations such as the Lightning Network, discussed in chapter three, but they are far from ready at this stage.
Can we propose a moratorium on additional usages of “Lightning” in the next edition unless there is significant adoption and usage of it? Also, it is unclear why the worlds supply chains should for some reason be connected onto an anarchic chain: what is the benefit of putting this information onto a chain whose operators are unaccountable if a fork occurs?
On p. 148 they write:
Instead, companies are looking at permissioned blockchains, which we’ll discuss in more detail in chapter six. That makes sense because many big manufacturers think of their supply chains as static concepts, with defined members who have been certified to supply this or that component to a finished product. But in the rapidly changing world of the Fourth Industrial Revolution, this might not be the most competitive option. Emerging technologies such as additive manufacturing, where production can be called up anywhere and delivered by anyone with access to the right software files and a sufficiently configured 3D printer, are pointing to a much more fluid, dynamic supply-chain world, where suppliers come and go more easily. In that environment, a permissionless system would seem necessary. Once scaling challenges are resolved, and with robust encryption and reliable monitoring systems for proving the quality of suppliers work, permissionless blockchain-based supply chains could end up being a big leveler of the playing field for global manufacturing.
There are way too many assumptions in this paragraph to not have somewhere written that there are many assumptions.
Is a blockchain really needed in this environment? If so, a future edition should explain how a 3D printer would be more useful connected to a blockchain than some other network. Also, this seems to be a misuse of the term “permissionless” — why does the network need to be anarchic? How would the supply chain benefit from validators who are unknown?
On p. 148 they write:
It will be difficult to marry that old-world body of law, and the human-led institutions that manage it, with the digital, dematerailized, automated, and de-nationalized nature of blockchains and smart contracts.
How are blockchains “de-nationalized”? As of this writing there are probably a couple dozen publicly announced state-sponsored blockchain platforms of some kind (including various cryptocurrency-related initiatives). This phrase should probably be removed.
On p. 150 they write about the Belt and Road Blockchain Consortium:
Hence the opportunity for blockchain technologies to function as an international governance system. Hong Kong’s role will be important: the territory’s British legal traditions and reputation for respecting property rights have made it a respected safehouse for managing intellectual property and other contractual obligations within international trade. If the blockchain is to be inserted into global trade flows, the region’s bridging function may offer the fastest and most impactful route. For Hong Kong residents who want the territory to retain its British legal traditions, that role could be a vital protection against Beijing undermining them.
From publicly available information it is unclear if the Belt and Road Blockchain Consortium has seen much traction. In contrast, the Ping An-led HKMA trade finance group has turned onits “blockchain” platform.
On p. 151 they wrote about a public event held on August 5, 2015:
As far as bankers were concerned, Bitcoin had no role to play in the existing financial system. Banking institutions thrive on a system of opacity in which our inability to trust each other leaves us dependent on their intermediation of our transactions. Bankers might give lip service to reforming the inner workings of their system, but the thought of turning it over to something as uncontrollable as Bitcoin was beyond heresy. It wasn’t even conceivable.
This is a bit of a red herring. I’ve been in dozens of meetings with banks and financial institutions over the past four years and in general there is consensus that Bitcoin – the network – is not fit for purpose as financial market infrastructure to handle regulated financial instruments. Why should banks process, say payments, on a network in which the validators are neither accountable if a problem occurs nor directly reachable in case users want to change or upgrade the software? Satoshi wasn’t trying to solve interbank-related issues between known participants so this description shouldn’t be seen as a slight against Bitcoin.
Now, bitcoin, the coin, may become more widespread in its usage and/or ownership at banks. In fact, as of this writing, nearly every large commercial bank owns at least a handful of cryptocurrencies in order to pay off ransomware issues. But the passage above seems to conflate the two.
At the same time, committed Bitcoin fans weren’t much interested in Wall Street, either. Bitcoin, after all, was designed as an alternative to the existing banking system. An improvement.
This is a bit revisionist. For instance, the original whitepaper uses the term “payment” twelve times. It doesn’t discuss banking or specific product lines at banks. Banks do a lot more than just handle payments too. Satoshi attempted to create an alternative payment system… the “be your own bank” narrative is something that other Bitcoin promoters later added.
On p. 152 they discuss the August 2015 event:
In essence, Symbiont was promising “blockchain without bitcoin” – it would maintain the fast, secure, and cheap distributed network model, and a truth machine at its center that validated transactions, but it was not leaderless, permissionless, and open to all. It was a blockchain that Wall Street could control.
This has some hyperbole in it (does “Wall Street” really control it?) but there is a kernel that the authors could expand on in the next version: vendor-dependence and implementation monopoly. In the example above, the authors could have pointed out that the same market structure still exists, so what benefit does a blockchain provide that couldn’t already be used? In addition to, what do the authors mean by “cheap distributed network model” when they have (rightly) mentioned that proof-of-work is resource intensive? As of this writing, Symbiont uses BFT-SMaRt and doesn’t use PoW.
Also, the authors seem to conflate “open to all” with blockchains that they prefer. Yet nearly all of the blockchains they seem to favor (like Bitcoin) involve relatively centralized gatekeeping (BIP process) and permissioned edges via exchanges.
Again, when I wrote the paper that created this distinction in 2015, the “permissionless’ness” is solely an attribute of mining not on sending or receiving coins.
On p. 153 they write:
But these permissioned systems are less open to experiments by computer engineers, and access rights to the data and software are subject to the whim of the official gatekeeper. That inherently constrains innovation. A private blockchain, some say, is an oxymoron. The whole point of this technology is to build a system that is open, accessible, and public. Many describe them with the generic phrase “distributed ledger technology” instead of “blockchain.”
This is why it would be important for the authors to explicitly mention what “blockchain” they are referring to. In many cases their point is valid: what is the point of using a blockchain if a single entity runs the network and/or monopolizes the implementation?
Yet their argument is diminished by insisting on using loaded phrases like “open” and “public.” What does it mean to be open or public here? For instance, in order to use Bitcoin today, you need to acquire it or mine it. There can be substantial entry and exit costs to mining so most individuals typically acquire bitcoins via a trusted, permissioned gateway (an exchange). How is that open?
Lastly, the euphemism of using the term “blockchain” instead of using the term “bitcoin” dates back to late 2015 with investors like Adam Draper explicitly stating that was his agenda. See: The great pivot?
On p. 156 they write:
Though Bitcoin fans frowned upon permissioned blockchains, Wall Street continued to build them. These tweaked versions of Bitcoin shared various elements of the cryptocurrency’s powerful cryptography and network rules. However, instead of its electricity-hungry “proof-of-work” consensus model, they drew upon older, pre-Bitcoin protocols that were more efficient but which couldn’t achieve the same level of security without putting a centralized entity in charge of identifying and authorizing participants.
There is a few issues with this:
Which Bitcoin fans are the authors referring to, the maximalists?
There are newer Byzantine fault tolerant protocols such as HoneybadgerBFT which are also being used by different platforms
Their last sentence uses a false dichotomy because there are different security assumptions based on the targeted operating environment that result in tradeoffs. To say that Bitcoin is more or less secure versus say, an instance of Fabric is a bit meaningless because the users have different expectations that the system is built around.
On p. 157 they write about R3:
The biggest winner in this hiring spree was the research and development company R3 CEV, which focused on the financial industry. It sought to build a distributed ledger that could, on the one hand, reap the benefits of real-time securities settlement and cross-industry harmonization but, on the other, would comply with a vast array of banking regulations and meet its members’ proprietary interest in keeping their books private.
This seems like a dated pitch from a couple use cases from mid-2015 because by the time I departed in September 2017, real-time securities settlement wasn’t the primary use (for Corda) being discussed externally.
By the spring of 2017, R3 CEV had grown its membership to more than one hundred. Each member firm paid annual dues of $250,000 in return for access to the insights being developed inside the R3 lab. Its founders also raised $107 million in venture funding in 2017, mostly from financial institutions.
I don’t think the full details are public but the description of the funding – and what was exchanged for it – is not quite correct. The original DLG members got equity stakes as part of their initial investment. Also, as far as the Series A that was announced in May 2017, all but one of the investors was a financial institution of some kind.
On p. 157 they write:
Some of that money went to hire people like Mike Hearn, a once prominent Bitcoin developer who dramatically turned his back on the cryptocurrency community with an “I quit” blog post complaining about the bitter in fighting. R3 also hired Ian Grigg – who later left to join EOS – another prominent onetime rebel from the cryptocurrency space.
To be clear on the timing: Mike Hearn began working at R3 in October 2015 (along with James Carlyle).23 Several months later he published a widely discussed post about Bitcoin itself. Based on his public talks since January 2016, he still seems to have some passing interest in cryptocurrencies; he did a reddit AMA on /r/btc this past spring.
Also, Ian Grigg has since left EOS and launched a new startup, Chamapesa.
On p. 157 they write about me:
Before their arrival, R3 had also signed on Tim Swanson as research director. Swanson was a distributed ledger/blockchain analyst who was briefly enthused by Bitcoin but who later became disillusioned with the cryptocurrency’s ideologues. He became a vocal, anti-Bitcoin gadfly who seemed to delight in mocking its travails.
This is also revisionist history.
Not to dive too much into the weeds here – and ignoring everything pre-2014 – a quick chronology that could be added if the authors are looking to be balanced is the following:
Over the course of under four months, after doing market research covering a few dozen projects, I published Great Chain of Numbers in March 2014… which was a brief report that quickly became outdated.
Some of the feedback I received – including from Bob, an expert at a data analytics startup – was that I was too charitable towards the claims of cryptocurrency promoters at payment processors and exchanges.24 That is to say, Bob thought that based on analytics, the actual usage of a payment processor was a lot lower than what the executives from that processor told me. In retrospect, Bob was absolutely correct.
A couple months later I ended up – by accident – doing an interview on Let’s Talk Bitcoin. The original guest did not show up and while we (the co-hosts) were waiting, I ended up getting into a small debate with another co-host about the adoption and usage of cryptocurrencies like Bitcoin. You can listen to it here and read the corresponding long-read that provides more citations and supporting links to back up the comments I made in the podcast.
From this moment forward (June 2014) – because I fact-checked the claims and did not blindly promote cryptocurrencies – I quickly became labeled as a pariah by several of the vocal cryptotwitter personalities. Or as the authors of this book unfairly label me: “anti-Bitcoin gadfly.” To call this order of events “disillusionment” is also unfair.
Lastly, a quick fix to the passage in the book: I technically became a formal advisor to R3 at the end of 2014 (after their second roundtable in Palo Alto)… and then later in August 2015 came on full-time as director of market research (although I subsequently wore several different hats).
On p. 158 they write:
Of a similar breed was Preston Byrne, the general counsel of Eris Ltd., later called Monax which designed private blockchains for banks and a variety of other companies. When Byrne’s Twitter feed wasn’t conveying his eclectic mix of political positions – pro-Trump, anti-Brexit, pro-Second Amendment, pro-encryption, anti-software utopianism – or constant references to marmots (the Eris brand’s mascot), it poured scorn on Bitcoin’s fanatic followers. For guys like Swanson and Byrne, Bitcoin’s dysfunctional governance was a godsend.
Again, chronologically I met Preston online in early 2014. He helped edit and contributed to Great Chain of Numbers. Note: he left Eris last year and recently joined a US law firm.
This is an unfair description: “For guys like Swanson and Byrne, Bitcoin’s dysfunctional governance was a godsend.”
This is unfair for several reasons:
We were hardly the first people to spend time writing about the governance problems and frictions involved in cryptocurrencies. For instance this includes: Ray Dillinger, Ben Laurie, and likely dozens of others. Nor were we the only ones discussing it in 2014 and 2015.
Preston and I have also – separately – written and discussed issues with other cryptocurrencies and blockchains during that time frame… not just Bitcoin.
Thus to single us out and simultaneously not mention others who had similar views, paints us as some type of cartoonish villains in this narrative. Plus, the authors could have reached out to us for comment. Either way, the next version should attempt to fix the word choices and chronology.
I reached out to Preston Byrne and he provided a response that he asked to have included in a footnote.25
On p. 159 they write more about R3:
On the one hand, regulators were comfortable with the familiar membership of R3’s consortium: they were more accustomed to working with bankers than with T-shirt-and-jeans-wearing crypto-investors. But on the other, the idea of a consortium of the world’s biggest banks having say-so over who and what gets included within the financial system’s single and only distributed ledger conjured up fears of excessive banking power and of the politically unpopular bailouts that happened after the crisis. Might Wall Street be building a “too-big-to-fail” blockchain?
This is some strange criticism because many of the developers of Corda (and other pieces of software) wore casual and business casual attire while working in the offices.
Corda is not the “single and only distributed ledger” being used by enterprises. Nearly all of the banks that invested in R3 also invested in other competing entities and organizations including Axoni and Digital Asset. Thus the statement in the middle should be updated to reflect that R3 does not have some kind of exclusivity over banking or enterprise relationships.
Michael Casey has said multiple times in public (even prior to the existence of Corda) that R3 was a “cartel coin” or “cartel chain” — including on at least one panel I was on with him in January 2016. This is during a time in which R3 did not have or sell any type of product, it was strictly a services-focused company. Maybe the organization evolves in the future – there may even be some valid criticism of a mono-implementation or a centrally run notary – but even as of this writing there is no Corda Enterprise network up and running.26
Lastly, all of these banks are members of many different types of consortia and multilateral bodies. Simply belonging to or participating in organizations such as IOSCO does not mean something nefarious is afoot.
On p. 160 they write:
The settlement time is also a factor in a financial crisis, and it contributed to the global panic of 2008.
This is a good point and it would be great to go into further details and examples in the next edition.
On p. 160 they write:
This systemic risk problem is what drew Blythe Masters, one of the key figures behind blockchain innovation on Wall Street, into digital ledger technology; she joined Digital Asset Holdings, a blockchain service provider for the financial system’s back-office processing tasks, as CEO in 2014.
Two small quibbles:
Pretty sure the authors meant to say “distributed” not “digital”
Blythe Masters joined as CEO in March 2015, not in 2014
On p. 162 they write:
It’s just that to address such breakdowns, this new wave of distributed ledger system designers have cherry-picked the features of Nakamoto’s invention that are least threatening to the players in the banking system, such as its cryptographic integrity, and left aside its more radical, and arguably more powerful, features, especially the decentralized, permissionless consensus system.
This is revisionist history. Satoshi bundled together existing ideas and libraries to create a blockchain. He or she did not invent cryptography from the ground up. For more details, readers are encouraged to read “Bitcoin is worse is better” from Gwern Branwen. IT systems at financial institutions were (and are) already using various bits of cryptography, encryption, permissioning, data lakes, and distributed storage methods.
Furthermore, because the participants in the financial system are known, there is no reason to use proof-of-work, which is used in Bitcoin because the participants (miners) are unknown.
Lastly, the authors touch on it and do have a valid point about market structure being changed (or unchanged) and should try to expand that in the next edition.
On p. 162 they write:
The DTCC, which settles and clears the vast majority of US stock and bond trades, handles 10,000 transactions per second; Bitcoin, at the time of this writing, could process just seven. And as strong as Bitcoin’s value – and incentive-based security model has proven to be, it’s not at all clear that a few hundred million dollars in bitcoin mining costs would deter rogue traders in New York or London when government bond markets offer billion dollar fraud opportunities.
Firstly, at the time of this writing, on-chain capacity for Bitcoin (even with Segwit activated) is still less than seven transaction per second.
Second, it is not clear how “rogue traders” in New York or London would be able to directly subvert the mining process of Bitcoin. Are the authors thinking about the potential security delta caused by watermarked tokens and colored coins?27
On p. 162 they write:
Either way, for the firms that R3 and Digital Asset serve – managers of the world’s retirement funds, corporate payrolls, government bond issuances, and so forth -these are not security risks they can afford. For now – at least until solutions as Lightning provide large-scale transaction abilities – Bitcoin isn’t anywhere near ready to service Wall Street’s back-office needs.
But Bitcoin is not fit for purpose for regulated financial institutions. Satoshi wasn’t trying to solve back-office problems that enterprises had, why are the authors intent on fitting a round peg in a square hole?
Also, Lightning isn’t being designed with institutions in mind either. Even if one or more of its implementations becomes widely adopted and used by Bitcoin users, it still doesn’t (currently) meet the functional and non-functional requirements that regulated institutions have. Why market it as if it does?
On p. 162 they write:
There are also legal concerns. R3’s Swanson has argued that the mere possibility of a 51 percent attack – that scenario in which a minder gains majority control of a cryptocurrency network’s computing power and fraudulently changes transactions – means that there can never be “settlement finality” in a cryptocurrency transaction. That of perpetual limbo is a scenario that Wall Street lawyers can’t live with, he said. We might retort that the bailouts and various other deals which banks reversed their losses during the crisis make a mockery of “finality,” and that Bitcoin’s track record of irreversibility is many magnitudes better than Wall Street’s. Nonetheless, Swanson’s catchy critique caught on among bankers. After all, he was preaching to the choir.
So there are a few issues with this statement.
I did not invent the concept of “settlement finality” nor did ‘Wall Street lawyers.’ The term dates back decades if not centuries and in its most recent incarnation is the product of international regulatory bodies such as BIS and IOSCO. Regulated financial institutions – starting with financial market infrastructures – are tasked with reducing risk by making sure the payment systems, for instance, are irreversible. Readers should peruse the PFMIs published in 2012.
The next issue is, they make it sound like I lobbied banks using some ‘gotcha’ loophole to scare banks from using Bitcoin. Nowhere in my presentations or speeches have I justified or handwaved away the (criminally?) negligent behavior of individuals at banks that may have benefited from bailouts. This is another unfair characterization that they have painted me as.
To that point, they need to be more specific about what banks got specific transactions reversed. Name and shame the organizations and explain how it would not be possible in a blockchain-based world. Comparing Bitcoin with ‘Wall Street’ doesn’t make much sense because Bitcoin just handles transfers of bitcoin, nothing else. ‘Wall Street’ encompasses many different product lines and processes many other types of transactions beyond payments.
All in all, painting me as a villain is weak criticism and they should remove it in their next edition.
On p. 163 they write about permissioned ledgers:
They’re not racing each other to win currency rewards, which also means they’re not constantly building a wasteful computing infrastructure a la Bitcoin.
They say that as if it is a good thing. Encourage readers to look through the energy costs of maintaining several different proof-of-work networks that handle almost no commerce.
On p. 163 they write:
That’s why we argue that individuals, businesses, and governments really need to support the various hard-core technical solutions that developers are pursuing to help permissionless ledgers like Bitcoin and Ethereum overcome their scaling, security, and political challenges.
This agenda has been pretty clear throughout the book, though it may be more transparent to the reader if it comes earlier in chapter 1 or 2.
From a historical perspective this argument doesn’t make much sense. If Karl Benz had said the same thing in the 19th century about getting engineers to build around his car and not others. Or the Wright Brothers had been ‘more successful’ at suing aerospace competitors. Why not let the market – and its participants – chose to work on platforms they find of interest?
On p. 165 they write about the MIT Digital Currency Inititative but do not disclose that they solicit financial support from organizations such as central banks, some of whom pay up to $1 million a year to collaborate on research projects. Ironically, the details of this program are not public.
On p. 167 they write:
A broad corporate consortium dedicated to a mostly open-source collaborative approach, Hyperledger is seeking to develop nothing less than a common blockchain / distributed ledger infrastructure for the global economy, one that’s targeted not only at finance and banking but also at the Internet of Things, supply chains, and manufacturing.
The next edition should update that passage. All of the projects incubated by the Hyperledger Project are open sourced, there is no “mostly.” And not all of these projects involve a blockchain, some involve identity-related efforts.28
On p. 169 and again on p. 172 the authors quote Joi Ito who compares TCP/IP with “walled gardens” such as AOL and Prodigy.
That is comparing apples-and-oranges. TCP/IP is a suite of protocols, not a business. AOL and Prodigy are businesses, not protocols. AOL used a proprietary protocol and you could use TCP/IP via a gateway. Today, there are thousands of ‘walled gardens’ called ISPs that allow packets to jump across boundaries via handshake agreements. There is no singular ‘Internet’ but instead there are thousands of intranets tied together using common standards.
Permissionless systems like those of Bitcoin and Ethereum inherently facilitate more creativity and innovation, because it’s just understood that no authorizing company or group of companies can ever say this or that thing cannot be built.
How are they measuring this? Also, while each platform has its own terms of service, it cannot be said that you need explicit permission to build an application on top of a specific permissioned platform. The permissioning has to do with how validation is handled.
On p. 173 they write:
It’s the guarantee of open access that fosters enthusiasm and passion for “permissionlessness” networks That’s already evident in the caliber and rapid expansion in the number of developers working on public blockchain applications. Permissioned systems will have their place, if nothing else because they can be more easily programmed at this early stage of the technology’s life to handle heavier transaction loads. But the overarching objective for all of us should be to encourage the evolution of an open, interoperable permissionless network.
This is just word salad that lacks supporting evidence. For the next edition the authors should tabulate or provide a source for how many developers are working on public blockchain applications.
The passage above also continues to repeat a false dichotomy of “us versus them.” Why can’t both of these types of ‘platforms’ live in co-existence? Why does it have to be just one since neither platform can fulfill the requirements of the other?
It’s like saying only helicopters provide the freedom to navigate and that folks working on airplanes are only doing so because they are less restricted with distances. Specialization is a real.
On p. 173 they conclude with:
There’s a reason we want a world of open, public blockchains and distributed trust models that gives everybody a seat at the table. Let’s keep our eyes on that ball.
This whole chapter and this specific statement alone comes across as preachy and a bit paternalistic. If the message is ‘permissionlessness’ then we should be allowed to pursue our own goals and paths on this topic.
Also, there are real entry and exit costs to be a miner on these public chains so from an infrastructure point of view, it is not really accurate to say everybody gets a seat at the table.
This is probably their strongest chapter. They do a good job story telling here. Though there were few areas that were not clear.
On p. 179 they write:
But as Bitcoin and the blockchain have shown, the peer-to-peer system of digital exchange, which avoids the cumbersome, expensive, and inherently exclusionary banking system, may offer a better way.
The authors have said 5-6 times already that proof-of-work networks like Bitcoin can be very costly and wasteful to maintain. It would be helpful to the reader for the authors to expand on what areas the banking system is expensive.
And if a bank or group of banks used a permissioned blockchain, would that reduce their expenses?
On p. 181 they write about time stamps:
The stamp, though, is incredibly powerful. And that, essentially, is the service that blockchains provide to people. This public, recognizable open ledger, which can be checked by any time by anybody, acts in much the same way as the notary stamp: it codified that certain action took place at a certain time, with certain particulars attached to it, and it does this in a way that the record of that transaction cannot be altered by private parties, whether they be individuals or governments.
In the next edition the authors should differentiate time stamps and all the functions a notary does. Time stamps may empower notaries but simply stamping something doesn’t necessarily make it notarized. We see this with electronic signatures from Hello Sign and Docusign.
Also, these blockchains have to be funded or subsidized in some manner otherwise they could join the graveyard of hundreds of dead coins.
On p. 181 they write about Factom and Stampery. It would be good to get an update on these types of companies because the founder of Stampery who they single out – Luis Ivan Cuende – has moved on to join and found Aragon.
On p. 183 they discuss data anchoring: taking a hash of data (hash of a document) and placing that into a blockchain so that it can be witnessed. This goes back to the proof-of-existence discussion earlier on. Its function has probably been overstated and is discussed in Anchor’s Aweigh.
On p. 184 they discuss Chromaway. This section should be updated because they have come out with their own private blockchain, Chromapolis funded via a SAFT.
On p. 185 they write:
The easier thing to do, then, for a reform-minded government, is to hire a startup that’s willing to go through the process of converting all of an existing registry, if one exists, into a digital format that can be recorded in a blockchain.
Why? Why does this information have to be put onto a blockchain? And why is a startup the right entity to do this?
On p. 186 they mention several companies such as Bitfury, BitLand, and Ubiquity. It would be good to update these in the next edition to see if any traction occurred.
On p. 187 they write:
They key reason for that is the “garbage-in/garbage-out” conundrum: when beginning records are unreliable, there’s a risk of creating an indisputable permanence to information that enshrines some abuse of a person’s property rights.
This GIGO conundrum doesn’t stop and isn’t limited to just the beginning of record keeping. It is an ongoing challenge, potentially in every country.
On p. 188-192 they describe several other use cases and projects but it is unclear why they can’t just use a database.
On p. 193 they write:
Part of the problem is that cryptocurrencies continue to sustain a reptutation among the general public for criminality. This was intensified by the massive “WannaCry” ransomware attacks of 2017 in which attackers broke into hospitals’ and other institutions’ databases, encrypted their vital files and then extorted payments in bitcoin to have the data decrypted. (In response to the calls to ban bitcoin that inevitably arose in the wake of this episode, we like to point that far more illegal activity and money laundering occurs in dollar notes, which are much harder to trace than bitcoin transactions. Still, when it comes to perception, that’s beside the point – none of these incidents help Bitcoin’s reputation.)
This is a whataboutism. Both actions can be unethical and criminal, there is no need to downplay one versus the other. And the reason why bitcoin and other cryptocurrencies are used by ransomware authors is because they are genuinely useful in their operating environment. Data kidnapping is a good use case for anarchic networks… and cryptocurrencies, by design, continue to enable this activity. The authors can attempt to downplay the criminal element, but it hasn’t gone away and in fact, has been aided by additional liquidity to coins that provide additional privacy and confidentiality (like Monero).
On p. 193 they write about volatility:
This is a massive barrier to Bitcoin achieving its great promise as a tool to achieve financial inclusion. A Jamaican immigrant in Miami might find the near-zero fees on a bitcoin transaction more appealing than the 9 percent it costs to use a Western Union agent to send money home to his mother.
This financial inclusion narrative is something that Bitcoin promoters created after Satoshi disappeared. The goal of Bitcoin — according to the whitepaper and announcement threads – wasn’t to be a new rail for remittance corridors. Maybe it becomes used that way, but the wording in the passage above as a “great promise” is misleading.
Also, the remittance costs above should be fact-checked at the very handy Save On Send site.
On p. 194 they write about BitPesa. Until we see real numbers in Companies House filings, it means their revenue is tiny. Yet the authors make it sound like they have “succeeded”:
The approach is paying dividends as evident in the recent success of BitPesa, which was established in 2013 and was profiled in The Age of Cryptocurrency. The company, which offers cross-border payments and foreign-exchange transactions in and out of Kenya, Nigeria, Tanzania, and Uganda, reported 25 percent month-on-month growth, taking its transaction volume midway through 2017, up from $1 million in 2016.
They also cited some remittance figures from South Korea to the Philippines which were never independently verified and are old.
On p. 194 they dive into Abra a company they described as a remittance company but earlier this year they pivoted into the investment app category as a Robinhood-wannabe, with a coin index.
On p. 196 they discuss the “Somalia dilemma” in which the entire country is effectively unable to access external financial systems and somehow a blockhain would solve their KYC woes. The authors then describe young companies such as Chainalysis and Elliptic which work with law enforcement to identify suspicious transactions. Yet they do not close the loop on the narrative as to how the companies would help the average person in Somalia.
On p. 198 they discuss a startup called WeTrust and mention that one of the authors – Michael – is an advisor. But don’t disclose if he received any compensation for being an advisor. WeTrust did an ICO last year. This is important because the SEC just announced it has fined and settled with Floyd Mayweather and DJ Khaled for violating anti-touting regulations.
Chapter 8 dives into self-sovereign identity which is genuinely an interesting topic. It is probably the shortest chapter and perhaps in the next edition can be updated to reflect any adoption that took place.
On p. 209 they write about physical identification cards:
Already, in the age of powerful big data and network analytics – now enhanced with blockchain-based distributed trust systems to assure data integrity – our digital records are more reliable indicators of the behavior that defines who we are than are the error-prone attestations that go into easily forged passports and laminated cards.
How common and how easily forged are passports? Would be interesting to see that reference and specifically how a blockchain would actually stop that from happening.
On p. 212 they write about single-sign ons:
A group of banks including BBVA, CIBC, ING, Societe Generale, and UBS has already developed such a proof of concept in conjunction with blockchain research outfit R3 CEV.
Earlier they described R3 differently. Would be good to see more consistency and also an update on this project (did it go anywhere?).
On p. 213 they describe ConsenSys as a “think tank” but it is actually a ‘venture studio’ similar to an incubator (like 500 Startups). Later on p. 233 they describe ConsenSys as an “Ethereum-based lab”.
On p. 216 they write about Andreas Antonopoulos:
What we should be doing, instead of acting as judge and executioner and making assumptions “that past behavior will give me some insight into future behavior,” Antonpolous argues, is building systems that better manage default risk within lenders’ portfolios. Bitcoin, he sustains, has the tolls to do so. There’s a lot of power in this technology to protect against risk: smart contracts, multi-signature controls that ensure that neither of the two parties can run off with the funds without the other also signing a transaction, automated escrow arrangements, and more broadly, the superior transparency and granularity of information on the public ledger.
There are at least two issues with this:
Nowhere in this section do the authors – or Antonopolous – provide specific details for how someone could build a system that manages default risk on top of Bitcoin. It would be helpful if this was added in the next edition.
And recently, Antonopoulos claims to have been simply educating people about “blockchain technology” and not promoting financial products.
If you have followed his affinity marketing over the past 4-5 years he has clearly promoted Bitcoin usage as a type of ‘self-sovereign bank‘ — and you can’t use Bitcoin without bitcoins.29 He seems to be trying to have his cake and eat it too and as a result got called out by both Nouriel and Buttcoin.
On p. 219 they write:
If an attestation of identifying information is locked into an immutable blockchain environment, it can’t be revoked, not without both parties agreeing ot the reversal of the transaction. That’s how we get to self-sovereignty. It’s why, for example, the folks at Learning Machine are developing a product to prove people’s educational bona fides on Blockcerts, an MIT Media Lab-initiated open-source code for notarizing university transcripts that hashes those documents to the bitcoin blockchain. Note the deliberate choice of the most secure, permissionless blockchain, Bitcoin’s. A permissioned blockchain would fall short of the ideal because there, too, the central authority controlling the network could always override the private keys of the individual and could revoke their educational certificates. A permissionless blockchain is the only way to give real control/ownership of the document to the graduate, so that he/she can disclose this particularly important attribute at will to anyone who demands it.
This disdain for ‘permissioned blockchains’ is a red herring and another example of the “us versus them” language that is used throughout the book. If a blockchain has a central authority that can do what the authors describe, it would be rightly described as a single point of failure and trust. And this is why it is important to ask what ‘permissioned’ chain they had in mind, because they are not all the same.
They also need to explain how they measure ‘most secure’ because Bitcoin – as described throughout this review – has several areas of centralization include mining and those who control the BIP process.
On p. 219 they quote Chris Allen. Could be worth updating this because he left Blockstream last year.
This chapter seemed light on details and a bit polemical.
For instance, on p. 223 they write:
Many of our politicians seem to have no ideas this is coming. In the United States, Donald Trump pushes a “Buy America First” campaign (complete with that slogan’s echoes of past fascism), backed by threats to raise tariffs, tear up trade deals, boot undocumented immigrants out of the country, and “do good deals for America.” None of this addresses the looming juggernaut of decentralized software systems. IoT systems and 3D printing, all connected via blockchains and smart-contract-triggered, on-demand service agreements, will render each presidential attempt to strong-arm a company into retaining a few hundred jobs in this or that factory town even more meaningless.
Putting the politics aside for a moment, this book does not provide a detailed blue print for how any of the technology listed will prevent a US president from strong-arming a company to do any specific task. How does a 3D printer connected to a blockchain prevent a president from executing on their agenda?
On p. 224 they write about universal basic income:
This idea, first floated by Thomas Paine in the eighteenth century, has enjoyed a resurgence on the left as people have contemplated how robotics, artificial intelligence, and other technologies would hit working-class jobs such as truck driving. But it may gain wider traction as decentralizing force based on blockchain models start destroying middle-class jobs.
This speculation seems like a non sequitur. Nowhere in the chapter do they detail how a “blockchain-based model” will destroy middle class jobs. What is an example?
On p. 227 they write:
In case you’re a little snobbish about such lowbrow art, we should also point out that a similar mind-set of collaborative creation now drives the world of science and innovation. Most prominently, this occurs within the world of open-source software development; Bitcoin and Ethereum are the most important examples of that.
If readers were unfamiliar with the long history of the free open source software movement, they might believe that. But this ignores the contributions of BSD, Linux, Apache, and many other projects that are regularly used each and every day by enterprises of all shapes and sizes.
Also, during the writing of this review, an open source library was compromised — potentially impacting the Copay wallet from Bitpay — and no one noticed (at first). Eric Diehl, a security expert at Sony, has a succinct post up on the topic:
In other words, this is an example of a software supply chain attack. One element in the supply chain (here a library) has been compromised. Such an attack is not a surprise. Nevertheless, it raises a question about the security of open source components.
Many years ago, the motto was “Open source is more secure than proprietary solutions.” The primary rationale was that many eyes reviewed the code and we all know that code review is key for secure software. In the early days of open source, this motto may have been mostly true, under some specific trust models ( see https://eric-diehl.com/is-open-source-more-secure/, Chapter 12 of Securing Digital Video…). Is it still true in our days?
How often do these types of compromises take place in open-source software?
On p. 232 they write:
Undaunted, an unofficial alliance of technologists, entrepreneurs, artists, musicians, lawyers, and disruption-wary music executives is now exploring a blockchain-led approach to the entire enterprise of human expression.
What does that even mean?
On p. 232 they write about taking a hash of their first book and inserting it into a block on the Bitcoin blockchain. They then quote Dan Ardle from the Digital Currency Council who says:
“This hash is unique to the book, and therefore could not have been generated before the book existed. By embedding this hash in a bitcoin transaction, the existence of the book on that transaction date is logged in the most secure and irrefutable recordkeeping system humanity has ever devised.”
These plattitudes are everywhere in the book and should be toned down in the next edition especially since Ardle – at least in the quote – doesn’t explain how he measures secure or irrefutable. Especially in light of hundreds of dead coins that were not sustainable.
On p. 233 they write:
The hope now is that blockchains could fulfill the same function that photographers carry out when they put a limited number of tags and signatures on reproduced photo prints: it turns an otherwise replicable piece of content into a unique asset, in this case a digital asset.
This seems to be solutionism because blockchains are not some new form of DRM.
Continuing on this topic, they write:
Copying a digital file of text, music, or vidoe has always been trivial. Now, with blockchain-based models, Koonce says, “we are seeing systems develop that can unequivocally ensure that a particular digital ‘edition’ of a creative work is the only one that can be legitimately transferred or sold.” Recall that the blockchain, as we explained in chapter three, made the concept of a digital asset possible for the first time.
This is empirically untrue. It is still trivially possible to download and clone a blockchain, nothing currently prevents that from happening. It’s why there are more than 2,000 cryptocurrencies at the time of this writing and why there are dozens of forks of Bitcoin: blockchains did not make the concept of a digital asset possible. Digital assets existed prior to the creation of Bitcoin and attempting to build a DRM system to prevent unauthorized copies does not necessarily require a blockchain to do.
On p. 238 they write:
Yet, given the amssive, multitudinous, and hetergeneous state of the world’s content, with hundreds of millions of would-be creators spread all over the world and no way to organize themselves as a common interest, there’s likely a need for a permissionless, decentralized system in which the data can’t be restricted and manipulated by a centralized institution such as a recording studio.
Maybe, but who maintains the decentralized system? They don’t run themselves and are often quite expensive (as even the authors have mentioned multiple times). How does a decentralized system fix this issue? And don’t some artists already coordinate via different interest groups like the RIAA and MPAA?
On p. 240 they discuss Mediachain’s acquisition by Spotify:
On the other hand, this could result in a private company taking a technology that could have been used publicly, broadly for the general good, and hiding it, along with its innovative ideas for tokens and other solutions, behind a for-profit wall. Let’s hope it’s not the latter.
This chapter would have been a bit more interesting if the authors weren’t as heavy handed and opinionated about how economic activities (like M&A) should or should not occur. To improve their argument, they could include links or citations for why this type of acquisition has historically harmed the general public.
On p. 243 they write:
Bitcoin, with its new model of decentralized governance for the digital economy, did not spring out of nowhere, either. Some of the elements – cryptography, for instance – are thousands of years old. Others, like the idea of electronic money, are decades old. And, as should be evident in Bitcoin’s block-size debate, Bitcoin is still very much a work in progress.
This statement is strange because it is inconsistent with what they wrote on p. 162 regarding permissioned chains: “… cherry-picked the features of Nakamoto’s invention that are least threatening to the players in the banking system, such as its cryptographic integrity…”
In this section they are saying that the ideas are old, but in the passage above in chapter 6, they make it sound like it was all from Nakamoto. The authors should edit it to be one way or the other.
Also, Bitcoin’s governance now basically consists of off-chain shouting matches on social media. Massive influence and lobbying campaigns on reddit and Twitter is effectively how the UASF / no2x movement took control of the direction of the BIP process last year.
On p. 245 they write:
That can be found in the individual freedom principles that guide the best elements of Europe’s new General Data Protection Regulation, or GDPR.
All blockchains that involve cross-jurisdictional movement of data will likely face challenges regarding compliance with data privacy laws such as GDPR. Michele Finck published a relevant paper on this topic a year ago.
On p. 247 they write about if you need to use a blockchain:
Since a community must spend significant resources to prove transactions on a blockchain, that type of record-keeping system is most valuable when a high degree of mutual mistrust means that managing agreements comes at a prohibitively high price. (That price can be measured in various ways: in fees paid to middlemen, for instance, in the time it takes to reconcile and settle transactions, or in the fact that it’s impossible to conduct certain business processes, such as sharing information across a supply chain.) When a bank won’t issue a mortgage to a perfectly legitimate and creditworthy homeowner, except at some usurious rate, because it doesn’t trust the registry of deeds and liens, we can argue that the price of trust is too high and that a blockchain might be a good solution.
Not all blockchains utilize proof-of-work as an anti-Sybil attack mechanism, so it cannot be said that “a community must spend significant resources”.
In the next edition it would be interesting to see a cost / benefit analysis for when someone should use a blockchain as it relates the mortgage use case they describe above.
On p. 248 they talk about voting:
Every centralized system should be open for evaluation – even those of government and the political process. Already, startups such as Procivis are working on e-voting systems that would hand the business of vote-counting to a blockchain-based backend. And some adventurous governments are open to the idea. By piloting a shareholder voting program on top of Nasdaq’s Linq blockchain service, Estonia is leading the way. The idea is that the blockchain, by ensuring that no vote can be double-counted – just as no bitcoin can be double-spent – could for the first time enable reliable mobile voting via smartphones. Arguably it would both reduce discrimination against those who can’t make it to the ballot box on time and create a more transparent, accountable electoral system that can be independently audited and which engenders the public’s trust.
A month ago Alex Tapscott made a similar argument.
He managed to temporarily unite some of the warring blockchain tribes because he penned a NYT op-ed about how the future is online voting… powered by blockchains. Below is a short selection of some Twitter threads:
Arvind Narayanan, a CS professor at Princeton said this is a bad idea
Angela Walch, a law professor at St. Mary’s said this is a bad idea
Philip Daian, a grad student at Cornell said this is a bad idea.
Luis Saiz, a security researcher at BBVA said this is a bad idea
Joseph Hall, the Chief Technologist at the Center for Democracy & Technology said this a bad idea
Preston Byrne, a transatlantic attorney and father of marmotology said this is a bad idea
Matt Blaze, a CS professor at UPenn, said this is a bad idea
NBC Newscovered the reaction to Tapscott’s op-ed. Suffice to say, the next edition should either remove this proposal or provide more citations and references detailing why this is a good idea.
Throughout this chapter projects like BitNation and the Economic Space Agency are used as examples of projects that are “doing something” — but none of these have gotten much traction likely because it’s doing-something-theater.
On p. 252 – 255 they uncritically mention various special interest groups that are attempting to influence decision makers via lobbying. It would be good to see some balance added to this section because many of the vocal promoters at lobbying organizations do not disclose their vested interests (e.g., coin positions).
On p. 255 they talk about “Crypto Valley” in Switzerland:
One reason they’ve done so is because Swiss law makes it easier to set up the foundations needed to launch coin offerings and issue digital tokens.
MME – the Swiss law firm that arguably popularized the approach described in this section – set up more than a dozen of these foundations (Stiftung) before stopping. And its creator, Luke Mueller, now says that:
“The Swiss foundation actually is a very old, inflexible, stupid model,” he said. “The foundation is not designed for operations.”
Could be worth updating this section to reflect what happened over the past year with lawsuits as well.
On p. 255 they write:
The next question is: what will it take for U.S. policymakers to worry that America’s financial and IT hubs are losing out to these foreign competitors in this vital new field.
This is FOMO. The authors should tabulate all of the companies that have left the US – or claim to leave – and look at how many jobs they actually set up overseas because of these laws. Based on many anecdotes it appears what happens in practice is that a company will register or hold an ICO overseas in say, Singapore or Panama, but then open up a development arm in San Francisco and New York. They effectively practice regulatory arbitrage whereby they bypass securities laws in one country (e.g., the US) and then turn around and remit the proceeds to the same country (the US).
On p. 263 they conclude the chapter with:
No state or corporation can put bricks around the Bitcoin blockchain or whitewash its record. They can’t shut down the truth machine, which is exactly why it’s a valuable place to record the voices of human experience, whether it’s our love poems or our cries for help. This, at its core, is why the blockchain matters.
Their description basically anthropromorphizes a data structure. It also comes across as polemical as well as favoritism towards one specific chain, Bitcoin. Furthermore, as discussed throughout this review, there are clear special interest groups – including VC-backed Bitcoin companies — that have successfully pushes Bitcoin and other cyrptocurrencies – into roadmaps that benefit their organizations.
Like their previous book (AoC), The Truth Machine touches on many topics but only superficially. It makes a lot of broad sweeping claims but curious readers – even after looking at the references – are left wanting specifics: how to get from point A to point B.
There also seems to be an anti-private enterprise streak within the book wherein the authors condescendingly talk down efforts to build chains that are not anarchic. That becomes tiring because – as discussed on this blog many times – it is not a “us versus them” proposition. Both types of blockchains can and do exist because they are built around different expectations, requirements, and operating environments.
In terms of one-sided narratives: they also did not reach out to several of the people they villify, such as both myself and Preston Byrne as well as coin proponents such as Roger Ver and Jihan Wu. The next edition should rectify this by either dropping the passages cited above, or in which the authors reach out to get an on-the-record comment from.
Lastly, while some churn is expect, many of the phrases throughout the book did not age well because it relied on price bubbles and legal interpretations that went a different direction (e.g., SAFTs are no longer popular). If you are still looking for other books to read on the topic, here are several other reviews.
Ironically in his most recent op-ed published today, he asks people to “quit this ugly obsession with price.” There are at least 3-4 instances of the co-authors using price as a metric for “strength” in this book. [↩]
Ryan Zurrer, second-in-command at Polychain, was recently fired from Polychain amid weak performance this year. [↩]
The whole public sale thing is problematic from a MSB perspective. The colorability of the position taken by Cooley in that section was questionable at the time and possibly indefensible now. [↩]
Mike wrote the first line of code for Corda over three years ago. [↩]
The initial conversation with Bob took place in San Francisco during Coin Summit. Bob later became a key person at Chainalysis. [↩]
According to Preston:
Eris, now Monax, was the first company to look at the combination of cryptographic primitives that make up Bitcoin and attempt to use them to make business processes more efficient. In shorthand, the company invented “blockchains without coins” or “permissioned blockchains.”
Bitcoin’s dysfunctional governance wasn’t a “godsend” for our business, as we weren’t competing with Bitcoin. Rather we were trying to dramatically expand the usecases for database software that had peer to peer networking and elliptic curve cryptography at its core, in recognition of the fact that business counterparties reconcile shared data extremely inefficiently and their information security could benefit from a little more cryptography.
In exchange for our efforts, Bitcoiners of all shapes and sizes heaped scorn on the idea that any successor technology could utilize their technology’s components more efficiently. We responded with pictures of marmots to defuse some of the really quite vitriolic attacks on our company and because I like marmots; these little critters became the company’s mascot through that process.
Subsequent developments vindicated my approach. Cryptographically-secure digital cash being trialled by Circle, Gemini, and Paxos utilizes permissioning, a concept that Circle’s Jeremy Allaire said was impossible in 2015 – “they’re not possible separately” – and I predict that as those USD coins seek to add throughput capacity and functionality they will migrate off of the Ethereum chain and onto their own public, permissioned chains which are direct conceptual descendants of Eris’ work.
They will compete with Bitcoin in some respects, much as a AAA-rated bond or USD compete with Bitcoin now, but they will not compete with Bitcoin in others, as they will cater to different users who don’t use Bitcoin today and are unlikely to use it in the future.
Ultimately, whether Eris’ original vision was right is a question of how many permissioned chains there are, operating as secure open financial services APIs as Circle and Gemini are using them now. I predict there will be rather a lot of those in production sooner rather than later. [↩]
Oddly the authors of the book do not name “Corda” in this book… they use the phrase: “R3’s distributed ledger” instead. [↩]
At the time of this writing there are: 5 incubated “Frameworks” and 6 incubated “Tools.” [↩]
Antonopolous recently gave a talk in Seattle where he promoted the usage of cryptocurrencies to exit the banking system. Again, a user cannot use a cryptocurrency without absorbing the exposure and risks attached to the underlying coins of those anarchic networks. [↩]
The past 6 months have seen an evolution of insanity to sanity. Just kidding!
One observation I have seen is that a few of the most vocal coin promoters have finally sat down and spoken with policy makers. Or rather, they finally started attending events in which policy makers, regulators, and decision makers at institutions speak at.
For those of us who have been attending and participating in regulatory-focused events for several years, the general messaging hasn’t changed that much: laws and regulations around financial market infrastructure and financial instruments exist for legitimately good reasons (e.g., systemic risks can be existential to society).
What has changed is that there are a few new faces from the coin world — most of which have previously pretended or perhaps did not even know that there is parallel world that can be engaged with.
It is still too early to see whether or not this governance education will be helpful in moderating their coin-focused excitement on social media but it seems to be the case that regulators and policy makers are still further ahead in their understanding of the coin world than vice versa. Maybe next year coin issuers and promoters will finally dive into the PFMIs which have been around since 2012.
Below are some of the activities I was involved and participated in.
[Note: the 10th anniversary of the Bitcoin whitepaper is this month. Below is a detailed interview with one of the first individuals to have interacted with Satoshi both in public and private: Ray Dillinger.
All of the written responses are directly from Ray with no contributions from others.]
Q1: Tell us about yourself, what is your background?
A1: I am originally from Kansas. At about the same time I entered high school I became interested in computers as a hobbyist, although hobby computers were still mostly useless at that time. I got involved in early BBS systems when DOS hadn’t been released yet, modems were acoustically coupled and ran at 300 bits per second or slower, and software was stored mostly either on notebook paper or cassette tapes.
The early interest in computers is part of my lifelong tendency to become deeply involved in technology and ideas that are sufficiently interesting. This has led me to develop interests, obsessions, and expertise in a huge variety of things most of which the public does not discover reasons to care about until much later.
I graduated from KU with a degree in Computer Science in December of 1995 after spending far too long alternating between semesters of attending classes and semesters of working to pay for classes.
After graduation I moved to the San Francisco Bay area. I worked for several AI startups in the next seven years and hold a couple of patents in natural-language applications from that work. After that, I worked the night shift for FedEx for some years while doing occasional security consulting gigs during daytime hours. I am currently doing AI algorithm research and implementation (and some cryptographic protocol/document design) at a FinTech startup. I work on General AI projects on my own time.
I am somewhat pessimistic by nature and tend to assume until given reason to believe otherwise that anyone trying to sell me something or convince me of something is a scammer. I know that’s irrational, but knowing doesn’t make the belief stop. I have an abiding hatred of scammers and find them viscerally disgusting.
I consider making noise to be rude, avoid crowds and public appearances, and distrust anyone speaking faster than they can think. Although I write a great deal, I rarely speak and strongly dislike talking on the phone.
In spite of my peculiar interests and asocial tendencies, I somehow managed to get married to a wonderful woman who tolerates an unbelievable degree of geekdom in an unbelievable variety of subjects, ranging from mild interest to full-on mad scientist levels in scope. I am tremendously thankful to have her in my life, and to whatever degree
I might be considered social, she deserves most of the credit.
I became marginally involved with Bitcoin in its early development because cryptocurrency, and the application of block chains to cryptocurrency in particular, are interesting. I ceased to be involved in Bitcoin when the next steps would necessarily involve salesmanship, frequent talking, and social interaction, because those things are not interesting.
Q2: Perry Metzger created the now infamous Cryptography mailing list years ago. When did you join and what made you interested in cryptography?
A2: I joined so many years ago it’s hard to remember. It was pretty much as soon as I became aware of the list, but I’m sure it was more than fifteen years ago. It may have been late 2001 or early 2002.
I think I may even have been one of the first twenty or thirty posters on that list – it was still very young.
I remember being vaguely annoyed that it hadn’t been available when I was actually still in college and doing a crypto project in a grad-level networking course – I’d been a member of the even-earlier ‘cypherpunks’ list back when I was in school, but its strident political ideologues (including a guy named Hal Finney, whom you’ve probably heard of)
annoyed me, even back then.
‘cypherpunks’ was where I became aware of and started corresponding with Hal. Although, way back then, I think we were both mostly annoying to each other. And possibly to others as well. Hal had been stridently political all the way from those days (and probably before) to the day he died, and in retrospect, I think I really needed some ‘remedial human-being lessons’ and some wider education at the time. I’ve learned a lot since then – and perspective outside the narrow specialties we studied in school really does matter.
Q3: There were a lot of other non-cryptocurrency related discussions taking place simultaneously in November 2008 and many of the frequent posters didn’t comment on Bitcoin when it was first announced. What interested you in it? How involved would you say you were with providing coding suggestions prior to the genesis block that following January?
A3: I was interested in it for several reasons. First, Bitcoin was a digital cash protocol, and digital cash protocols have some significant challenges to overcome, and I’d been interested in them for a long time already. I’d even designed a couple by then. The first I designed was unsound. The second, which is the only one worth talking about, which I’ll talk more about below.
Second, Bitcoin used a central proof chain (which we now call a block chain) as means of securing the history of each note, and I had known for a long time that any successful digital cash protocol had to use proof chains in some form or it couldn’t circulate (couldn’t be spent onward by someone who’d been paid in it). And I was very, very much interested in proof chains, especially for a digital cash protocol. I had already used proof chains (very differently) for a digital cash protocol when I extended Chaum’s e-cash protocol in 1995.
(see Digression #1 below to understand the differences between my protocol and Satoshi’s, and their effect on protocol design.)
Third, Satoshi eventually convinced me that he wasn’t a scammer. I’m sort of a natural pessimist at heart, and digital cash protocols have a long history of scammers, so at first I had assumed the worst. I think a lot of others also assumed the worst, which would be why few of them responded. I made my first couple of replies without even having read it yet, to see how he responded before I wasted mental effort on something that would probably turn out to be a scam.
When I finally bothered to actually read the white paper, and spent the mental effort to understand it, I realized that (A) it wasn’t the usual incompetent bullshit we’d seen in far too many earlier digital-cash proposals, and (B) Its structure really and truly contained no Trusted Roles – meaning the opportunity to scam people was NOT built into the structure of it the way it had been with e-gold, e-cash, etc.
Fourth, and absolutely the clincher for me; it was very very INTERESTING! It was an entirely new paradigm for a digital cash protocol, and had no Trusted Roles! Nobody had EVER come up with a digital cash protocol having no Trusted Roles before!
Of course it wasn’t a “serious” proposal, I thought. It wouldn’t work for any kind of widespread adoption (I thought at the time) because of course people would conclude that spent hashes which absolutely couldn’t be redeemed for the electricity or computer power that had been used to create them were valueless. And it would never scale beyond small communities or specialized applications of course because of its completely stupid bandwidth requirements.
But it was INTERESTING!
I could never have come up with Bitcoin because of the tremendous bandwidth. Without Satoshi’s proposal, the idea of transmitting every transaction to every user would just have bounced off my mind as inconceivable. Hell, I didn’t even understand it the first couple of times through the white paper because I was looking for ANY WAY AT ALL to parse those sentences and ‘transmitting every transaction to every user wasn’t even a POSSIBLE parse for me until Satoshi explicitly told me yes, that really was what he meant.
When I finally understood, I started doing math to prove to him that it was impossible, tried to relate bandwidth to rate of adoption and got a largest possible answer that’s only about one-eighth of today’s number of nodes. I was assuming transaction volume proportional to userbase, which would be at least three times the transactions that today’s blocksize-limited block chain handles, and looking at a version of the protocol which doubled it by transmitting every transaction twice. So,GIGO, I was wrong – but for good reasons and in the correct order of magnitude anyway.
But that was a couple orders of magnitude larger than the highest answer I had expected to get! And that meant Satoshi’s idea actually seemed…. surprisingly plausible, if people really didn’t care about bandwidth.
The fact that bandwidth seemed to be available enough for the proposal to be technically plausible was sort of mind-boggling. So was the idea that so many people did not care, at all, about bandwidth costs.
(See digression #2 to understand why it was hard for me to accept that
people now consider bandwidth to be valueless.)
Anyway, problems aside, it was INTERESTING! If the proof-of-concept actually sort-of worked at least on scales like for a campus or community merchandise token or something it would extend our understanding of protocol design!
What I had done back in 1995 had been INTERESTING for a different reason. At that time nobody had ever come up with a digital cash protocol that allowed people who’d been paid digital coins to respend them if they wanted instead of taking them right back to the issuer. Of course it wouldn’t work for general adoption because of its own problems, but it had extended our understanding of protocol design back then, so back then that had been INTERESTING!
And before that, Chaum had demonstrated a digital cash protocol that worked at all, and at the time that was INTERESTING!
And in between a whole bunch of people had demonstrated ways to cooperate with bankers etc to have different kinds of access to your checking account or whatever. Some of those had had privacy features v. the other users, which were also INTERESTING!
And so on. I was very much looking at things that improved our understanding of digital cash protocols, and had no idea that Bitcoin was intended for widespread release.
Anyway, Satoshi and I talked offlist about the problems, and possible solutions, and use of proof chains for digital cash, and my old protocol, and several previous types of digital cash, and finally he sent me the proof chain code for review.
And the proof chain code was solid, but I freaked out when I saw that it used a Floating Point type rather than an Integer type for any kind of accounting. Accounting requirements vs. floating point types have a long and horrible history.
The worst that could happen from a rounding error, as long as everybody gets the *SAME* rounding error, is that the miner (whose output is unspecified in the block and defined as “the rest of the TxIn values input”) gets a few satoshis more or less than if the rounding error hadn’t happened, and no satoshis would be created or destroyed.
But if people on different clients get *DIFFERENT* rounding errors, because of different representation or differently implemented operations, the chain forks. And That Would Be Bad.
It was when we started talking about floating-point types in accounting code that I learned Hal was involved in the effort. Hal was reviewing the transaction scripting language, and both the code he had, and the code I had, interacted with the accounting code. So Satoshi brought him in for the discussion on floating point, and both of us reviewed the accounting code. Hal had a lot of experience doing exact math in floating point formats – some of his crypto code in PGP even used float types for binary operations. So he wasn’t as freaked-out about long doubles for money as I was. We talked a lot about how much divisibility Bitcoins ought to have; whether to make ‘Satoshis’ an order of magnitude bigger just to have three more bits of cushion against rounding errors, or keep them near the limit of precision at 10e-8 bitcoins in order to assure that rounding errors would always fail. Failing, immediately, detectably, and hard, at the slightest error, is key to writing reliable software.
So I went over the accounting code with a fine-toothed comb looking for possible rounding errors. And I didn’t find any.
Which is more than a little bit astonishing. Numeric-methods errors are so ubiquitous nobody even notices them. Inevitably someone multiplies and divides in the wrong order, or combines floats at different magnitudes causing rounding, or divides by something too small, or makes equality comparisons on real numbers that are only equal 65535 times out of 65536, or does too many operations between sequence points so that they can be optimized differently in different builds, or uses a compiler setting that allows it to do operations in a different sequence, or checks for an overflow/rounding in a way that the compiler ignores because it can prove algebraically that it’s “dead code” because it will never be activated except in case of undefined behavior (like eg, the roundoff or overflow that someone is checking for)! Or SOMETHING. I mean, in most environments you absolutely have to FIGHT both your language semantics and your compiler to make code without rounding errors.
Clearly I hadn’t been the first pessimistic screaming hair-triggered paranoid aware of those issues to go over that accounting code; I could not find a single methods error. The ‘satoshi’ unit which is the smallest unit of accounting, is selected right above the bit precision that can be handled with NO rounding in the double float format, and every last operation as far as I could find was implemented in ways that admit no rounding of any bits that would affect a unit as large as a satoshi.
To cause rounding of satoshis in the Bitcoin code, someone would have to be adding or subtracting more than 21 million Bitcoins (I think it’s actually 26 million, in fact…). So, the Bitcoin chain is, I believe, rounding-free and will continue to check regardless of whether clients use any higher floating point precision.
For comparison Doge, which has so many coins in circulation that amounts larger than 26 million Doge are actually transacted, has rounding errors recorded in its block chain. If a new client ever uses a higher-precision float format, their old chain won’t check on that client. Which would be seen as a bug in the new client, and “corrected” there (by deliberately crippling its accuracy when checking old blocks). In fact it’s a bug in the Doge coin design which will never be fixed because they’ve already committed too much to it.
Integers. Even with code that is meticulously maintained and tested for consistency, even where methods errors have been boiled out by somebody’s maniacal obsessive dedication, Integers would have been so much cleaner and easier to check.
Why I was VERY interested in proof chains and digital cash protocols.
When I extended Chaum’s protocol in 1995, I had used proof chains attached to each ‘coin’, which grew longer by one ‘link’ (nowadays we say ‘block’) every time the coin changed hands. That allowed coins to circulate offline because all the information you needed to make another transaction was in the chains attached to the individual coins. In order to make it possible to catch double spenders, the ‘links’ contained secret splits which, if two or more contradictory links were combined, would reveal the identity of the spender.
So, it could circulate offline and make transfers between users who weren’t even connected to the Internet. It didn’t have the ferocious bandwidth expense and even more ferocious proof-of-work expense of Bitcoin. Double spenders couldn’t be caught until the differently-spent copies of a coin were compared, potentially after going through several more hands which meant you had to have some kind of resolution process. And a resolution process meant you absolutely had to have a Trusted Certificate Authority with a database that could link UserIDs to RealWorld IDs in order to figure out who the RealWorld crook was.
Buyer and seller had to have valid UserIDs issued by the Trusted CA, which were known to each other even if to no one else. And although not even The Trusted CA could link UserIDs and transactions except in case of a double spend, the parties to each transaction definitely could. Either party could later show and cryptographically prove the details of the transaction including the counterparty’s UserID, so your transactions were “Private”, not “Secret”. Finally, the ‘coins’ were non-divisible meaning you had to have exact change.
It was, at best, clunky compared to Bitcoin, and not being able to identify double spends until unspecified-time-later would probably be a deal-killer for acceptance. But it also had some advantages: It didn’t create a central permanent ledger that everybody can datamine later the way Bitcoin does, so Trusted CA or not it might actually have been better privacy in practice. It was completely scalable because no transaction needed bandwidth between anybody except buyer and seller. And it had no proof-of-work expense. But it needed a God-Damned Trusted Certificate Authority built directly into the design, so that CA’s database was open to various kinds of abuse.
I had no comprehension of modern attitudes toward bandwidth costs.
I mean, I knew it had gotten cheap, but it was still taking me hours, for example, to download a complete Linux distribution. I figured other people noticed big delays like that too, and wide adoption of Bitcoin would mean slowing down EVERYTHING else they (full nodes anyway) did. I just hadn’t understood that – and still have trouble with – the idea that by 2008, nobody even cared about bandwidth any more.
I got my first computer, because at that time privately owned computers were INTERESTING! So I had to, even though they were also mostly useless. (See a pattern here?)
But at that time, computers were not communications devices. At All. If you hadn’t invested in something called a “LAN”, which anyway could only work inside one building, probably cost more than the building itself, and was useless unless you’d also invested in multiple computers, you moved data back and forth between your machines and your friends’ machines using cassette tapes. Or, if and your friend were both rich enough to buy drives, or had been lucky enough dumpster diving to get drives you could repair, and had access to the very expensive media through some kind of industrial or business supply place, you might have done it using floppy disks. Which held eighty kilobytes.
I got my first modem a few years later, and modems at the time were flaky hardware only BARELY supported by single-tasking systems that had never been designed to handle any signal arriving anywhere at a time they did not choose. If your computer didn’t respond fast enough to interrupts, a modem could crash it. If you were running anything that didn’t suspend and resume its business correctly (and most things didn’t because they’d never had to before) or anything that was coded to use the same interrupt, the modem would crash it. If the software on your end ever started taking too long to execute per input character, the modem would fill up the short hardware buffer faster than your software could empty it, and crash it. If you transmitted characters faster than the software running on the remote system could handle them, you’d crash the remote system. There were no error correcting protocols because none of us had the compute power to run them fast enough to avoid a crash at the speeds the modems ran.
And that modem couldn’t transmit or receive characters even as fast as I could type. Sometimes you could crash the remote system just by accidentally typing too fast for a minute or two.
Computer security wasn’t a thing. Pretty much anybody you allowed to connect could at least crash your system and probably steal anything on your computer or delete everything on your computer if they really wanted to. The host programs weren’t *intended* to allow that, but something as simple as transmitting an unexpected EOT signal could often crash them – sometimes crashing the whole machine, sometimes leaving the caller at the all-powerful command-line prompt. Stuff like that happened all the time, just by accident! So people were understandably reluctant to let strangers connect to their systems.
There was one place in my whole state that I could call with it where I found people who’d leave a modem running on their machine despite the risk of crashes, and would allow a stranger on their system. That sysop, in an act of sheer grace that he didn’t have to extend and which nobody was paying him for, allowed me to connect to it. There were no such things as commercial providers; they could not exist until at least some system security actually worked.
There was barely even any commercial software: Every machine came with its own BIOS and Operating System, and the ONLY way to distribute a program that would run on more than a tiny fraction of systems was to distribute it as source code which people could tweak and fix and adapt in order to get it running, and commercial vendors didn’t want to distribute any source code.
So our software was all shared. It came from fellow hobbyists, and unless we were physically in the same room to exchange media (and had the ability to read and write media compatible with the other’s systems), we could not share it without using bandwidth.
Long distance calls were over a dollar a minute, modems ran at 160 or 300 bits per second, and I could have burned through my entire monthly paper route income in under three hours.
Finally, every second I was connected to that remote system, that phone line was busy and everybody else couldn’t use it. And the other users needed it for reasons FAR more important than I did. They were military veterans, some of them profoundly not okay after Viet Nam, using it as sort of a hobby-mediated support group, and I was a fifteen-year-old kid hobbyist with a paper route. Hobby in common or not, I had no illusions about the relative value of our access. So I tried to be a good guest; I took my turns as fast as possible, at times least likely to conflict as possible, using as many pre-recorded scripts (played off a cassette tape deck!) as possible to waste absolutely no time, and got off. I didn’t want to keep anybody out of something which was that important to them.
That’s the way things were when I started learning about the value of bandwidth.
No matter how much bandwidth I’ve got now, no matter how cheap it becomes, I’m still aware of it and it’s still important to me to not waste it. I’ve sweated every byte every time I’ve designed a protocol.
And that’s why – to me anyway – universal distribution of a globally writable block chain is still amazing. Just the fact that it’s now POSSIBLE seems incredible.
Q4: When Satoshi released the white paper, you had many public exchanges with her on that mailing list. For instance, you asked her about inflation and Satoshi seemed to think that there could be some price stability if the number of people using it increased at the same level as the supply of bitcoins increased. But, relative to the USD, there has never really been much price stability in its history to date. Is there a way to re-engineer Bitcoin and/or future cryptocurrencies to do so without having to rely on external price feeds or trusted third parties?
A4: Whoof… that’s a hard question. “Is not Gross Matter Interchangeable with Light?” was considered impossible until Einstein figured it out. And the people who’d been asking that question didn’t even recognize or care about Einstein’s answer because his answer wasn’t about bodies and souls and the afterlife. If the answer is ‘yes’ but the re-engineering involved changes the fundamental qualities that make you (or anybody) value cryptocurrencies, then is the answer really yes?
Satoshi tried to do it by anticipating the adoption curve. We know how that turned out.
I think it’s fundamentally impossible to plot an adoption curve before launch. I mean, I was the pessimist who assumed that there’d be a small group, formed early, that wasn’t going to be growing at all as these additional millions of coins pumped into that campus or that community economy. So I figured, some initial value and rapid inflation thereafter.
Satoshi was far less pessimistic in figuring a widespread and fairly gradual adoption, and had picked the logarithmic plot to put coins into the economy at about the rate envisioned for adoption, assuming Bitcoin would follow a logarithmic adoption curve. It wasn’t a bad guess, as it’s a decent approximation to the Bass Diffusion Model, but the
parameters of the curve were completely unknown, and the Bass curve often appears after something’s been around a long time – not just when it’s launched.
Most importantly, nobody anticipated Bitcoin’s primary use as being a vehicle of financial speculation. The Bass Diffusion Model isn’t applicable to speculative commodities, because price changes in speculative commodities are responsive to PREVIOUS price changes in the speculative commodity. That makes them nonlinear and chaotic.
And that, I think, is what it comes down to. If people will be using something as a vehicle of speculation, then its price point is chaotic and defies all attempts to stabilize it by predicting and compensating for it. So I think we need to abandon that notion.
You’ve already ruled out the idea of external price feeds and trusted third parties, because those would change the fundamental qualities that make you value cryptocurrencies.
That leaves internal price feeds: If a cryptocurrency is used as a medium of exchange in other fungible assets, and those exchanges are recorded in its own block chain, then exchanges of crypto for dollars and exchanges of crypto for, eg, gold bars are visible in the block chain and could at least in theory be used to detect economic conditions and adjust the rate of issue of cryptocoins.
But the fly in that ointment is, again, the fact that the crypto is being used as a speculative asset. People can read the block chain before the changes are made, anticipate what changes the code is about to make, and will front-run them. Or, operating as “Sybil and her Sisters”, make a thousand completely bogus transactions in order to fool the software into doing something crazy. Either way reintroducing positive feedback via market manipulation.
Most schemes aimed at stabilizing the value of a coin via any automatic means assume that the price can be changed by changing the rate of issue. But the more coins are in circulation, the less possible it becomes for changes in the rate of issue to shift the price, meaning it devolves back to the first case of nonlinear and chaotic feedback. IOW, the new coins being added represent a much smaller fraction of the available supply, and withholding them will affect almost no one except miners.
Honestly I’m very surprised Tethercoin isn’t dead yet. What they propose, economically speaking, simply will not work. They got themselves somehow declared to be the only way to get money OUT of a major wallet, which props up their transaction volume, but if the people haven’t already walked away with most of the money they’re supposedly holding but won’t say where, then I’m very surprised.
Q5: About a year ago you wrote a highly-commented upon, passionate retrospection published on LinkedIn. You called out a lot of the nonsense going on then, is there anything that has been on your mind since then that you wanted to expand upon?
A5: Um. Artificial Intelligence, Financial Markets, Human Brains and how they are organized, the nature, origins and mechanisms of consciousness and emotion, a generalization of neuroevolution algorithms intended to scale to recurrent networks of much greater complexity than now possible, scope of political corruption and the politics of divisiveness, gene migration and expression, the way cells control and regulate mutation in different kinds of tissues, directed apoptosis via a multiplicity of P53 genes as a preventive for cancer (happens naturally in elephants; easy to do with CRISPR; engineered humans would probably be radiation-resistant enough for lifetimes in space, or just plain longer-lived, or both), history of the Balkans, history of the Roman Empire, ancient religions, writing a science fiction novel ….
You know, things that are INTERESTING! I actually _can’t_ turn my brain off. It’s a problem sometimes.
I have had a few thoughts about cryptocurrencies, however, which is probably what you intended to ask about.
I have figured out how to redesign the cryptographically secured history database built by cryptocurrencies so that you don’t need any full nodes. There are other ways to organize the blocks that give the proof property you need; They don’t have to form something that’s only a chain, and you don’t have to have specialized nodes for the purpose of holding them because everybody can hold just the blocks they need to show the validity of their own txOuts.
In order to verify the validity of any txOut, you need three things: to see the block where it was created, to be sure that block is part of the same database as that proposed for the transaction, and to be sure that no block exists between those two in which that txOut was spent in another transaction.
Call it a “Block Hyperchain”, by reference to the N-dimensional hypercube it’s based on and the block chain it replaces.
I should be clear and say there are things it does and things it doesn’t do. If your goal is to check all transactions, you’ll download a scattering of blocks for each transaction that soon add up to most of the block database, so someone who wants to check every transaction will rapidly accumulate the whole database.
But most users should be happy with just the few blocks they need to demonstrate the validity of the txOuts they hold, and it’s damn nice to be able to download a client, open it up, and just use it with minimal delay because someone offered to pay you bitcoins one minute ago and you want to be able to make sure the transaction he’s offering is valid RIGHT NOW, instead of waiting to accumulate the whole chain to check anything.
Suppose we pick a base, for convenience, of 10. This helps make things easy to explain because we work with base-10 numbers, but we could have picked 16 and used hexadecimal for our explanations.
In a base-10 Block Hyperchain, every block that’s published has its own set of transactions, and the hashes of the blocks 10^N blocks ago for every integer value of N from N=0 to N <= log10 of block height.
Every block would record its own transactions, and also one list of destroyed txOuts per integer value N over the same range.
Each destroyed-txOut list would be all txOuts created in blocks whose block numbers match (modulo 10^N) the current block number, that have been destroyed in the last 10^N blocks.
If someone shows me a transaction seeking to spend a txOut, I want to check and see if it’s valid. Ie, I want to see the block where it was created, and see evidence that it hasn’t been spent since.
So I can look at that txOut’s ID and know it was created in block 124. If the current block is 7365, I get block 7365 and 7364 to make sure it hasn’t been spent in those, the same way we can do with a block chain.
Then I have a block whose last digit matches the last digit of the block where the txOut was created. So I start checking the 10-block txOut-destroyed lists. I check the list in block 7364 to make sure it wasn’t spent in blocks 7354 to 7363.
Then, jumping back by 10-block increments (relying on the second recorded hash in the header), I can check to make sure it hasn’t been spent in the previous ten blocks to each of blocks 7354, 7344, and 7334. Then I get block 7324.
Now I’m at a block whose last 2 digits match the block where the txOut was created, so I can start checking the previous hundred blocks using the second txOut-destroyed list, and jumping back by hundred-block increments using the third recorded hash. So I get blocks 7224 and 7124.
Finally, I’m at a block whose last 3 digits match the block where the txOut was created, so I can start jumping back by thousand-block increments, checking the thousand-block txOut-destroyed lists. So I get blocks 6124, 5124, 4124, 3124, 2124, 1124, and finally 124.
So finally, I have a txOut created over 7200 blocks previous to the current block, and I have downloaded a total of 15 blocks to make sure that it was created in the same Hyperchain and hasn’t been spent since.
The number of blocks downloaded is proportional to the log base 10 of the number of blocks in the chain.
The blocks I’ve downloaded are larger because of the spent-txOut lists, but the spent-txOut lists have an average length that is the same regardless of the span of blocks they cover. Lists that report transactions from a set 10x as long, only need to report individual transactions from that set 1/10 as often.
With more efficient access to the history database, it is possible to substantially raise transaction bandwidth. People who make transactions during the next 7 blocks or so would need to see that block; Later on, people who accept txOuts created during that block will need to see that block. And there’ll be about 49 blocks worth of txOuts, scattered through the earlier history, that someone eventually has to traverse this block to verify.
All this means you have drastically smaller bandwidth requirements (remember I obsess on bandwidth costs?) for the same transaction volume but larger data-at-rest requirements (for any weirdo who for whatever reason feels like they need to collect the WHOLE database in one place, and why would anybody do that?) by a factor of seven.
And I keep thinking I’m going to do it, because it’s INTERESTING! And I ought to do it, because it’s VALUABLE! But then I think about the current state of the cryptocurrency world and the quality of the people it would bring me into contact with and the ways people would try to scam with it and the number of people who’d find reasons to lie to me or about me, and then I get a sour stomach and go on to do something ELSE!
And feel vaguely guilty for not doing it, because it actually would be valuable.
It’s really hard for me to be motivated or enthusiastic about a cryptocurrency project, until the whole field is more full of people I’d be happy to interact and exchange ideas with and less full of …. um.
The words that come to mind really shouldn’t be printed. [This is fine meme] I don’t mind if people know I’m sort of upset with the conditions and business ethics out there, or even that being so upset is literally preventing me from doing something useful. But I’d rather not have it expressed in terms that are an incitement to violence.
Anyway, moving on; In order to mine, someone would have to be able to see seven of the previous blocks; a different set of seven every time. But if I thought bandwidth was going to waste, that doesn’t even START to address the costs of hashing! Deploying something that saves bandwidth without also figuring out a way to save hashing would fail to address a critical point.
So, I’ve had a bunch of thoughts about mining. Most of which aren’t as interesting or valuable as the thought about how to organize the history database. In favor of mining, it’s good that someone is able to join the network permissionlessly, help secure it, get paid, and initially get coin into circulation going from “none” to “some”.
My thoughts for securing a chain without proof-of-work are something I suppose I ought to call “Proof-of-Total-Stake.”
Congratulations! This conversation with you got me to name it! I had been calling it “proof-of-activity” but I see that name has acquired a much more specific meaning than it had when I started calling this by it, and no longer fits.
I still need to figure out what to call my revised structure for the block history database though.
Proof-of-Total-Stake means measuring the priority of a fork by the total value of TxOuts that existed BEFORE the fork that have been spent AFTER the fork. In other words, the total stake: how much of EVERYBODY’s money the blocks formed after the fork represent. That is a well-founded mechanism for security that doesn’t involve trusted parties nor burning hashes. It’s the only one I’ve come up with. In the long run, unless somebody comes up with another fundamentally new idea, or accepts the idea at least of trusted block signers, that’s what I think a proper cryptocurrency would have to wind up with.
But there’s a problem with it.
Proof-of-Total-Stake, by itself, doesn’t provide an obvious way to determine who gets to form the next block – which can be a CRUCIALLY important security concern.
And Proof-of-Stake, including Proof-of-Total-stake, doesn’t handle the initial, permissionless, distribution of coins. They can’t go from “none” to “some.” They can only go from “some” to “some more.”
So I think it could only be deployed along with some kind of mining.
Q6: We first started interacting some four years ago when I was doing some research on dead cryptocurrencies, most of which were just direct clones or copies of Bitcoin. At the time you were doing the heavy lifting categorizing how they died in a BitcoinTalk thread. Today sites like Deadcoins.com have tried to do something similar. Even though loud advocates at events like to claim blockchains ” live immutably forever” empirically there are probably just as many dead blockchains than living blockchains. What do you think the top reason for why so many blockchains lose support to the point of death and do you think those reasons will change much in the future?
A6: By far the vast majority of those people were not doing anything INTERESTING! A lot of the honest ones discovered that it was a lot of work and had other commitments in life. A lot of the dishonest ones made their money and walked away leaving the suckers behind. A lot of people discovered that maintaining a codebase needed more programming chops than they actually possessed, and quietly withdrew from the field. A fair number ran into scammers and crooks whose utterly disgusting behavior left them convinced they wanted to do something else rather than meeting any more of those guys.
But the most important point? Hardly any of those coins was ever used in any transaction for an actual thing – not even an initial experiment like Laszlo’s Pizza.
Most of them were only ever mined by people who intended absolutely nothing beyond immediately converting them into Bitcoin, and only ever held by people who daily watched their value trying to guess the right time to sell them for Bitcoin.
It’s not so much that most of them *failed* – it’s more the case that the vast majority never even remotely began to *succeed*. There was no economic activity, meaning sales of merchandise or payment for work, that they facilitated. Put bluntly, they just didn’t do anything beyond providing a temporary and completely discardable medium for speculation and scamming. And, as surely as atomic decay, they got used, for that purpose only, and discarded.
Q7: Based on the original white paper, the intent of Bitcoin was to be an e-cash payment system which could be utilized without needing to disclose a real identity to an administrator. It seems that over time several different tribes have popped up, including those who market Bitcoin as a form of “e-gold.” What do you think of the visible fracture that has occurred between the various Bitcoin tribes? Does proof-of-work really act as a type of DRM for coin supply or do all the forks we have seen turn the advertised “digital scarcity” and “digital gold” into an oxymoron?
A7: That endless fight, starting with the block size fight, with everybody yelling and nobody listening, pretty much convinced me that the “community” which had grown around Bitcoin was in deep trouble.
The differences between the various proposed technical changes to the block chain, are far less important to the futures of those forks, than the integrity of the people who support and do business using them.
But the technical merits were never discussed by most. Instead, repetitive sound bites and slogans about them containing absolutely no new information were shouted. Integrity was seldom displayed either. Instead, the fight was carried forward almost exclusively by partisans who had already decided what was the only possible solution that they would accept, and in many cases using tactics that inspire an absolute refusal to support their interests, or even participate in the communities where they are found.
If someone hires a troll army to attack a community by astroturfing fake support for something, can you respect that person? If someone drives people who disagree away with personal abuse, is that a reasonable method for coming to an agreement about a protocol? Is it a valid form of technical reasoning to launch a sabotage against a block chain based consensus mechanism? What can you say about someone who buys existing accounts of users whom others trust in order to fake trusted support for their agenda? How about when it happens after those users whom others trust have been driven away or left in disgust? Is it a respectful negotiator interested in the insights of others in solving a problem, whose negotiating skills include locking the damn doors and refusing to let someone leave the room until they get his signature on an “agreement” that they wrote without his knowledge before he even got there?
Is someone who would participate in a fight, on those terms, someone whose agenda or business interests you really want to support? Hint: You already know that people who fake support for their agenda, or tell lies about other in order to discredit them, or who deliberately deceive others about the merits of their own proposal or others’ proposals, are doing business by means of fraud. Do you want to carry on until the fraud is financial and the victim is you?
These factions had no interest whatsoever in reaching a consensus. And nothing prevented each from implementing their idea and launching, with no hard feelings from anybody and no fight. The only thing they were really fighting over was the name “Bitcoin,” which was absolutely unrelated to the technical merit of any proposal. And, to a first approximation, the other merits of having the name is a thing that none of them even mentioned during the fight.
Technically speaking, there is not much wrong with any of these forks. They address certain problems in different ways slightly favoring the interests of different groups, but not seriously to anyone’s disadvantage. None of them was entirely without technical merit.
On the other hand none of them make more than a tiny amount of difference. None helped with the bandwidth or transaction volume by anything more than a small constant factor, so the problem they were supposedly about solving was not in fact solved, nor even very much affected.
So while none of the proposed changes were objectionable in themselves, there was really no *very* compelling reason for any of them to be implemented. Each of those ideas is merely a stopgap that pushes the rock down the road another foot or two without moving it out of the way. If you want to move that rock out of the road, you will need a much more powerful idea.
Q8: You’ve mentioned that limited supplies simply incentivizes hoarding which leads to low economic activity. You have proposed a type of “proof-of-activity” replacement. Can you expand more on either of these views?
A8: Suppose you have an economy that’s growing (more value is being created) but has a constant supply of coins.
In that case your coins represent, let’s say, one-millionth or so of the money that’s in circulation.
And, as the economy continues to grow, your coins will continue to represent one-millionth or so of the money that’s in circulation. But that will be one-millionth or so of a lot more actual wealth. In fact, your money, just sitting there in your wallet, is GUARANTEED to rise in value by the same fraction that the economy is growing by. In our terms, this would be exactly the market average, as though you were holding stocks invested in ALL the businesses in your economy in proportion according to their capitalization. This is what index funds and IRAs make, mostly, but it’s making it with no risk.
Now, if you offer any investor a risk-free investment that’s guaranteed to make the same return as the market average, that investor would be mad to pass it up. No investor is confident that she’ll beat the market average in any given year. That’s why they call it “AVERAGE!” And volatility – variance in return – is an unqualified bad thing because it will always take an 11% gain to make up for a 10% loss. That money sitting right there in her wallet is the best investment she could possibly make. There might be things that would make as much or more money, but all of them involve risk out of proportion to their marginal return. Let other investors do that; they’re suckers and she’ll make the same money they do.
The problem with that is that the other investors are looking at the same question. And reaching the same conclusion. Why invest in companies doing anything productive, and expose yourself to risk, when you can make the same money just by holding your investment in your wallet?
And then who invests in the businesses that, if they were working, would actually create the value these people all intend to have some share in?
… (sound of crickets chirping) … Suckers.
Suckers who lose more often than they win, because it takes an 11% gain to recover a 10% loss. And the money the lose? Eventually trickles into the hands of the people who are hoarding it.
With no reason for investors to invest in business, the businesses eventually starve and the economy shrinks. And all those coins that represent one-millionth of the economy’s wealth start representing one-millionth of less and less actual value.
This is what happened to ancient Rome. They used metals (gold and silver and bronze) as currency, and their economy collapsed WHILE people had plenty enough money to keep it going! Everybody stashed all their coins expecting to benefit later from prospering businesses, and the businesses, for want of capital, did not prosper.
Then the death spiral started: everybody stashed their coins waiting for the economy to come back so the coins would be worth their “real” value, and the economy never came back. The coins were never worth their “real” value, until the people who remembered where the coins were buried had also been buried.
It’s a millennium-and-a-half later and we are STILL finding stashes of Roman coins! The people who could have gotten their economy moving again, if they had EVER supported a business, instead buried their money in sacks.
The government tried to get it moving again, or pretend for a while that it hadn’t collapsed, making coins with increasingly ridiculous adulterated alloys. But that didn’t change the underlying dynamic.
The Gold bugs of course have all told each other a different version of this story, where the adulterated coins were the cause of the collapse rather than the increasingly desperate attempt to recover from it. And it’s pointless to try to convince them otherwise; they believe they already know the only possible truth. But for those actually motivated to investigate, the chronology of the events is reasonably clear.
The next thing is about “Proof-of-Total-Stake”, which I guess is what I’m going to call this idea for securing the chain.
The fundamental idea behind Proof-of-Total-Stake is that the priority of any branch of a fork is the total amount of EVERYBODY’s money which that fork represents. That means, coins generated in that fork and pre-existing coins brought into the fork by transactions.
Coins generated in a fork are the coinbase transactions; Coins moved into the fork from earlier parts of the chain are TxOuts from earlier in the block chain that have been spent during the fork.
But we have to know which BRANCH of the fork they were spent into. ie, someone trying to create a fork should not be able to stick transactions from the valid branch of the chain into it, or they can match the txOut spending from earlier in the chain. This is the basic problem with most implementations of proof-of-stake, which some writers have called “nothing at stake.” Whatever resource you are using to secure the chain is meaningless when it can be used to secure *BOTH* forks of the chain.
In order to prevent the replay attack, each transaction would have to “stake” a recent block, making a commitment to supporting only forks which include that block. This adds a field to each transaction.
The new field would give the (hash) ID of a block, indicating that this particular transaction is not valid in any branch of the chain which does not include the staked block.
So, let’s say that two transactions “coffee” and “eggs” are made at the same time, after the chain forks at block 50. “Coffee” stakes block 48 and “eggs” stakes block 51A.
When “coffee” appears in block 51B, the total stake of fork B is increased by that amount; its weight counts toward that resolution of the fork.
Then “eggs” is added to block 52A, and can’t be placed in chain B because it staked a block doesn’t exist in chain B. Now “eggs” counts as stake in favor of the A branch and “coffee” counts as stake in favor of the B branch.
But then “coffee” appears in branch 53A, where it is also valid because the same block 48 is behind both branches. This cancels out its support for branch B, just by being equal – revealing that stake which can be used in favor of both chains counts for nothing.
Security happens because some finite resource (coins created before the branch point and spent in transactions that are staked after the branch point) is committed detectably and irrevocably to the support of one branch (by staking after the branch point), and cannot be used to support any other.
This is exactly what Bitcoin does with hashes: Hashes per second and number of seconds spent hashing are finite. Hashes are irrevocably used in support of one branch (because the hash preimage can never be made to match a different block). And the fact that they are used to support a particular branch is detectable.
Well, strictly speaking there’s only one “detectable” hash in each block. All we know about the others is, on average, how rare that one “detectable” one was and therefore, on average, how many they must have been.
But it’s still the same basic criteria. Some finite resource, committed detectably and irrevocably to the support of one branch, which cannot be used to support conflicting branches. And proof-of-total stake says that resource is the amount of EVERYBODY’s coins that branch represents.
With transactions supporting the basic security of the chain, and the idea behind coinbases being that they are payment for providing chain security, we want our “coinbases” to reward the people who make transactions that stake recent blocks.
PoTS is strong in the long run, or when the chain is seeing a high volume of legitimate transactions, but has its own problems.
Transactions in most cryptocurrencies are a very bursty use of something with long latent periods. Absent heavy transaction volume, you can’t really expect PoTS to definitively reject a branch in such a way that a crook couldn’t resurrect it with a very large spend. If the crook has more coins than the difference in total-stake between the two forks, the crook could resurrect the “dead” fork.
This is why the “interest” payments (actually per-transaction coinbases of a particular sort) when a transaction staking a recent block are made. To encourage a fairly constant stream of transactions that support one particular version of the chain up to a very recent block.
But the peril with that is that you want to structure it in such a way that you don’t incentivize people to overwhelm your bandwidth by transferring every coin they own from their left pocket to their right every block either. So the actual design would come down to some compromise between transaction fees, and interest payments on transactions staked in very recent blocks, where the breakevens represent the transaction volume you want.
And there are a couple of final things to address together. First, PoTS, while it has a workable rule for figuring out which branch of forks is preferred, is pretty silent about who gets to form blocks and how. Second, Interest on coins spent has the “nothing to something” problem where if you don’t have anything in the system to start with, you won’t have anything ever. These are both classic problem with PoTS coins. The final design has to include some additional kind of coin creation that doesn’t depend on previous holdings (even if it gets de-emphasized after a while) and some way to determine who forms the next block.
Q9: ICOs have been around in some form or fashion for about five years now. What’s your view on these fundraising schemes?
A9: The SEC is bouncing on them pretty hard, and as far as I can see it’s pretty much deserved. Everybody wants something they can freely trade on secondary markets, and sell on the basis of its future value, but they also want to lie about it by saying it isn’t a security.
It is a security. If a security is sold by a company to raise money, but does not represent a bond (a promise to buy it back) nor a stock (a share in future earnings) then an investor is getting nothing for her money – except maybe a receipt for having made a donation.
Another investor (a “real” investor who knows and understands a broad market, not a speculator who made a lot of money by a couple of strokes of sheer luck) will not buy it from them, at any price. Such a thing has only speculative value.
If something’s continued value depends on a company, but the company’s continued existence doesn’t depend on that thing having value, it would be an excellent thing to not buy.
And all of that, we can say without ever touching on ethics and business practices of the people who run them. But when we do touch on the people who run them, the story gets worse. Much worse. Much, much worse. In this most are following the path trod by Altcoins. And racking up a very similar ratio of efforts that fail, or which never even start to succeed.
Q10: You have alluded to tokenized securities in the LinkedIn article as well as our correspondence, what is your take on this topic? What are the advantages versus say, simply doing what Carta (formerly eShares) does?
A10: I would have to answer that admitting to some degree of ignorance about Carta. As I remember eShares, it was very much a top-down stock and option management tool, in that a private company with (non-traded) shares typically uses it to keep track of who owns what – actually issuing assets or recording changes in their status, making info about them available for the holders but mostly just to view online.
What it does not do, as I understand it, is directly enable the shareholders to trade those shares or options with each other. Nor does it handle securities involved with or created by more than one company at a time. It is a management interface, not a market.
I envision a block chain – sigh, now I have to come up with a name again. Phooey. I never care about naming anything, and then someone wants me to talk about one of my ideas and I have to come up with a name for it on the spot. Let’s go for the pun and call it the Stock Trading and Options CryptoAsset Keeper. I could come up with something even dumber, but for the sake of exposition, call it STOCK.
The idea is that STOCK would act both as a Transfer Agent (which Carta does) AND a market (which AFAIK Carta does not). A company could issue securities such as stocks and bonds directly on the STOCK block chain (“cryptoassets”) and the block chain could record trades in those issues against its native cryptocurrency. The benefit here is the clear record and history to keep track of all trades and the current disposition of all the different cryptoassets – the stocks, the bonds, and the “cash” used to trade in them, would all be on the chain.
As long as no off-chain assets like bushels of wheat or truckloads of sneakers need to be delivered, and dividends/prices/etc accruing to these instruments are paid out (or in) in the cryptocurrency, the block chain could then function directly as market, transfer agent, means of delivery, and payment channel. The task of converting the cryptocurrency to and from actual fiat, and the heavily regulated business of delivering the fiat currency, could be left to already-established cryptocurrency markets.
Trading in stocks/bonds/etc is highly regulated, and debts (NEGATIVE amounts) can crop up unexpectedly when companies go south or options traders go bust. Stuff gets into the RealWorld quickly when someone has to be found for debt payments, served process, and/or prosecuted for fraud, etc. So STOCK couldn’t be an “anonymous/permissionless” chain, at least not for regulated trades. Each person or entity authorized to actually make securities trades would have to have a vetted, verified ID as specified by KYC laws, and would have to sign each such transaction with a public/private key pair proving Identity.
From the point of view of investors, STOCK would be a very sluggish market – submit your trade, have a completely random execution window averaging ten minutes (or whatever) during which the price might change, then a whole block of transactions all fly past at once and everybody’s waiting for the next completely randomly-timed block. On the other hand, you don’t need an agent, or a broker, or a company transfer agent, or a registrar, or a clearance period, or ANY of those people who normally collect fees on every trade. You could actually have a market where the buyer and seller get the exact same price with no ‘float’ whatsoever. And you don’t have to worry about what time it is. NASDAQ closes at 5PM new york time, and then a whole bunch of “off-market,” “private,” and “over the counter” trades that nobody but the insiders can participate in or see happen. But STOCK would go on making blocks twenty-four hours a day seven days a week. Why should it ever stop?
The SEC would be all over it of course; they’d be sticking a microscope up the butts of everybody involved to make sure that there was absolutely no scamming the investors. Which is, after all, their job. And they’d require KYC compliance, and a whole lot of other regulatory compliance. But, y’know, that’s kind of how starting any _legitimate_ business in financial services works. No need to feel special or particularly victimized about that.
And the regulators would need some privileged keys that could be used to “seize” assets when a court orders them to, as part of a settlement for fraud or theft or something. And everything else. There’s a great irony that they’re interested in nobody having the opportunity to scam the investors, but they structurally require, just to be able to do their fundamental mission, builtins to the protocol that if misused would allow somebody to scam the investors.
But once satisfied and functioning within the law, I think they’d welcome STOCK as something that puts down a visible, provable, inalterable, unfakeable history of all trades.
Q11: Is there any cryptocurrency you think could become widely used outside of geeks, cypherpunks, and ideologues? If not, what would need to change and how? Has any popular coin ossified to such an extent that it can’t meaningfully evolve?
A11: Homer Husband and Harriet Housewife want convenience and familiarity. Which is mostly about form factor and compatibility. They do not want to deal with key management in any form.
To do that, you have to make a hardware wallet small enough to fit into a wallet or a purse. It doesn’t have to be literally credit card sized, but couldn’t be much bigger. It should be the size of a stack of five credit cards, at most. Or maybe it gets stuck back-to-back onto their cell phone. It has to have an end that acts like a chip card, or an edge that acts like a mag stripe, or both, so that it can interact with the grocery stores, auto shops, restaurants, etc that Homer and Harriet already do business with.
That’s very very important, because Homer and Harriet aren’t evangelists. The mechanic they’ve been going to for fifteen years has never heard of cryptocurrency and is never going to deal with the inconvenience of getting set up to accept it. He wants people to pay cash or pay with a card, and Homer and Harriet would NEVER consider arguing with him about it, don’t want to go to the effort of explaining it to him, and probably couldn’t explain it very well anyway. If they have to do any of those things, that’s a deal-breaker.
After that you have to get your cryptocurrency onto the Plus or Cirrus network, using the same interface as a foreign fiat currency. That would allow Homer and Harriet to automate the sale and exchange to whatever local people think is money, or the purchase and exchange to crypto, when they want to spend or accept stuff from that “card.” This will mean that they get hit with some extra fees when they use it, but
those fees are both unavoidable if you want to be on those networks, and relatively familiar to them.
Finally, there’s that key management thing. You could handle most of it by making the wallet do it. But sooner or later, that hardware wallet is going to fall and bounce of the curb, and go crunch under the tires of a bus. Or, you know, get dropped into the ocean accidentally, or just get lost.
Homer and Harriet are NOT willing to accept that this is not something they can recover. The only thing that they accept not being able to recover, when they lose their wallet, is familiar, folding fiat currency. And that’s why they don’t keep very much of folding fiat actually in their regular wallets.
If you do convince them that losing the wallet makes the funds unrecoverable, they will never want to have more than fifteen dollars on it, which will mean it isn’t useful. So, your hardware wallet has to interact with SOMETHING that keeps enough information about what’s on it, to enable a new wallet to recover everything that got lost.
Q12: Mining farms, mining pools, and ASICs. Many accounts are that Satoshi did not anticipate the full industrial scale these would reach. Do you agree with this? What are your views on mining pools and ASICs as we know them know today (specifically as described by Eric Budish’s paper)?
A12: My first problem with ASICs is that they can be used for exactly two things: Mining cryptocurrencies, and carrying out attacks on cryptocurrencies.
Every day of every year, people who own those enormous ASIC farms are deciding which is the most profitable use of them, on that day.
And the rewards for mining cryptocurrencies ratchet downward every couple of years.
That seems problematic. I keep watching to see what emerges each time the reward ratchets down, but I haven’t seen evidence yet that any of the big ASIC farms have turned around on any large scale.
My second problem with ASICs is that they are sucking up ridiculous amounts of energy that can never be recovered or used for anything else. I don’t so much mind this when converting the energy into heat is actually useful – replacing electric heaters in the basement of a building with a bank of Antminers that use the same amount of power is
energy-neutral and helps secure the chain.
But that’s not what happens in huge ASIC farms. All that heat is just waste. Nobody’s home is made more comfortable, no furnace’s power bill is alleviated, no greenhouses are enabled to grow food in the winter, nobody’s oven gets to bake bread with that heat, and all that energy is just plain gone.
The Bitcoin chain issues the same number of coins per day regardless of how much energy is spent; I’d like to think that spending a whole lot less of it, at least in ways where the heat produced isn’t useful, would be better.
But then we get back to the first problem; If honest miners start spending a whole lot less on the energy costs of hashing, then there’s a whole lot of ASICs not being used, and the owners of those are going to be looking around making their daily decision about what’s more profitable….
So the logic finally does work out the same. Security requires the vast majority of those ASIC boxes to be in use mining. It just seems such a colossal expenditure of power, and it might be that a different design could have achieved chain security without that global cost.
My third problem with ASICs is that they have become a way for their owners to steal money from the taxpayers in many nations. Countries that mean to do a good thing for everybody, create “development zones” with subsidized electricity, paid for by the taxpayers of that country. And then people move in with ASIC farms to suck up that electricity which the public paid for, and convert it into bitcoins in their private possession. These are business that employ very few people, drive the development of no other resources, and otherwise do pretty much nothing for the development of the local economy. IOW, the taxpayers who paid for that electricity are definitely not getting their money’s worth in economic development.
My fourth problem with ASICs is that there really is no way to monitor centralization of hashing power. People keep pretending that they’re tracking whether a 51% attack is underway, but I think most of them probably suspect, as I do, that what they’re really tracking is probably nothing more than whether or not the cabal of ASIC farm owners
remembered to configure that new warehouse full of machinery to use a different identifier.
In all fairness, this last thing results directly from anonymous, permissionless mining, which is something that was a very specific and very much desired part of Satoshi’s vision; he wanted anybody to be able to connect and participate, without any interference of a gatekeeper. But there can never be security from a Sybil attack when you don’t have any way of tracking RealWorld identities, and a “majority” can never be
relied on to be more than the front for some cabal or business interest, as long as a Sybil attack is possible.
And that was what Proof-of-work was supposed to prevent. In those early days everyone was thinking of hashing power as a side effect of computing infrastructure that was likely to be there, or be useful, for other purposes when it wasn’t hashing. And EVERYBODY has a use for warehouses full of computers, so it was easy to think that hashing power would remain at least somewhat distributed. The idea that someone would amass enormous numbers of special-purpose machines which made every other kind of computer in the world utterly useless for mining and which are themselves utterly useless for any other job (except attacking the network), was not, I think, really considered.
Satoshi definitely understood, and planned, that there would probably be server farms devoted to mining and that economies of scale and infrastructure would eventually drive individuals with ordinary desktop machines out of the mining business by being more efficient and making it unprofitable for the less efficient machines.
But I’m pretty sure he didn’t think of miners in places with artificially low subsidized rates for electricity outcompeting all other miners because of that advantage, driving the concentration of the vast majority of hashing power into just one country where it’s subject to the orders and whims of just one government and a few businessmen who
pal around with each other.
So he probably figured, yes, there’d be a few dozen large-ish server farms and a couple hundred small-ish server farms, but I’m pretty sure he envisioned them being scattered around the planet, wherever people find it worthwhile to install server farms for other reasons.
I’m fairly sure Satoshi’s notion of the eventual centralization of hashing power didn’t really encompass todays nearly-complete centralization in a single country, owned by a set of people who are subject to the whims and commands of a single government, who very clearly know each other and work together whenever it’s convenient.
And I find it worrisome.
Those enormous mining farms, and the way economics drove them together, are a structural problem with converting electricity into security.
I am not comfortable with the implication that, for any Proof-of-Work block chain including Bitcoin, economics will eventually devolve to the point where, when Beijing says ‘jump’ the mining and security of that block chain says ‘how high?’
And that is one of the greatest reasons why I look around for a different means of securing block chains.
Beginning in late 2014 through early 2015 a small group of startups in the US and UK independently began to lay the ground work for what is often marketed as “permissioned” distributed ledgers. Or DLT as it became known.
I am acutely aware of their journey because I wrote the key,
widely cited paper
that unfortunately popularized that exact term (a term first invented by Robert
Sams from Clearmatics).
I say unfortunately because that DLT acronym – while
well-intentioned – quickly became a gimmicky “marketing term” by many of the
large consultancies around the world trying to capitalize – and frankly scare –
clients into buying high-priced toys, none of which gained any meaningful
traction. Conjoined with images of a
Candyland nirvana, there were (and are) a slew of “me too” vendors that flooded
the market in late 2015 and early 2016 all searching for big pay days and
funding from deep pocketed enterprises that had no clue as to what DLT as an
acronym actually meant; subsequently some of these flash-in-the-pan ambulance
chasing vendors have repivoted to doing things like an ICO or just fading away
How to visualize this?
If shrink-wrapped box packaging was still en vogue, we could imagine “Now with DLT!” brightly stamped in neon
colors on the side of the latest version of some wares.
For example, some finger-pointing can be done at various
software companies, though not all of them.
Lured by a number of their clients who wanted to remove reconciliation
but maintain the same intermediated business model, more than a few vendors deconstructed
the concept of a byzantine fault-tolerant, globally shared state capable of
enabling P2P transfer of value into something arguably less meaningful:
bilateral states using the same old financial intermediation to solve the
double-spend problem. In some cases it
was boiled down to digitally signed message passing integrated into legacy
market structure. Useful yes, but not
revolutionary. Calling it a “distributed
ledger” makes boring software products sound sexy but it ultimately confuses
anyone who makes the effort to figure out what it all means.
And because there’s plenty of blame to go around: various coin
religiously latched onto and dutifully created umpteen strawmen arguments using
contorted disingenuous views of what DLT meant to them. The two specific cartoonish examples that
stick out the most are the horse-buggy
meme and the naive “sewer rat” analogy that is occasionally regurgitated on
reddit. Why are these shortsighted? Because at the time of their genesis, they
both assumed that the only type of blockchain (or distributed ledger) that can
or should exist, is the Bitcoin blockchain or derivative thereof. It is entirely self-serving, dogmatic, and
void of empirical reflection.
In all instances – big consultancies, starry-eyed startups,
large software companies, and ideological zealots – they eventually butchered
the acronym into an indistinguishable pile of mush. By late 2015 as this was happening, I explained
that it was basically the same thing that happened during the “no gluten”
marketing mania of the early-2010s. No
one could really tell you what gluten is, but every food vendor was quick to
add that their products do not have it.
A bit like cloudwashing
Due to their collective inability to manage expectations, by
mid-2017 nearly the entire “DLT” ecosystem found itself in the abyss of the
trough of disillusionment. A handful
never fully fell in and a couple have clawed their way out, without the aid of
retail coin flippers or religious troll armies.
Others attempted quick fixes or rebrand such
that they were no longer classified as a DLT company hoping that definitionally
they couldn’t be in the trough of disillusionment.
A good couple books could be written on the trials and
tribulations of the vendors that made the headlines during these first few
years. Eventually the DLT term has
fallen out of disfavor for something only slightly less abused: “enterprise
chains.” It’s only marginally better
than DLT in that it is shorter when written out and hasn’t been gentrified by
VCs or demonized by coin peddlers. But
it’s not really accurate because the tools that are being built, aren’t just
for use by enterprises.
|| Onwards and
This brings us to: DLT is an acronym that has served its
initial use and should evolve with the times.
What then, can we use to describe the utilization of
technology to re-architect organizational processes and business models? Automating networks is generic and while
accurate, is not nuanced enough.
While it would take a bit more length than this article form
allows for, there are some salvageable ideas worth transplanting in the years
For starters, there is something rather mundane but simple:
automating the principles for
financial market infrastructures (PFMI).
As I – and others – have described
elsewhere, PFMI are decades old standards by which operators (and overseers) of
financial market infrastructure ought to follow; in most jurisdictions
operators are legally required to follow them.
Basically a list of do’s and don’ts for running systemically important
things like payment and settlement systems.
Like, how to identify risks and hold those who touch risk accountable
when something goes wrong. This is a
bundle of seemingly boring but existentially important frameworks.
Which principals can be automated or should be
automated? Unfortunately, that’s beyond
the scope of this short article.
Funnily enough, FMI
today is typically distributed and not fully centralized. In the case of the EU there is a
supranational payment system, but this is an exception to the rule that each
developed, and most developing, country has one or more payment, clearing, and
settlement system for both cash and securities.
The majority of these systems were set up and created heavy intermediation (single point of trust)
due in part to technological limitations of the 1970s. The CSDs such as DTCC and even exchange
operators exist the way they do today – as systemically important institutions
– partly because of an era in which mainframes and ‘minicomputers’ were the
only available options.
What if we could safely and securely disintermediate market
structure, reduce single points of trust, and remove monopoly rents, all while
It is a bold vision, but one that does not involve standing
on tables saying it is the greatest thing since the invention of the internet
or preying on unsophisticated retail investors in order to flog the coin-of-the
day to some other retail punter.
It’s easy to be cynical towards an ecosystem that has
proportionally attracted as many snake oil salesmen as the various coin groups
have the past few years. And it is hard
to fulfill the promises that are hyped at events. For example, the Sibos “New Kids on the Blockchain”
video from 2015 is illustrative of those difficulties: just a couple of the panelists
still work for the same company they did at the time and all of the groups
represented in the video have had uphill battles to stay afloat today.
In conclusion, instead of playing identity politics with
lightning bolts in a social media handle, motivated developers genuinely looking
to help transform market structure can crack open a copy of the PFMI handbook
and immerse themselves with a world that keeps civilization from falling
Coupled with tools and libraries first conjured up within the
ill-defined drama-filled blockchain world, real market structure changes can be
made and society will be better off for it.
Best of all, it doesn’t need
to involve burning mountains of coal to secure either.
It’s not sin to still use DLT as a term-of-art but dFMI is
arguably a more expressive acronym, providing more context for both practioners
and users alike.
I recently created a thread that on Twitter regarding the lower-bound estimates for how much electricity the Bitcoin blockchain consumed using publicly available numbers.
The first part of this post is a slightly modified version of that thread.
The second part of this post, below part 1, includes additional information on Bitcoin Cash, Ethereum, Litecoin, and Monero using the same type of methodology.
The original nested thread started by explaining why a proof-of-work (PoW) maximalist view tries to have it both ways.
You cannot simultaneously say that Bitcoin is – as measured by hashrate – the “most secure public chain” and in the same breath say the miners do not consume enormous quantities of energy to achieve that. The fundamental problem with PoW maximalism is that it wants to have a free energy lunch.
All proof-of-work chains rely on resource consumption to defend their network from malicious attackers. Consequently, a less resource intensive network automatically becomes a less secure network.1 I discussed this in detail a few years ago.
Part 1: Bitcoin
Someone recently asked for me to explain the math behind some of Bitcoin’s electricity consumption, below is simple model using publicly known numbers:
the most common mining hardware is still the S9 Antminer which churns out ~13 terahashes/sec
Thus the hashrate pointed at the Bitcoin network today is about 50,000,000 terashashes.
Dividing one from the other, this is the equivalent of 3,846,000 S9s… yes over 3 million S9s.
While there is other hardware including some newer, slightly more energy efficient gear online, the S9 is a good approximate.
Because the vast majority of these machines are left on 24/7, the math to estimate how much energy consumption is as follows:
in practice, the S9 draws about 1,500 watts
so 1,500 x 24 = 36kWh per machine per day
Note: here’s a good thread explaining this by actual miners.
In a single month, one S9 will use ~1,080 kWh.
Thus if you multiply that by 3,846,000 machines, you reach a number that is the equivalent of an entire country.
for a single day the math is: ~138.4 million kWh / day
annually that is: ~50.5 billion kWh / year
For perspective, ~50.5 billion kWh / year would place the Bitcoin network at around the 47th largest on the list of countries by electricity consumption, right between Algeria and Greece.
But, this estimate is probably a lower-bound because it doesn’t include the electricity consumed within the data centers to cool the systems, nor does it include the relatively older ASIC equipment that is still turned on because of local subsidies a farm might receive.
In Iceland, the finance minister has warned that cryptocurrency mining – which uses more power than the nation’s entire residential demand – could severely damage its economy.
Recent analysis from a researcher at PwC places the Bitcoin network electricity consumption higher, at more than the level of Austria which is number 39th on that list above. Similarly, a computer science professor from Princeton estimates that Bitcoin mining accounts for almost 1% of the world’s energy consumption.2
Or to look at it in a different perspective: the Bitcoin network is consuming the same level of electricity of a developed country – Austria – a country that generates ~$415 billion per year in economic activity.
Based on a recent analysis from Chainalysis, it found that Bitcoin – which is just one of many proof-of-work coins – handled about $70 million in payments processed for the month of June. Yet its cost-per-transaction (~$50) is higher than at any point prior to November 2017.
You don’t have to be a hippy tree hugger (I’m not) to clearly see that a proof-of-work blockchains (such as Bitcoin and its derivatives) are currently consuming significantly more resources than they create. However this math is hand-waved away on a regular basis by coin lobbyists.
The figure also didn’t include the e-waste generated from millions of single-use ASIC mining machines that are useful for about ~12 months; or the labor costs, or building rents, or transportation, etc. These ASIC-based machines are typically discarded and not recycled.
In addition to e-waste, many mining farms also end up with piles of discarded cardboard boxes and styrofoam (source)
Part 2: Bitcoin Cash
With Bitcoin Cash the math and examples are almost identical to the Bitcoin example above. Why? Because they both use the same SHA256 proof-of-work hash function and as a result, right now the same exact hardware can be used to mine both (although not simultaneously).3
So what do the numbers look like?
The BCH network hashrate has been hovering around 4 – 4.5 exahashes the past month. So let’s use 4.25 exahashes.
Note: this is about one order of magnitude less hashrate than Bitcoin so you can already guesstimate its electricity usage. But let’s do it by hand anyways.
An S9 generates ~13 TH/s and 4.25 exahashes is 4.25 million terahashes.
After dividing: the equivalent of about 327,000 S9s are used.
Again, these machines are also left on 24/7 and consume about 36 kWh per machine per day. So a single S9 will use ~1,080 kWh per month.
327,000 S9s churning for one day: ~11.77 million kWh / day
Annually this is: ~4.30 billion kWh / year
To reuse the comparison above, what country’s total electricity consumption is Bitcoin Cash most similar to?
How much economic activity does Moldova and Cambodia generate with that electricity consumption? According to several sources, Cambodia has an annual GDP of ~ $22 billion and Moldova has an annual GDP of ~$8 billion.
For comparison, according to Chainalysis, this past May, Bitcoin Cash handled a mere $3.7 million in merchant payments, down from a high of $10.5 million in March a couple months before.
Also, the Bitcoin Cash energy consumption number is likely a lower-bound as well for the reasons discussed above; doesn’t account for the e-waste or the resources consumed to create the mining equipment in the first place.
This illustrates once again that despite the hype and interest in cryptocurrencies such as Bitcoin and Bitcoin Cash, there is still little real commercial “activity” beyond hoarding, speculation, and illicit darknet markets. And in practice, hoarding is indistinguishable from losing a private key so that could be removed too. Will mainstream adoption actually take place like its vocal advocates claim it will?
Discarded power supplies from Bitcoin mining equipment (source)
At the time of this writing, the Ethereum network is still largely dominated by large GPU farms. It is likely that ASICs were privately being used by a handful of small teams with the necessary engineering and manufacturing talent (and capital), but direct-to-consumer ASIC hardware for Ethereum didn’t really show up until this summer.
There are an estimated 10 million GPUs churning up hashes for the Ethereum network, to replace those with ASICs will likely take more than a year… assuming price stability occurs (and coin prices are volatile and anything but stable).
For illustrative purposes, what if the entire network were to magically switch over the most efficient hardware -the Innosilicon A10 – released next month?
Innosilicon currently advertises its top machine can generate 485 megahashes/sec and consumes ~ 850 W.
So what is that math?
The Ethereum network is ~300 TH/s which is around 300,000,000 megahashes /sec.
Quick division: that’s the equivalent of 618,557 A10 machines.
Again, each machine is advertised to consume ~850 W.
in a single day one A10 consumes: 20.4 kWh
in a month: ~612 kWh
So what would 618,557 A10 machines consume in a single day?
– about 12.6 million kWh / day
– about 4.6 billion kWh / year
That works out to be between Afghanistan or Macau. However…
Before you say “this is nearly identical to Bitcoin Cash” keep in mind that the Ethereum estimate above is the lowest of lower-bounds because it uses the most efficient mining gear that hasn’t even been released to the consumer.
In reality the total energy consumption for Ethereum is probably twice as high.
Why is Etherum electricity usage likely twice as high as the example above?
Because each of the ~10 million GPUs on the Ethereum network is significantly less efficient per hash than the A10 is. 4 Note: an example of a large Ethereum mine that uses GPUs is the Enigma facility.
For instance, an air-cooled Vega 64 can churn ~41 MH/s at around 135 W which as you see above, is much less efficient per hash than an A10.
If the Ethereum network was comprised by some of the most efficient GPUs (the Vega 64) then the numbers are much different.
Starting with: 300,000,000 MH/s divided by 41 MH/s. There is the equivalent to 7.32 million Vega GPUs generating hashes for the network which is more in line with the ~10 million GPU estimate.
one Vega 64 running a day consumes ~3.24 kWh
one Vega 64 running a month: ~77.7 kWh
If 7.32 million Vega equivalent GPUs were used:
in a day: ~ 23.71 million kWh
in a year: ~8.65 billion kWh
That would place the Ethereum network at around 100th on the electricity consumption list, between Guatemala and Estonia.
In terms of economic activity: Guatemala’s GDP is around $75 billion and Estonia’s GDP is around $26 billion.
What is Ethereum’s economic activity?
Unlike Bitcoin and Bitcoin Cash, the stated goal of Ethereum was basically to be a ‘censorship-resistant’ world computer. Although it can transmit funds (ETH), its design goals were different than building an e-cash payments platform which is what Bitcoin was originally built for.
So while merchants can and do accept ETH (and its derivatives) for payment, perhaps a more accurate measure of its activity is how many Dapp users there are.
There are a couple sites that estimate Daily Active Users:
State of the Dapps currently estimates that there are 8.93k users and 8.25K ETH moving through Dapps
DappRadar estimates a similar number, around 8.37k users and 8.57K ETH moving through Dapps
Based on the fact that the most popular Dapps are decentralized exchanges (DEXs) and MLM schemes, it is unlikely that the Ethereum network is generating economic activity equivalent to either Guatemala or Estonia.5
For more on the revenue Ethereum miners have earned and an estimate for how much CO2 has been produced, Dominic Williams has crunched some numbers. See also this footnote.6
According to Malachi Salacido (above), their mining systems (in the background) are at a 2 MW facility, they are building a 10 MW facility now and have broken ground on a 20 MW facility. Also have 8 MW of facilities in 2 separate locations and developing projects for another 80 MW. (source)
Part 4: Litecoin
If you have been reading my blog over the past few years, you’ll probably have seen some of my Litecoin mining guides from 2013 and 2014.
If you haven’t, the math to model Litecoin’s electricity usage is very similar to both Bitcoin and Bitcoin Cash. From a mining perspective, the biggest difference between Litecoin and the other two is that Litecoin uses a hash function called scrypt, which was intended to make Litecoin more “ASIC-resistant”.
Spoiler alert: that “resistance” didn’t last long.
Rather than diving into the history of that philosophical battle, as of today, the Litecoin network is composed primarily of ASIC mining gear from several different vendors.
One of the most popular pieces of equipment is the L3+ from Bitmain. It’s basically the same thing as the L3 but with twice the hashrate and twice the power consumption.
So let’s do some numbers.
Over the past month, the Litecoin network hashrate has hovered around 300 TH/s, or 300 million MH/s.
Based on reviews, the L3+ consumes ~800 W and generates ~500 MH/s.
So some quick division, there are about 600,000 L3+ machines generating hashes for the Litecoin network today.
As an aggregate:
A single L3+ will consume 19.2 kWh per day
So 600,000 will consume 11.5 million kWh per day
An annually: 4.2 billion kWh per year
Coincidentally this is roughly the same amount as Bitcoin Cash does as well.
So it would be placed around 124th, between Moldova and Cambodia.
Again, this is likely a lower-bound as well because it assumes the L3+ is the most widely used ASIC for Litecoin but we know there are other, less efficient ones being used as well.
What about activity?
While there are a few vocal merchants and a small army of “true believers” on social media, anecdotally I don’t think I’ve spoken to someone in the past year who has used Litecoin for any good or service (besides converting from one coin to another).
We can see that — apart from the bubble at the end of last year — the daily transaction volume has remained roughly constant each day for the past 18 months. Before you flame me with a troll account, consider that LitePay collapsed before it could launch, partly because Litecoin still lacks a strong merchant-adopting ecosystem.
In other words, despite some support by merchant payment processors, its current usage is likely as marginal as Bitcoin and Bitcoin Cash.
Genesis Mining facility with Zeus scrypt mining equipment (source)
Part 5: Monero
The math around Monero is most similar to Ethereum in that it is largely dominated by GPUs.
In fact, earlier this year, a large number of Monero developers convinced its boisterous userbase to fork the network to prevent ASICs from being used. This resulted in four Monero forks and basically all of them are dominated by high-end GPUs.
For the purposes of this article, we are looking at the fork that has the highest hashrate, XMR. Over the past month its hashrate has hovered around 475 MH/s.
Only 475 MH/s? That may sound like a very diminutive hashrate, but it is all relative to what most CPU and GPU hashrate performance is measured in Monero and not other coins.
For example, MoneroBenchmarks lists hundreds of different system configurations with the corresponding hashrate. Similarly there are other independent testing systems that provide public information on hashrates.
Let’s take that same Vega 64 used above from Ethereum. For Monero, based on tweaking itgenerates around 2000 hashes/sec and consumes around 160 W.
So the math is as follows:
475,000,000 hashes/sec is the current average hashrate
A single Vega 64 will generate about 2000 hashes/sec
The equivalent of 237,500 Vega 64s are being used
Each Vega 64 consumes about 3.84 kWh per day
So 237,500 Vega 64s consume 912,000 kWh per day
And in a year: 332 million kWh
The 332 million kWh / year figure is a lower-bound because like the Ethereum Vega 64 example above: it doesn’t include the whole mining system, all of these systems still need a CPU with its own RAM, hard drive, and so forth.
As a result, the real electricity consumption figure is much closer to Haiti than Seychelles, perhaps even higher. Note: Haiti has a ~$8.4 billion economy and the GDP of Seychelles is ~$1.5 billion.
So what about Monero’s economic activity? Many Monero advocates like to market it as a privacy-focused coin. Some of its “core” developers publicly claimed it would be the best coin to use for interacting with darknet markets. Whatever the case may be, compared to the four above, currently it is probably the least used for commercial activity as revealed by its relative flat transactional volume this past year.
A now-deleted image of a Monero mining farm in Toronto (source)
Above were examples of how much electricity is consumed by just five proof-of-work coins. And there are hundreds of other PoW coins actively online using disproportionate amounts of electricity relative to what they process in payments or commerce.
This article did not dive into the additional resources (e.g., air conditioning) used to cool mining equipment. Or the subsidies that are provided to various mining farms over the years. It also doesn’t take into account the electricity used by thousands of validatingnodes that each of the networks use to propagate blocks each day.
It also did not include the huge amount of semiconductors (e.g. DRAM, CPUs, GPUs, ASICs, network chips, motherboards, etc.) that millions of mining machines use and quickly depreciate within two years, almost all of which becomes e-waste.7 For ASIC-based systems, the only thing that is typically reused is the PSU, but these ultimately fail as well due to constant full-throttle usage.
In summation, as of this writing in late August 2018:
Bitcoin’s blockchain likely uses the same electricity footprint as Austria, but probably higher
Bitcoin Cash’s blockchain is at least somewhere between Moldova and Cambodia, but probably higher
Ethereum’s blockchain is at least somewhere between Guatemala and Estonia, but probably higher
Litecoin’s blockchain is at least somewhere between Moldova and Cambodia, but probably higher
One of Monero’s blockchains is at least somewhere between Haiti and Seychelles, but probably higher
Altogether, these five networks alone likely consume electricity and other resources at an equivalent scale as The Netherlands especially once you begin to account for the huge e-waste generated by the discarded single-use ASICs, the components of which each required electricity and other resources to manufacture. Perhaps even higher when costs of land, labor, on-going maintenance, transportation and other inputs are accounted for.
The Netherlands has the 18th largest economy in the world, generating $825 billion per annum.
I know many coin supporters say that is not a fair comparison but it is. The history of development and industrialization since the 18th century is a story about how humanity is increasingly more productive and efficient per unit of energy.
Proof-of-work coins are currently doing just the opposite. Instead of being more productive (e.g., creating more outputs with the same level of inputs), as coin prices increase, this incentivizes miners to use more not less resources. This is known as the Red Queen Effect.89
For years, proof-of-work advocates and lobbying organizations like Coin Center have been claiming that the energy consumption will go down and/or be replaced by renewable energy sources.
But this simply cannot happen by design: as the value of a PoW coin increases, miners will invest more capital in order to win those coins. This continues to happen empirically and it is why over time, the aggregate electricity consumption for each PoW coin has increased over time, not decreased. As a side-effect, cryptocurrency mining manufacturers are now doing IPOs.10
Reporters, if you plan to write future stories on this topic, always begin by looking at the network hashrate of the specific PoW coin you are looking at and dividing it by the most common piece of mining hardware. These numbers are public and cannot be easily dismissed. Also worth looking at the mining restrictions and bans in Quebec, Plattsburgh, Washington State, China, and elsewhere.
To front-run an example that coin promoter frequently use as a whataboutism: there are enormous wastes in the current traditional financial industry, removing those inefficiencies is a decades-long ordeal. However, as of this writing, no major bank is building dozens of data centers and filling them with single-use ASIC machines which continuouslygenerate random numbers like proof-of-work coins do. That would be rightly labeled as a waste.
In the aggregate, U.S. PCS systems process approximately 600 million transactions per day, valued at over $12.6 trillion.
It shouldn’t take the energy footprint of a single country, big or small, to confirm and settle electronic payments of that same country. The fact of the matter is that with all of its headline inefficiencies (and injustices), that the US financial system has — the aggregate service providers still manage to process more than three orders of magnitude more in transactional volume per day than all of the major PoW coins currently do.11 And that is just one country.
Frequent rejoinders will be something like “but Lightning!” however at the time of this writing, no Lightning implementation has seen any measurable traction besides spraying virtual graffiti on partisan-run websites.
Can the gap between the dearth of transactional volume and the exorbitantly high cost-per-transaction ratio be narrowed? Does it all come down to uses? Right now, the world is collectively subsidizing dozens of minuscule speculation-driven economies that in aggregate consumes electricity on par with the 18th largest real economy, but produces almost nothing tangible in exchange for it.
What if all mining magically, immediately shifted over to renewable energy?
Izabella Kaminska succinctly described how this still doesn’t solve the environmental impact issues:
Renewable is displacement. Renewable used by bitcoin network is still renewable not used by more necessary everyday infrastructure. Since traditional global energy consumption is still going up, that ensures demand for fossil continues to increase.
To Kaminska’s point, in April a once-shuttered coal power plant in Australia was announced to be reopened to provide electricity to a cryptocurrency miner. And just today, a senator from Montana warned that the closure of a coal power plant “could harm the booming bitcoin mining business in the state.”
It is still possible to be interested in cryptocurrencies and simultaneously acknowledge the opportunity costs that a large subset of them, proof-of-work coins, are environmental black holes.12
If you’re interested in discussing this topic more, feel free to reach out. If you’re looking to read detailed papers on the topic, also highly recommend the first two links listed below.
If the market value of a coin decreases, then because hashrate follows price, in practice hashrate also declines. See also a ‘Maginot Line’ attack [↩]
Another estimate is that Bitcoin’s energy usage creates as much CO2 as 1 million transatlantic flights. [↩]
There have been proposals from various developers over the years to change this hash function but at the time of this writing, both Bitcoin and Bitcoin Cash use the same one. [↩]
And because many of these mining systems likely use more-powerful-than-needed CPUs. [↩]
Note: Vitalik Buterin highlighted this discrepancy earlier this year with the NYT: The creator of Ethereum, Vitalik Buterin, is leading an experiment with a more energy-efficient way to create tokens, in part because of his concern about the impact that the network’s electricity use could have on global warming. “I would personally feel very unhappy if my main contribution to the world was adding Cyprus’s worth of electricity consumption to global warming,” Mr. Buterin said in an interview. [↩]
At 8.65 billion kWh * $0.07 / kWh comes to around $600 million spent on electricity per year. Mining rewards as of this writing: 3 ETH * $267 / ETH * 6000 blocks / day equals to $4.8 million USD / day. Or ~$1.7 billion per year. This includes electricity and hardware. Thanks to Vitalik for double-checking this for me. [↩]
Just looking at the hash-generating machines, according to Chen Min (a chip designer at Avalon Mining), as of early November 2017, 5% of all transistors in the entire semiconductor industry is now used for cryptocurrency mining and that Ethereum mining alone is driving up DRAM prices. [↩]
As described in a Politicoarticle this past spring: “To maintain their output, miners had to buy more servers, or upgrade to the more powerful servers, but the new calculating power simply boosted the solution difficulty even more quickly. In effect, your mine was becoming outdated as soon as you launched it, and the only hope of moving forward profitably was to adopt a kind of perpetual scale-up: Your existing mine had to be large enough to pay for your next, larger mine.” [↩]
Following the dramatic drop in coin prices since January, Nvidia missed its revenue forecast from cryptocurrency-related mining: Revenues from miners were $289 million in Q1, which was about 10% of Nvidia’s revenue. The forecast for Q2 was $100 million and the actual revenues ended up being $18 million. [↩]
On average, the Bitcoin network confirms about 300,000 transactions per day. A lot of that is notcommercial activity. Let’s take the highest numbers from Chainalysis and assume that each major cryptocurrency is processing at least $10 million in merchant transactions a day. They aren’t, but let’s assume that they are. That is still several orders of magnitude less than what US PCS systems do each day. [↩]
The ideological wing within the cryptocurrency world has thus far managed to convince society that negative externalities are ‘worth the cost.’ This narrative should be challenged by both policy makers and citizens alike as everyone must unnecessarily bear the environmental and economic costs of proof-of-work blockchains. See also the Bitcoin Energy Consumption Index from Digiconomist and also Bitcoin is not a good fit for renewable energy. Here’s why. [↩]