Over the past several months, there has been a number of useful, simplified flow charts that show the general demand and supply for bitcoins.

The diagram above was created this past fall by Adam Ludwin, co-founder of Chain.com.  Subsequently, there have been a variety of similar charts from others describing the flows in an easy-to-understand way.  I think these are helpful and look forward to seeing more.

However, based on blockchain data, what do the specific flows look like?

After consulting with a number of industry experts, I constructed a rough, but more granular flow of funds based on actual user behavior.  This is not to say that these trends or activities will stay the same, but rather this is a visual aid to better understanding where the supply and demand of both “coins” and fiat are within the current ecosystem.

The legend

• The term “BTC” is in reference to unspent transaction outputs (UTXO), because “coins” do not actually exist1
• The orange buckets and arrows involve mining farms, manufacturers and pools.
• The brown buckets involve exchanges, ATMs, financial intermediaries, custodians and payment processors which have access to fiat (“early adopters” may also be on the sell side).
• The green buckets represent fiat, this can be in the form of bank accounts or in the case of Localtrader, Localbitcoins.com, #bitcoin-otc (an IRC room) and “human” ATMs actual physical cash.
• The champagne arrows involve the sale of BTC and block rewards.
• The red arrows involve the purchase and buying of BTC.
• The purple buckets and arrows involve illicit activity including darknet markets, scams, ransomeware, gambling, laundering and mixing of BTC.
• The black arrows involve the sending of BTC to another hop or address.
• And the blue buckets and arrows have no real commonality but are important in terms of the flow of funds.
• Technically wallets do not exist at all, they are just a mental analogy to abstractly describe addresses as UTXO labels (not all wallets are “burner” as that would imply an increase in anonymity and requires knowledge of intent; they all can be effectively “temporary”).
• In terms of mixing, certain altcoins are now a popular method for mixing.  For instance, litecoin (LTC) is one of the most liquid altcoins.  This typically looks like convert BTC at exchange A to LTC.   Then send LTC to exchange B and convert back to BTC.  Darkcoin (now called Dash) is another popular coin due to its specific “anonymity” features.  See also ring signatures from Monero.

[Note: I used Creately to prototype it and am releasing it as usual under a CC Attribution license]

The good with the bad

If a bitcoin is eventually deemed legally property, does this new flow chart imply that the current Bitcoin blockchain is a public, near-real-time record of contraband?  Maybe not.  Cryptocontraband would only really apply if you indeed were able to show the provenance of the property that you are talking about.2  For many of the use cases it is actually very difficult to show the provenance of individual currency units.   Perhaps this will change in the future, no one knows.

What is observable?  In addition to roughly 1 million bitcoins moving on a daily basis (more on that later), in the last four years we have seen several dozen high profile cases of individuals and companies whose bitcoins were lost, stolen or accidentally destroyed due to improper operational security.  By one account there are more than a million bitcoins that are no longer with their legal owner.345 Consequently, in terms of venture funding, the 2nd largest vertical that has received funds over the past 18 months is hosted wallet companies (“depository institutions”) such as Xapo and Coinbase which provide cold storage (“vaults”) and some type of insurance.

What has been the motivation to do so?  Because in practice, bearer assets are very hard to secure hence the reason for the emergence of banking intermediaries 500 years ago and again today in the era of virtual assets.

And this type of mercurial bearer ownership is not relegated to just the above-board economy.  For instance, about 16 months ago Sheep Marketplace, a darknet market, was “hacked” and 96,000 bitcoins were stolen (this was worth around $40 million at the time).  The purported owner of Sheep Marketplace was arrested last month.  A month ago, another darknet market, Evolution, lost at least 43,000 bitcoins (~$10 million) after two of the administrators stole them.

At a combined valuation of $50 million, this is roughly what BitPay processed in 2014 once mining and precious metals are removed from itemization.6

What about the “ransomware” subheading, what is “ransomware”?  It is a type of software, or malware precisely, that prevents users from using their computer unless the user pays the malware creator some kind of “ransom.”  In this case, bitcoins.

As noted in Chapter 12, while this type of malware has existed for several years, CryptoLocker itself stole nearly 42,000 bitcoins in the fall of 2013, thus signaling to market participants that this successful method of attack could be copied.  And as shown by the chart above, there were as of February 2014, 146 different families of “Bitcoin-stealing malware.”   According to Dell, during a six month time frame last year, “CryptoWall infected more than 625,000 computers worldwide, including 250,000 in the United States. During that time, the gang that operated CryptoWall raked in about $1 million in ransom payments.”

Currently hackers are targeting smaller and more marginal actors.  For instance, last month the network for Swedesboro-Woolwich School District in New Jersey was held hostage for a 500 bitcoin ransom.  And earlier this month, the Tewksbury Police Department system in Massachusetts became just one of many public organizations that has paid similar ransoms in bitcoin.

The case of the unknown volume

We know from public reports above of some on-chain activity, but not all.

Current total output volume is around 1 million bitcoins per day.  That is to say that on any given day (over the past year), approximately 1 million bitcoins have moved somewhere on the blockchain.  Knowing this and taking the categorization from Slicing Data, let us make a low, conservative assumption that 80% of the remaining volume is “change” being swept into change addresses, faucet outputs (a potential candidate for “long-chains”) and mining payouts.

And as established last week, we know that about $1,000,000 a day is from payment processing and above-board merchant activity, this amounts to less than 5,000 bitcoins per day.

Where is the rest of the volume coming from?

For instance, has the volume of Counterparty transactions increased?

As illustrated in the chart above, transaction volume for Counterparty has stayed roughly the same over the past 9 months or so.  A typical transaction requires about 0.0001 BTC (as a watermark) and about 0.0001 fee to miners.  Thus on any given day the total amount of bitcoins used by Counterparty is a handful, maybe even just 3 or 4 bitcoins.

What about P2SH?

As of this writing, about 8.63% of all bitcoins are stored using P2SH.  And while the last several months have each seen more than 1 million bitcoins move into P2SH, this still does not tell the whole story because that is per month and not per day, which we are observing (e.g., roughly 100,000 or so bitcoins per day move into P2SH).

What else comprises this gap?

If actual transactions represent 20% of the total output volume, or 200,000 bitcoins, what else could fit the bill?  Payment processors collectively would account for 2.5%, P2SH would account for 50% (although technically P2SH is not commercial activity), Counterparty less than 1%, gift cards less than 1%.

What about crowdsales?  The largest one right occurring right now is Factom.  Over the past three weeks approximately 2,180 transactions containing 1,955 bitcoins have been sent to the fundraising address; or about 104 transactions per day.

Now lets assume the international payments and remittance market is at least the same size as the merchant economy (it may be lower, based on anecdotally having talked to about 10 different exchanges overseas the past couple of months); so that is about another 5,000 bitcoins per day or 2.5%.

That means that we are still missing around 80,000 bitcoins per day if not more.  And based on address clusters at WalletExplorer, a large portion appears to come from movement in between exchanges and hosted wallets, as well as gambling services and darknet markets.

Recall that at its height in the spring and summer of 2012, nearly half of all transaction volume on the Bitcoin network were related to SatoshiDice.7 Once it blocked US-based IP addresses, its popularity waned.

Over the past two years, since May 13, 2013, there have been 946,261 bitcoins worth of wagers at Primedice, or roughly 1,350 bitcoins per day.

The chart above visualizes the activity on Primedice since January 1, 2015 – April 18, 2015.  Based on this cluser, there is is roughly as much transactional volume passing through Primedice as BitPay does each day.

A few other notable publicly known dice sites tracked by Dicesites:

• Pocket Rocket Casino has about 440 bitcoins / day in wagers
• BitDice has about 240 bitcoins / day in wagers
• Dicenow has about 70 bitcoins / day in wagers

For perspective, prior to emptying its wallet (the first time), on its then-summer 2012 height, Silk Road’s public address contained 5% of all mined bitcoins at that point.8  In early November 2014, Operation Onymous — an international law enforcement action targeting darknet markets, closed down 414 sites.  Left unaffected were several of the larger DNMs, including Agora, Evolution and Andromeda, each of which actively sell illicit wares denominated in bitcoin.  Evolution, as noted above, suffered a large theft which will be looked at below.

Evolution DNM

Last week we looked at some charts from Coinalytics in relation to BitPay.  Coinalytics specializes in building data intelligence tools to analyze activities on the blockchain.  Using labels from WalletExplorer.com (which identifies reused addresses of a number of different services), the team was able to create visual aides covering Evolution.

Two things to keep in mind:

1) as a Swiss-based bot recently discovered, not everything sold on a DNM like Evolution are necessarily illegal (though a lot probably is)

2) we cannot have 100% confidence on the data since it may be missing some address clusters.  For instance, last week, the 500,000 BitPay transactions identified by WalletExplorer were 10% less than what BitPay officially reported during the same time frame (2014).  Thus, there may be a similar margin of error for the following data.

Evolution was officially launched on January 14, 2014 and its administrators pulled an “exit scam” with a large portion of the funds on March 18, 2015, effectively shutting down its operations.

The chart above visualizes the time period between January 16, 2014 – March 18, 2015.  The average number of transactions per day was 1,004 and average bitcoins per day was 562.  However, as shown in the chart above it was not until the fall of 2014 that Evolution hit its stride.

For the six months between September 18, 2014 – March 18, 2015 saw traction.  During this time frame they processed 2,025 transactions and 1,260 bitcoins per day.

Another way of looking at that same trend is the comparison above: a log scale measuring the amount of bitcoins that both BitPay (in green) and Evolution (in red) received starting January 16, 2014.  The drop off at the end in March 2015 is related to the exit scam that Evolution underwent (and the drop off for BitPay is related to a limitation in WalletExplorer’s data).

The log chart above measures the value of incoming market volume between BTC and USD.

In terms of USD, the average value sent to Evolution between March 18 2014 – March 18 2015 was $190,179 per day.  As it achieved traction, between September 18 2014 – March 18, 2015 the average value sent was $353,669 per day.

For comparison recall that based on the stats released last week by BitPay, on average BitPay processed 1,544 transactions worth $435,068 per day in 2014.

The final chart above may be of interest to those wondering what the “exit scam” looked like in USD denominated value.  The time frame above is between January 16, 2014 – March 18, 2015.  As shown at the end, in March, the administrators “exited” with a large portion of coins valued at a range between $10-12 million USD (the full amount varies based on media outlet and is not fully captured in the chart above).

A question of ownership

Throughout this post the word “owner” has been used a few times.  Why is this important when looking at economic activity and flows of funds?

In an exchange with Amor Sexton, an Australian attorney that represents cryptocurrency companies, she noted that:

It seems like the preferred legal approach in many jurisdictions is that bitcoin is a form of digital property, and not money. This means that bitcoin would lack the negotiability of money. It is an important distinction in light of the concerns about the volume of fraud and theft.

If the statistics are correct, a significant amount of people may not have good title to the bitcoin that they hold. Of course, this is all theoretical, as it is arguably nearly impossible to prove title to bitcoin and satisfy the nemo dat principle.

However, you can’t merely ignore the issue. The law doesn’t cease to exist because you ignore it. For example, as Pamela Morgan points out, when you build a website, you get a default font without needing to specify any font. If you want to change the font, you need to write code to change it. The law has default positions that are implied into every situation. To change the default position, you have to actively create a new position that takes precedence over the default position.

The default position for property (and bitcoin if it is deemed property) is that the nemo dat rule applies. Ignoring the problem doesn’t fix it. The only thing that can fix it is by creating a new default position – either by law (declaring bitcoin to have the same negotiability as fiat currency) or by private agreement.

Nemo dat (short for nemo dat quod non habet) boils down to clean titles.  If you buy property from someone who does not have ownership right of the property, then the new purchaser does not have a legitimate title to this property (e.g., you cannot sell what is not yours).

Sexton is not the only practicing attorney with this view.

I spoke with Ryan Straus, an attorney at Riddell Williams in Seattle.  According to him:

I think there is a great deal of confusion around the property/currency distinction.  This confusion was magnified by FinCEN’s classification of Bitcoin as “virtual currency” for the purposes of the Bank Secrecy Act.  Shortly after FinCEN’s March 2013 interpretive guidance, people started to use the term “digital currency” rather than “virtual currency.”9

Bitcoin is not currency in digital or virtual form.  Rather, Bitcoin is virtually, or almost, currency.  Why is this important?  Currency can be thought of as property imbued, by the sovereign, with a special power.  Specifically, the legal tender status of currency allows it to be transferred free and clear of, rather than subject to, all claims and defenses.

In other words, currency is the only unconditional exception to nemo dat quod non habet, or the general rule that one can never transfer a better interest than one has.  There are other conditional exceptions to nemo dat that apply to certain types of property (goods, negotiable instruments and security entitlements) if certain conditions are met (property is transferred “for value” and in “good faith”).  If Bitcoin is not currency and does not fit within one of the statutory exceptions to nemo dat, nemo dat applies.  At this point in the conversation, the issue of fungibility inevitably comes up. However, fungibility isn’t a solution; it is merely an evidentiary issue.

The Financial Times, recently covered similar legal analysis by George Fogg, an attorney at Perkins Coie.  According to Fogg, “under the United States’ UCC code (uniform commercial code) as long as bitcoins are treated as general intangibles, no high value investor can be sure that an angry Tony Soprano won’t show up one day to claim that the bitcoins they thought they received in a completely unencumbered manner are actually his.”

Based on this insight the Times noted that:

Indeed, given the high volume of fraud and default in the bitcoin network, chances are most bitcoins have competing claims over them by now. Put another way, there are probably more people with legitimate claims over bitcoins than there are bitcoins. And if they can prove the trail, they can make a legal case for reclamation.

This contrasts considerably with government cash. In the eyes of the UCC code, cash doesn’t take its claim history with it upon transfer. To the contrary, anyone who acquires cash starts off with a clean slate as far as previous claims are concerned. It is assumed, basically, that previous claims on cash are untraceable throughout the system. Though, liens it must be stressed can still be exercised over bank accounts or people.

According to Fogg there is currently only one way to mitigate this sort of outstanding bitcoin claim risk in the eyes of US law. Rather than treating cryptocurrency as a general intangible, Fogg argues, investors could transform bitcoins into financial assets in line with Article 8 of the UCC. By doing this bitcoins would be absolved from their cumbersome claim history.

The catch: the only way to do that is to deposit the bitcoin in a formal (a.k.a licensed) custodial or broker-dealer agent account.

Whether or not a court will agree with this view depends on the jurisdiction that future defendants/plaintiffs are located.  US law seems pretty clear when it comes to property.

And as it is encoded today, there is no technical means for the Bitcoin network to enforce  off-chain asset rights based on terms-of-service (smart contract or otherwise); although there may be technical methods for integrating a terms-of-service into contracts transacted on the network.  However that is a topic for a different post.

Conclusions

As the Bitcoinland flow chart above showed, over the past six-and-nearly-a-half years, a visible division can now been seen between a KYC economy and non-KYC economy.  And while readers will likely find different parts of interest, to me a few of the takeaways are:

1. In terms of activity, it is still difficult to tell what each category consumes specific amounts of transaction volume (e.g., “change” addresses, above-board merchant volume, gambling and so forth)
2. Where the fiat leakage is occurring, where people take bitcoins out of circulation and purchase them with dollars or euros; how will this change in the coming months?
3. The fact that value is actually being transferred: for all its warts some people still use it to transfer value often without intermediaries involved

Bitcoin and most other cryptocurrencies today, were intentionally designed not to interface with the current financial infrastructure.  Satoshi Nakamoto purposefully designed the network so that on-chain activity would route around trusted third parties and this came at a capital intensive cost (e.g., proof-of-work).  The decentralized, pseudonymous nature of these networks are a dual-edged sword: it provides advantages that can and will be used by both good and bad actors alike.  It will be interesting to look again at how this flow chart evolves over the coming years.

Future researchers may also be interested in breaking down the energy costs for maintaining each segment or bucket in the flows above.

For instance, last year O’Dwyer and Malone found that Bitcoin mining consumes roughly the same amount of energy as Ireland does annually.  It is likely that their estimate was too high and based on Dave Hudson’s calculations closer to 10% of Ireland’s energy consumption.1011
Furthermore, it has likely declined since their study because, as previously explored in Appendix B, this scales in proportion with the value of the token which has declined over the past year.

The previous post looked at bitcoin payments processed by BitPay and found that as an aggregate the above-board activity on the Bitcoin network was likely around $350 million a year.  Ireland’s nominal GDP is expected to reach around $252 billion this year.  Thus, once Hudson’s estimates are integrated into it, above-board commercial bitcoin activity appears to be about two orders of magnitude less than what Ireland produces for the same amount of energy.

If this is the case, is there a way to determine how much energy is being consumed to transfer and secure: the KYC activities as well as the non-KYC’ed activities?  One constraint to consider too for this research is that if it somehow becomes cheaper to secure the network, it is also cheaper to attack the network — and this can impact both currency and non-currency applications of the network.

[Thanks to Fabio Federici, Andrew Geyl (Organ of Corti), Dave Hudson, Jonathan Levin, Amor Sexton and Ryan Straus for their feedback and insights.]

1. For one explanation why, see Bitcoin: New Plumbing for Financial Services by Jonathan Levin [↩]
2. The first person I am aware of that used the term “cryptocontraband” is Robert Sams. [↩]
3. Tabulating publicly reported bitcoins that were lost, stolen, seized, scammed and accidentally destroyed between August 2010 and March 2014 amounts to 966,531 bitcoins. See p. 196 in The Anatomy of a Money-like Informational Commodity by Tim Swanson. See also: Bitcoin Self-Defense, Part I: Wallet Protection by Vitalik Buterin [↩]
4. The inability to enforce a contract and retrieve losses in the event of fraud is not just a challenge for Bitcoin, but other cryptocurrency systems such as Dogecoin. For instance, Dogeparty asset “DOGEDIGGERS” was used by someone mid-November 2014 to sell shares in their “mining operation.” The individual(s) behind it managed to extract a few million dogecoin before people caught on and started asking questions, identifying it as a scam and put an end to it — the social media sites that the scammers were using to make the scam look legitimate were taken down. Restitution, if there is any, will take place off-chain where contract enforcement actually exists. See also Meet Moolah, the company that has Dogecoin by the collar from The Daily Dot [↩]
5. While the verdict is still out on Mt. Gox, new data analysis suggests that hundreds of thousands of bitcoins were systematically stolen from Mt. Gox over a period of two years, many of which were sold on other exchanges including Mt. Gox.  See The missing MtGox bitcoins from Wizsec [↩]
6. Some other examples include: Neo & Bee, Bitcoin Trader, Moolah from Alex Green/Ryan Kennedy, GAW/PayCoin from Josh Garza, BFL, MyCoin and at least 192 others, more likely hundreds more.  A number of the buckets probably deserve their own flow chart, especially since stolen bitcoins can be observed being split apart, onion style (e.g., the criminal peel off UTXOs little by little). See: Investigating the allinvain heist by GraphLab and An Analysis of Anonymity in the Bitcoin System by Fergal Reid and Martin Harrigan [↩]
7. On May 4, 2012 Stephen Gornick calculated that of the 42,152 total transaction on the blockchain, 21,076 transactions were wagers related to Satoshi Dice. This volume doubled within four days, as Gornick posted an update that 94,706 total transactions on the blockchain, 47,353 were wagers.  In September 2013, Rick Falkvinge made the following analogy: “Money in gambling – at least instant gambling – is not in a lockdown cycle and does not contribute to the minimum size of the money supply. This becomes important as we look at the different economies making up bitcoin today. There are about 11.7 million bitcoin in circulation today. Out of these, a staggering 2 million bitcoin are gambled every year on the SatoshiDice site alone, and another, PrimeDice, 1.5 million. To put these numbers in perspective, if translated to the global economy, it would mean that people bet the entire production of the USA at one single betting site, and the entire production of Europe on another. But as we have seen, these numbers do not contribute to the money supply pool in any meaningful way in a functioning economy.” See Bitcoin’s Vast Overvaluation Appears Partially Caused By (Usually) Illegal Price-Fixing by Rick Falkvinge [↩]
8. See A Fistful of Bitcoins: Characterizing Payments Among Men with No Names by Meiklejohn et al. [↩]
9. FinCEN Issues Guidance on Virtual Currencies and Regulatory Responsibilities from FinCEN [↩]
10. See also Megawatts Of Mining by Dave Hudson [↩]
11. Additional calculations from Dave Hudson:
    – Current Bitcoin network capacity: approximately 320 PH/s (320 x 10^15)
    – Best case power efficiency (shipping today): approximately 0.5 J/GH (0.5 x 10^-9 J/H)
    Likely power efficiency: approximately 1.0 J/GH (1 x 10^-9 J/H) = 2 x best case
    – Best case power usage (sustained): 320 x 10^15 x 0.5 x 10^-9 = 160 x 10^6 W = 160 MW
    Likely power efficiency: 160 x 2 = 320 MW
    – Best case power usage per day: 160 x 24 = 3840 MWh = 3.84 GWh
    Likely power usage per day: 320 x 24 = 7680 MWh = 7.68 GWh
    – Best case power usage per year: 3.84 x 365 = 1401.6 GWh = 1.4 TWh
    Likely power usage per year: 7.68 x 365 = 2803.2 GWh = 2.8 TWh
    The best case example would represent the entire Bitcoin network using the best possible hardware and doesn’t account for any cooling or any other computers used in the Bitcoin network. As such it represents an impossible best version of a network of this size. The likely example is probably closer as there is older hardware still in use and most data centers need cooling of some sort.
    The US Energy Information Administration estimated the US power generation capacity for 2012 at 1051 GW so the 320 MW number would represent 0.03% of the total electricity supply for the US. Assuming that we take the 320 MW figure then that would put Bitcoin at about 10% of Ireland’s electricity supply. [↩]