[Note: Below is a guest post discussing a “real world asset” (RWA) tokenization use case that has been proposed and re-proposed for about a decade (first with Colored Coins and Counterparty). Among other articles, the author previously co-authored another thoughtful piece A Quick History of Cryptocurrenices BBTC — Before Bitcoin. Reprinted with permission; and the views are those of the authors alone.]
By Ken Griffith
Since the appearance of Bitcoin in 2008 numerous people have had the idea of issuing gold tokens on a blockchain, or using a blockchain to support a digital gold currency system. This short essay will look at some of the attempts to do this and suggest the reasons why this has not worked, and is unlikely to ever work.
In 2015 Roy Sebag borrowed a phrase from Satoshi and created a company called “Bitgold” which performed a reverse IPO on a Canadian stock exchange. Sebag raised several hundred million dollars to “put gold on the blockchain.” However, instead of creating Bitgold, he proposed a buyout to James Turk at GoldMoney.com. After buying out goldmoney.com, Sebag simply invested the funds into expanding that business which had been founded in 2001. Goldmoney has a ledger, but it does not use blockchain at all.
In the intervening years a dozen or more different gold tokens have been created on Ethereum and other platforms. Of these, many turned out to be scams, and one or two of them were legitimately backed by actual gold. However, none of these have gained any traction in the marketplace.
To understand why gold and blockchain do not mix we need to look at the history of digital gold and cryptocurrencies. E-gold was the first Internet money in 1996, 12 years before the Bitcoin whitepaper was published. By 2001 e-gold had one million users worldwide, and had an annual transaction volume of about US $2 billion per year worth of gold. By 2005 there were six such digital gold issuers. However, the US Treasury began a campaign of prosecuting the digital gold companies using the USA Patriot Act from 2006 to 2009, in which the four USA based issuers were indicted, their gold reserves seized, and officers indicted.
Goldmoney.com was the only digital gold issuer to survive the purge because they were fully licensed in Jersey, UK. However, they never allowed an independent network of exchange agents to provide exchange services to their users. So Goldmoney.com never became a popular means of payment. Goldmoney was primarily used by institutional investors to hold large amounts of physical gold.
The primary obstacle to developing a gold payments network is government regulations in various countries.
Blockchain tokens such as Bitcoin have the advantage of being decentralized with no person or company as the issuer. They are resistant to government regulation and control because there is no central server that can be seized or turned off. There is no person who can be arrested to stop the Bitcoin network from continuing to process transactions. The network continues to operate so long as the people operating servers with this software continue to operate them and keep the same rules.
When you create a gold-backed token you violate the basic social reason that has allowed blockchains to ignore government regulations. An asset-backed token is a promise by some person or company to deliver some asset in exchange for the token. That is implicitly a contract between the issuer and the holders of the token. The token may live on a blockchain, but the person who issues the contract lives in the real world. The physical assets used to back the token also exist in the real world. A government can arrest a person or a company and confiscate the physical assets.
The Crux of the Problem
Once a token is issued on a permissionless blockchain it is impossible for the issuer to control who gains access to that token. It can be transferred to someone in a country where such tokens are illegal or otherwise regulated.
We saw this in the case of EOS, which raised $4 billion in a year-long token sale from 2017 to 2018. The terms of the sale expressly forbade US Citizens from buying the tokens. The sale contract required the buyer to swear that they were not a US Citizen or resident of the United States. The website blocked US IP-addresses so the token sale could not even be seen by web browsers in the United States.
Two years after the token sale was complete, the SEC began an investigation, and a class action lawsuit was filed against EOS for selling tokens to US citizens. This means that some US citizens made a false statement under oath to buy those EOS tokens, and then handed that evidence to US law enforcement agencies. Because the company had raised $4 billion, the large pile of money was very attractive to US law enforcement agencies. EOS ended up settling with the SEC for 24 million dollars.
The value of the assets is the critical factor in determining which companies are prosecuted and which ones are ignored.
We conclude that any tangible asset digitized on a blockchain is vulnerable to lawsuits and criminal prosecutions from countries that regulate or otherwise make such payments illegal.
Law enforcement agencies do not immediately prosecute every company who issues such a token. They bide their time and wait until they see a large pile of value that is vulnerable to prosecution. Only then, do they begin an investigation and prosecution in order to seize those assets using asset forfeiture laws.
How to Avoid this Problem to Issue Real Digital Assets
An Internet ecosystem which allows persons to issue real-world financial contracts for various assets would require a contract-based ledger such as one based on Ricardian Contracts.
Rather than creating one company, such as Goldmoney.com, that offers gold accounts to citizens of many countries, it is better to create a network of lawful institutions in different countries that only offer asset accounts to residents of that country. Thus, each institution need only concern itself with the laws of one nation, rather than the laws of all nations.
A clearing mechanism will allow payments to clear between different institutions in different countries. This short video explains the concept of a clearinghouse in two minutes:
It is better to have many small issuers of gold or other assets than one large centralized issuer. Each of the small issuers should have a license for a money service business in their jurisdiction.
Since corruption is part of human nature, and will always be a problem, it makes more sense to build a system that anticipates the cost-benefit factors that drive corruption. Even law enforcement agencies have a cost to seize financial assets. They have to bring a case in court, which costs money.
Many small piles of gold are much more expensive for a government to seize than one large pile of gold. If there are many issuers, then a government would have to indict each issuer with a separate court case in a separate jurisdiction. This is too expensive and inefficient. Ideally, you would want issuers to hold the amount of gold roughly equal or less in value than the cost of prosecution. So, for example, a typical prosecution of such a company would cost $1 to $5 million USD.
In traditional banking, bank ledgers were protected by financial privacy laws. Unfortunately, the twentieth century saw the steady weaponization of banks against their customers by the State. However, banking privacy worked effectively for centuries. The best long term solution is for states to reform their banking laws to restore and protect financial freedom and privacy.
We find that permissionless blockchains are not environments that are ever likely to work for contract-based financial transactions. They have no native means to record consent to a contract, nor to restrict access to a token to those who have consented to a contract.
By contrast, a Ricardian Contract based ledger would be ideally suited to enable an online financial ecosystem with securities and asset-backed tokens operating within the law. Ricardian Contracts were invented a decade before Bitcoin. Yet, there has been very little community interest in building Ricardian Contract based systems. The reason for this appears to be ideological.
The ideological spectrum of cryptocurrency users leans heavily towards anarchy. Even classical libertarians believe in the necessity of courts of law to enforce contracts. Yet, the majority of cryptocurrency fans seem to reject even the idea of courts of law, as seen in their reaction to the CSW defamation case. Without courts of law, contracts are unenforceable.
The idea that computer code can be a replacement for law and courts is popular but fatally flawed. It is extremely difficult to write and maintain error-free software. It is fine to say that the code is the law, until an error in the code allows an outcome that was not intended. Human courts of law are the ultimate error processing routine. This is unavoidable, and therefore should be embraced in the design of any financial ecosystem.
The dream of creating online financial ecosystems that live on the blockchain, free from courts of law is doomed to perpetual anarchy. Financial institutions, by definition, hold assets in trust for their account holders. Such relationships require contracts and courts of law to enforce. Without contracts and courts of law, all that can be expected is a wild west of online fraud. The long string of failed cryptocurrency exchanges and other projects testifies to the truth of that assertion.
I have found a blockchain-related book that did not have me completely shaking my fist in the air. For background, I have reviewed six other blockchain-focused books, most of which were pretty bad and/or filled with inaccuracies (the exception thus far was Digital Gold).
In contrast, The Cryptopians by Laura Shin was a breezy read and one that – from a technical perspective – I feel comfortable recommending to both geeky and non-geeky audiences trying to understand some of the people that created the Ethereum ecosystem (as well as a few other blockchains).
For instance, I enjoyed the steady dripping of GRE words like pastiche and bucolic which were carefully placed throughout each chapter alongside detailed (physical) descriptions of venues and individuals. I look forward to seeing it turned into a mini-series (Luka Dončić will obviously play Vitalik).
In terms of “inside baseball,” while I have bumped into and interacted with many of the people mentioned, I don’t know enough to comment on several figures discussed so the review below is largely about other portions of the book.
With that said, there were a few areas that I had quibbles with. For instance, I probably would’ve highlighted how much aggregate fraud took place during the 2017-2018 ICO boom (e.g., why Chinese governmental authorities kicked out exchanges, etc.). But that likely would have distracted the main story around how Ethereum evolved as infrastructure.
And before I’m labeled a rose-tinted glasses fanboy, worth pointing out that when I first interacted with Shin years ago, we didn’t agree on a number of things. Rather than dwell on those past differences, I think it is a credit to her reporting that she provided nuances in the story (such as the early days of Hyperledger project and Enterprise Ethereum Alliance) that pundits who are new to this space are unaware of or put no effort in understanding. Calling everything a scam is the laziest form of concern trolling and fortunately readers have a list of citations to peruse instead of relying on innuendo from flash-in-the-pan Twitter personalities.
Note: all transcription errors are my own. See my other book reviews on this topic. Spoiler Alert: there are a bunch of spoilers below!
Before we begin, worth pointing out that the book covers a roughly four year timespan (January 2014-January 2018) and was published in February 2022. The preface included a helpful backdrop of what was occurring in the financial services area during this time frame. One paragraph stuck out, stating on p.3:
Soon financial institutions as powerful as JPMorgan Chase, Nasdaq, Visa, HSBC, State Street, UBS, Santander, and many others worldwide began exploring the technology. In late 2015, “Blockchain, not bitcoin” became the mantra on Wall Street, and from January 2014 into February 2017, more than fifty financial services firms invested in the space.1
To be pedantic, the very first person I am aware of that said “Blockchain, not bitcoin” is a VC named Adam Draper, who opportunistically pivoted the messaging from his portfolio companies in late 2015:
I attempted to chronicle some of these wordsmith shenanigans in October 2015.
Is it important in the scheme of things?
Maybe not. But I think it is worth re-highlighting this fairweather etymology. For instance, contemporaneously some anti-coiners actively attempt to memoryhole the slur that is “no-coiner” to play identity politics; e.g., People who purposefully do not own snow skis are not labeled as “no-skier” or someone who doesn’t own an airplane, a “no-planer” or someone who doesn’t own a computer a “no-computerer.” One of the reasons some anti-coiners do not call themselves anti-coiners is because they likely do not understand the etymology of “no-coiner” and how it is a grammatic corpse.
But that’s a different story, although germane for 2022.
Chapter 1 provides readers with a short biography about Vitalik Buterin, including his early childhood (I was unaware of his prowess with Excel!).
I made a pedantic scribble on p. 12:
Shutting down Bitcoin would require tracking down and switching off the devices of every single person running the software — and that would require the coordinated action of every government in the world. But even shutting off all existing computer on the network wouldn’t stop anyone else from spinning up the Bitcoin software.
This is accurate at a high level. Pedantically however, in mid-2022 a well-resourced attacker (such cooperating governments) has a bit simpler task: (1) shut down large mining farms which ultimately slows down block production (e.g., the difficulty overhang would likely require a hard fork); (2) shut down or compromise just three ISPs or BRN/FIBRE — a protocol that propagates blocks directly between mining pools; (3) shut down or severely curtail liquidity providers (e.g., require large CEXs such as Coinbase to delist Bitcoin).
Again, we could argue (and Bitcoiners love to argue!) about the likelihood of either occurring but in my view a better illustration of geopolitical resiliency would be proof-of-stake (P-o-S) networks such as Avalanche, Polkadot, or Cosmos which do not rely on easily-identifiable points of failure (e.g., large mining farms) and are therefore mostly immune to scenario 1 (although clearly dependence on centralized cloud providers for any of these can be a weakness).
With that said, going down this rabbit trail clearly would have been confusing to the average reader so it is understandable why this hypothetical wargamming was not included.
Pages 15-17 provided some interesting background on how Bitcoin Magazine came into being (although maybe a missed opportunity to describe how it ultimately turned into a mother-son Bitcoin maximalist operation!).
On page 16, the author identified some good foresight:
Back home in Toronto after his globe-trotting, Vitalik was coding up a client using the language Python for Ethereum, while Gavin and Jeffrey worked on the C++ and Go clients, respectively. (Vitalik wanted Ethereum to work on different software clients so that a bug in one wouldn’t take the whole blockchain down; the entities on the network could run another one while the buggy one was fixed.)
This is an important paragraph and I am glad that Shin mentioned this so early on.
Why is implementation pluralism a good thing? Because as she described, it provides resiliency in the event something catastrophic or existential occurs (such as a bug that knocked 13% of Ethereum validators offline two years ago). Most blockchains, even a few years after launch, still are dependent on a single codebase maintained by a single team. Apart from resiliency (e.g,. a different implementation surviving a bug that knocks other implementations offline), this could lead to some perverse scenarios such as with Bitcoin wherein de factogatekeepers ossifying around the BIP process (e.g., a priori anti-bigger blocks).
Today, there are at least four different “Eth 2” client implementations that are undergoing stress tests for the upcoming “merge.” Up through the spring, Prysm has been the most popular implementation and is actively attempting to reduce its marketshare by acknowledging that a network is more resilient with more active implementations.
On a personal level Chapter 2 is interesting because during the time frame it takes place (January 20, 2014 to June 3, 2014) I was also writing a short book and had a chance to interview a few of the people mentioned. I witnessed odd behavior at least once: I had a Skype call with a couple members of the original Ethereum team. During the call, one person pointed a video camera (with its bright light) right back at me and video tapped it. I don’t recall the names but according to Shin, at least one person in that group was actively recording things which kind of seems off (or maybe I’m not sentimental enough!). I also thought Charles Hoskinson (who I separately interviewed) used phrases and words intimating as if he was a middle aged mathematics guru. And only learned he wasn’t through the book.2
Shin does a good job throughout the book articulating what the inner monologue was, what key people were thinking at the time. On p. 31 she writes about Gavin Wood who was brought on as the first developer and learns that the organization isn’t fully formed. Stating, “Why are they discussing this? If Ethereum hasn’t been founded yet, then damnit, I want to be a founder!”
This is followed-up with supporting details two pages later, “Later, Gavin would feel shafted as a lower-tier founder when he says he eventually found out that Charles had gotten into the Skype group only a day before he had.”
Another interesting detail on p. 36, “From Christmas to mid-February, for their respective Ethereum clients, Gavin and Jeff wrote more than seventy thousand lines of code.3 (Eventually, Vitalik’s Python client would mostly be used for research.)
On p. 40 the author pointed out how Charles had told at least one person in the team (Mihai) that he was Satoshi.
But as Shin notes,
The real Satoshi could easily prove his/her/their identity by moving a coin in the first block of the Bitcoin blockchain. There was no need for all of Charles’s hocus-pocus. Ultimately, most of the Zug group decided Charles was not Satoshi.
Pedantically the first sentence is both true and false. The real Satoshi could prove their identity by moving coins in the first block mined on January 9th, but not by moving coins in the actual Genesis block (from January 3rd). Why not? Because the Genesis block was hardcoded into the chain, the coins cannot be spent. Shin’s statement is a good barometer for filtering out wanna-be Satoshi’s, such as Craig Wright.
I’m also glad that Shin referenced Gavin Wood’s original essay on “Web 3” which was published in April 2014. You don’t have to agree with it, but unlike many of the VCs who promote “Web 3” or the anti-coiners who permahate on it, Wood provides some specific characteristics defining it. Is that too much to ask letter campaigns today?
Chapter 2 also goes into some details about the “holons” which I always thought was kind of bananas. Stating, “The Romanian Mihai, the Bitcoin Magazine founder who had lived in anarchist squats, enjoyed drinking, and was sociable, spontaneous, and creative, wanted Ethereum to comprise a series of live-work holons.”
The book goes into some depth about the drama these live-work locations, eventually they were dropped from official sponsorship and funding.
Page 48 mentions people, such as Vitalik, possible being “on the spectrum of Autism” and I seem to recall finger pointing at various events of who is and isn’t “on the spectrum.” Hopefully these antics will retire, there’s no room for the rudeness in polite society.
Chapter 2 closes with some nice imagery:
Vitalik walked out onto the front deck, the larger of the two on the top floor. It was drizzling outside. Beneath his feet were perfectly straight, cherry-stained wooden slats, and off to the side, a black barbecue grill, four black planters with bushes, and a yellow flower pinwheel.
Shin does a good job placing these details throughout the book, helping the reader imagine the scene.
This is also an interesting chapter in terms of how certain events moved by quickly. For instance, with the crowdsale, on p. 71:
Stiftung Ethereum was finally established on July 9. By Friday July 18, the Ethereum crew had Pryor Cashman’s draft opinion letter. On Monday, July 21, they received it signed. On Tuesday, July 22, at midnight Central European Summer Time, they launched the crowdsale.
On p. 73 it is kind of funny to see some Bitcoin maximalists enter the chat:
Meanwhile, many Bitcoiners claimed “alt-coins” like Ethereum were unnecessary. For instance, a March blog post titled “The coming Demise of the Altcoins (and What You Can Do to Hasten It)” sad, “When people say, ‘But Ethereum can do smart contracts!’ this is actually false… Ethereum will therefore soon be forgotten like the rest once it inevitably fails to deliver on its promise.”
Coincidentally a few months ago I highlighted that same article and how the author ended up kicked out of the little institute he co-created, later joining the Bitcoin SV circus. Without endorsing Ethereum itself, it is empirically clear that it has not been forgotten and has delivered more than most publicly funded blockchain projects. This still doesn’t sit well with vocal maximalists (and anti-coiners).
On p. 84 the author mentions cold storage devices that stored the Ethereum Foundation’s bitcoin and specifically mentioned Michael Perklin.4 The one related anecdote I have about him: I spoke at Devcon 2 which took place from September 17-19 in 2016 in Shanghai. This is about a month after Bitfinex was hacked for around 119,000 bitcoin.
Just a total coincidence but when I got on the maglev, Perklin and I ended up sitting next to one another. Recognizing him, I started peppering him with questions about Bitfinex, who he was helping provide a security audit (he was mentioned in an official blog post on it). If I recall, my argument was that in traditional financial markets, an exchange operator that had suffered a similarly huge loss would have been closed down by regulators, least of all not been allowed to socialize losses and issue a couple of IOUs. Long story short, we disagreed on some fundamental issues and went our separate ways.
Chapter 3 concludes with the formal launch of Ethereum mainnet and the hiring of Ming Chan.
Chapter 4 & 5
Chapters 4 & 5 had lots of interesting anecdotes and drama I was unaware of. Geeky readers may be asking, “what’s with the big deal gossip?” In my view, I find it impressive that anything was built and delivered with the type of work dynamics described, e.g., it’s hard to imagine operating in an environment with a senior leader having loud outbursts throughout every conversation.
Chapter 4 ends with the termination of Gavin from the foundation and Chapter 5 concludes with The DAO being drained. A number of ICOs were mentioned, such as Lisk and DigixDAO. Where are they today? Lisk still exists, maintaining an SDK for developers. Digix suspended its operations five months ago, and is reviewing its license requirements in Singapore. A companion book could probably have been written to discuss (and scrutinize!) the types of ICOs and tokens that were created between the collapse of The DAO and early 2018, more on this later.
Chapter 6 & 7
Chapter 6 was quite the page turner. Even though I was actively providing analysis at that time, it’s always interesting to read a cohesive blow-by-blow, with comments from the key developers and stake holders (the timeline at the end is great!). The fact that Phil Potter had such a dismissive view about Ethereum (calling it a “shit coin” a couple of times, including p. 182), isn’t a huge surprise considering his previous antics of “cat and mouse” bank accounts.5
For instance, I had no idea the role Andrey Ternovskiy, the creator of Chatroulette, had in increasing the drama-per-second following The DAO hack, leading up to the hard fork (he pretended to be the original DAO hacker and tried to social engineer some outcomes).
An interesting technical point from an excellent Chapter 7 (especially the sleepless nights for the Robin Hood Group), on p. 166:
The hard fork was indeed less complicated, especially compared to a similar process on Bitcoin. Because Bitcoin was “a peer-to-peer electronic cash system,” as Satoshi Nakamoto described it in the Bitcoin white paper, it had a chain of custody that could be followed all the way from the creation of a bitcoin to the one (or fraction of one) that someone owned. It made possible the digital equivalent of being able to trace a dollar bill from the time it gets minted to the time it gets used to tip a cab driver, who then uses it to buy flowers from a florist, who then pays bus fare with it. In order to unwind something like the DAO on Bitcoin, to undo the cabbie’s tip, one would also have to rescind the bus ticket and return the flowers.
Bitcoin uses the UTXO model and Ethereum uses an accounts model, in principal, the forking process could work the same way if planned ahead of time. For example, while the flow of funds (payments) between users and merchants were not reversed when Ethereum split into ETH and Ethereum Classic, but with forks like Bitcoin Cash, if a blob of UTXO had ever been used, it really cannot be precisely excised and grafted onto the new fork without having to fully unwind the butterfly effect (see the 2013 accidental hardfork of Bitcoin for the winners-and-losers).
The brief discussion of Bitcoin maximalism on p. 181 as well as the quote from Aaron van Wirdum (a vocal Bitcoin maximalist at Bitcoin Magazine) reminded me of a tweet I posted just after the hardfork:
What’s the context of this dumpster fire? Recall that beginning in summer 2015, the Bitcoin “community” was undergoing a (negatively) transformative event: the Bitcoin civil war. At the heart was whether or not to hard fork and increase the block size. Several proposals, such as Bitcoin XT had been drafted up and a vocal wing, primarily composed of Blockstream-affiliated developers and organizations were opposed to any hard fork, let alone one that increased the block size (hence the “block size debate“).
This same group of antagonists regularly claimed that hard forks were unsafe and would lead to disaster, disarray, and the collapse of the entire ecosystem. Seriously, that’s how overdramatic some of these “small blocker” developers came across. Look up reddit and listserve discussions at the time, it was crazy talk.
Suffice to say, you don’t have to have an opinion over whether or not a hard fork should or should not have taken place on Ethereum to simultaneously observe that it did not lead to the collapse of the entire ecosystem. Hence, the egg-on-face, dumpster fire gif above. A number of other major L1s have successfully coordinated hard forks, multiple forks in fact, without leading to total pandemonium.
On p. 188-190, the author discusses the origins behind what is now called Ethereum Classic (ETC) as a separately traded coin. One personal anecdote: I distinctly recall the head of trading at a large U.S.-based exchange reaching out to me during this time period (July 2016) asking if I knew of any Ethereum holders who might be interested in selling their ETC. Worth pointing out, this was before it was listed on Poloniex. So the story of the various parties working in the background to get ETC off the ground probably could be expanded if a second edition is ever written (not that it needs a second edition!).
On p. 189, the author found a maximalist:
On the day of the fork, Bitcoin Magazine, Vitalik’s old publication, wrote an article about “the launch of a spin-off project: Ethereum Classic.” While the author, Aaron van Wirdum, noted that Ethereum Classic, “seems to be a bit of a joke, intended to make a point,” he wrote, the project has been gaining some traction, with a small-but-growing user-base on Reddit and Slack […]”
Fast forward nearly six years by several metrics such as TVL and active full-time developers, Ethereum Classic never really grew beyond its core group of devotees: Bitcoin maximalists who LARPed as Ethereans.6
Just as Litecoin and Dogecoin have not faded away (despite a lack of usage or developer interest), traders will probably continue to trade ETC until PoW coins are delisted for ESG reasons.
On this note, on p. 192 the author writes:
They could see that, in the community at large, Bitcoiners in particular felt that Ethereum’s hard fork would illustrate one of Bitcoin’s core features: its immutability.
Two quibbles with this:
(1) some of the largest Bitcoin holders are not maximalists but like Bitcoin for other reasons (e.g., can be used as collateral on other chains);
(2) from a technical perspective, no public chain is “immutable” in the sense that it cannot be forked, if anything immutability describes the one-way hash function. Bitcoin’s development has fully ossified over the past five-ish years, with those interested in building actual dapps having left for greener pastures. Arguably the only thing “immutable” with Bitcoin today is who acts as the gatekeepers to the BIP process: the same self-appointed guards that prevented bigger blocks back in 2015-2016.
Chapters 8 & 9
On p. 198-199 the author mentions some pro-ETC tweets from Barry Silbert (founder of DCG):
Bought my first non-bitcoin digital currency… Ethereum Classic (ETC)
At $0.5.0, risk/return felt right. And I’m philosophically on board
Vitalik was stunned. He had met with Barry at the DCG offices in March, and at that time Barry had offered to help him and be his advisor. Now he was finding out that despite the friendly overture, Barry had never bought ether and now instead had bought ether classic.
Somewhat ironically five years ago, a group of Bitcoin maximalists actually chided Barry Silbert for his tweets (turning it into a full on Medium post). Around the same time, Reuters did a story about whether or not someone in his position would be falling afoul of SEC regulations for the type of tweets he was publishing. Putting personalities aside for the moment, it is worth pointing out that ETC has since had multiple deep reorgs and as shown in the presentation from Electric Capital above, does not really have developer mindshare.
These two chapters also provided some interesting background to both Poloniex (now co-owned by a syndicate led by Justin Sun) and Bitcoin Suisse (who had a change in management last year).
For instance, on pgs. 217-218
The WHG was trying to return people’s money, but instead they’d gotten the majority of it frozen at an exchange. When they asked Polo why it had blocked the trade, Griff and Jordi say the rep asked how Polo was to know the difference between a white hat and a black hat hacker. According to Griff, the rep then said that Polo was going to hold the money because it wasn’t the WHG’s money. Bity and the White Hat Group told Poloniex that it wasn’t theirs either. (Eventually, the WHG would realize that although Kraken was happy to let the Bity account trade, the exchange had blocked its withdrawals.)
Around the same time, someone working in the Bity office, who was then helping the WHG, recalls hearing a rumor from what they believed to be a credible source that the FBI had opened an investigation into the WHG’s activity, which scared the shit out of some group members. For the next two days, they spent a lot of time staring up at a big screen, incessantly refreshing the Poloniex account page to see if the money had been unfrozen. During this stretch of time, they slept very little — going to bed at 8 a.m. the night they realized the funds were frozen — and when people passed out, they did so on the sofas around the office. Weed and bottles of whiskey were strewn about, though the White Hat Group didn’t partake.
Another example of a prominent Bitcoin maximalist attempting to derail Ethereum, on p. 221
A few days after Alexis of Bity published a blog post on the status of the ETC refund, which explained why the WHG had first wanted to convert everything to ETH, a Bitcoin maximalist who went by the online handle WhalePanda published a blog titled “Ethereum: Chain of liars & thieves,” in which he delineated the trades that the White Hat Group tried to do on the various exchanges and concluded, “TLDR; We market dumped the illegally obtained ETC to crash/kill ETC but failed and now we want the locked funds back, sorry.”
His real name is Stefan Jespers and despite the fact that he has publicly invested in Ethereum-related tokens, his social media personality is toxic to this day.
Moving along, although I participated at the tail end of Devcon 2, I was completely unaware of all of the drama that was going on in the background.7
For instance, on p. 238
In the end, Bob didn’t even hear the final answer from Gav himself. Brian Behlendorf of Hyperledger had a call with Parity: Gav’s firm had decided not to go through with it. Bob felt Gav was acting out of spite. Bob also wondered if Gavin wanted to kill a potential competitor to Parity. Gav said Parity’s lawyer, who handled the company’s licensing strategy, had decided against it. Parity had partly gotten its VC funding by pitching an enterprise Ethereum implementation, so if the C++ codebase was permissively licensed, it might compete with Parity’s future product.
This was interesting because in retrospect, this future scenario didn’t really happen. While Parity did participate in several “enterprise” pilots and projects, this codebase was ultimately deprecated and turned into OpenEthereum (and later dropped altogether by Gnosis). Also, Pantheon (from ConsenSys) was donated to the Hyperledger project and re-emerged as “Besu.”
On pgs. 245-246 we learn about a possible motivation behind the denial of service attacks that took place during Devcon2
The DoS attacks were finally over. Though the period was stressful, Vitalik found fighting–and winning– this cyberwar fun in a way. Throughout, the attacker’s motivation was unclear. There wasn’t an obvious financial gain, although he or she could have shorted ETH. (The price did slide from about $13 to below $10 over the two months of the attacks.) In fact, he or she had spent one thousand ETH (roughly $12,000) on the attacks, plus the time to research and execute them. Many mused that perhaps the only people with such an incentive would be Bitcoin maximalists. Regardless, Ethereum became stronger and more capable of handling a high load of transactions–a beneficial maturation given what lay ahead.
When discussing the salaries of Ethereum Foundation employees and candidates, on p. 250:
But even her good qualities had downsides. For instance, even after the foundation found itself in a financially comfortable spot, she lowballed potential employees. When Google employees were applying and stated their salary requirements, she would say things like “Nobody gets paid that much” or that she and Vitalik didn’t–as if developers’ salaries should be benchmarked against her own. (Entry-level Google engineers would typically have incomes higher than Ming’s at the time, plus get valuable stock, and senior-level engineers’ compensation could be $1 million including stock.) At least one former Googler at the foundation was paid half his previous earnings; plus he was made a contractor, so he had no leave or benefits; another applicant from Google simply didn’t join the EF.
I don’t think these are good arguments for a couple of reasons:
(1) The Ethereum Foundation, like most coin foundations, is non-profit. We can argue about what the role of non-profits should or not be in society or what the salaries of their staff should or not be, but there is an implicit assumption that Foundations in general typically cannot offer the same types of compensation that many for-profit organizations can. For instance, the executive director role for both Hyperledger Project and the Enterprise Ethereum Alliance is around $400,000 a year. Since there is no equity or coin rewards for that role, is that high or low? Maybe it is low relative to the value that these organizations are perceived to create for the ecosystems they operate in.
(2) Having worked in the Bay area for five years (where my wife as a hardware engineer), with the current mini bear market in tech equities, arguably the salaries of Big Tech (software) employees were inflated. Plus in the case of Google, virtually all of their revenue comes from adtech which effectively monetizes personally identifiable information (PII) which is morally dubious at best. I don’t know what the “fair market value” of a senior engineer at Google should or should not be able to command after this mini bear market concludes, but the author should have used an apples-to-apples comparison: the salary of an experienced, senior engineer at other Foundations, and not with for-profit adtech companies in the Bay area.
Chapters 10 & 11
As mentioned at the beginning I don’t think the book was critical enough of ICOs in general, and specifically the way some organizers effectively fleeced retail by not disclosing much, if anything. Or how in many cases, a token was not needed.
One example of trying to force a token where one is probably unneeded on p. 256:
Many projects were, like the DAO, fund-raising by creating a token designated for use on that specific network. He said these tokens weren’t just being used to line initial coin offering (ICO) issuers’ pockets with ETH; they were actually being used in the dapps themselves. The people who offered services to the network could be pad in that token, which could then be exchanged for other money. Setting these projects apart was the fact that each was not a traditional app with a company at the center pushing out updates and making business deals; these were “decentralized software protocols” (emphasis added). Historically, such protocols had not been profitable. For instance, the people working on simple mail transfer protocol (smtp) for email did not make money. Outlook, Hotmail, and Gmail, the applications using smtp, had. However, now tokens made it possible for protocol builders to reward themselves since tokens could be created with the network, and they could keep some, like retaining equity in a start-up, and allocate some for continued work on the protocol.
A few quibbles about this passage:
(1) What the author (and the VC) is describing is: public goods, problem of free-riders, etc. Basically there is some useful internet infrastructure (smtp) that could be built but… : who builds it, who pays for the labor, who owns the IP, and so forth. The “Web 2” world now dominated by an oligopoly often referred to as Big Tech that sometimes builds out socially useful technology in exchange for monetizing personally identifiable information (e.g., rent-seeking). That is a morally bad exchange that has been normalized. We don’t have time to go into the years of abuse and exploitation (e.g., Cambridge Analytica scandal) that has occurred but this was one of the original motivations for proponents of “Web 3” in 2014. In practice, over the past eight years many VCs attempt to reinsert themselves and/or their portfolio companies (intermediaries like CEXs) in place of these tech incumbents. That’s not really mentioned in the book but probably should in a future edition.
(2) A sundry of ICO issuers did in fact attempt to line their pockets at the expense of retail. While some useful dapps and infrastructure have arisen out of the chaos of the 2016-2018 ICO mania, continually pointing to these is textbook survivorship bias. We don’t have time to go into how crowdfunding should or should not look like, but clearly there were a lot of victims who had no recourse and that’s not typically mentioned by coin promoters (such as the coin VCs of that era). The author doesn’t say it, but others have defended this time frame as “the ends justify the means” and I don’t think that is a good argument either. Nor is having to donate to unaccountable public goods (e.g., Wikipedia) the only other viable alternative.
(3) Unlike anti-coiners, I don’t think it is fair to throw the baby out with the bath water when it comes to creating new methods of funding public goods. Not everything was a scam or a fraud. Even securities regulators are okay with certain forms of crowdfunding from retail. Simultaneously I’ve been consistent over the years that a “tcpipcoin,” if it had been created almost 50 years ago, would have likely led to distractions for the stakeholders of that era, much like today.
For instance, below is a passage from a paper I wrote in April 2015 (pgs 18-19)
Moving along, on p. 257 the author put together a concise (and interesting!) history of ERC-20:
Suddenly everyone was on the hunt for the next big protocol tokens. And creating new ones on Ethereum was so easy. The previous fall, Fabian Vogelstellar of the Robin Hood Group had solicited comments on an idea that Vitalik had long discussed: standardizing a smart contract for creating new tokens. Fabian made it issue number twenty on a board designated for discussing protocol improvements called Ethereum Request for Comments. After 362 comments, they settled on a standard called ERC-20 tokens, which became a class of tokens that, because they were in a standardized smart contact, could be added easily be exchanges, wallets, and so forth.
In the discussion of crowdfunding, on p. 260 the author mentioned a now mostly dead project, Augur:
Right when they launched, the presale for Augur, a decentralized prediction market in which people could make predictions and bet on the outcome, was happening. When Taylor went to put money in, she was stymied, again, by challenging technical instructions. She asked Kosala to make a one-click button for her. He did, and they added an “Augur Crowdsale” tab to the site. Late in the sale, which ended October 1, 2015, teh Augur newsletter gave a shout-out to MyEtherWallet for the button. Taylor and Kosala exchanged chats peppered with “omg omg”–thrilled to have been noticed by others in the community.
Apart from the handful of people who bought it at < $2 immediately post-launch, the insiders of Augur did okay.8 Why? Today at around $8, Augur (REP) trades at roughly the same level as it did five summers ago. While money may not be the motivating factor for all crowdsale participants, ETH grew and sustained several multiples higher over the same time period (e.g., opportunity cost of capital). Apart from betting on the outcome of U.S. presidential elections, the platform – like Open Bazaar – remains a ghost town. To its credit, unlike other ICO survivors from that era, the Augur team converted 90% its ETH holdings for real money to build and deploy a working prediction market that is updated from time to time.
On p. 269 we learn how Poloniex operated a lot like Binance did pre-2021:
By the time of that victory, the exchange was facing a new problem. Due to US sanctions, it needed to block Iranians from using Poloniex. However, it could not, because the exchange did not have a robust know-your-customer (KYC) program to verify customers’ identities. (The one instituted in 2015 was, according to an early employee, “super basic” and “really, really easy to work around.”) It was a three-tiered KYC system that granted users greater trading access in exchange for higher levels of verification, and part of the reason for it was that Jules and Mike wanted to minimize friction for users to sign up and deposit funds. These discussions dragged on from the end of 2016 into the first half of 2017, when Jules and Mike finally relented.
Even cynical readers familiar with the cyber coin world were probably shaking their heads at this passage: how can operators of a U.S.-based CEX enrich themselves for years intentionally slow-walking compliance with the BSA?
It reminded me of when news leaked around Circle’s acquisition of Poloniex several years ago:
Speaking of the SEC, to-date they have prosecuted and/or settled with around 60 token issuers since the start of 2017 (collectively Canadian provinces and individual U.S. states have pursued about as many). The book spends a bit of time on The DAO report, published in July 2017, but doesn’t really highlight retail-focused solicitations, such as Kik (e.g., Kik was mentioned on p. 271 but nothing about their very public fight with the SEC). A second edition could include some retrospection around these retail-focused raises; e.g., why did different governmental bureaus in China ban ICOs around the same time frame?9
On pgs. 282-283 Poloniex is described as a panopticon:
In 2017, Poloniex’s volume grew fifty to seventy-five times what it had been in December 2016. With more customers, more volume, and now more processes, the company became buried. About twenty people were managing almost five million accounts, and the owners had not invested in the company at all. Instead of hiring a third-party know-your-customer vendor, as many companies would, to make sure each submitted ID matched the selfie taken and that the address given wasn’t for, say, a strip mall in Nevada, Polo employees had to process IDs one by one. Support was still bare-bones: according to a manager at the time, five people handled more than one hundred thousand support tickets. In the first half of the year, Johnny managed to “poach” a few troll box moderators to be new support agents, brining the total to eight. According to Johnny, Jules made workers put their phones in cubbies upon entering the office, forbade them from listening to music, and though this might also be for security reasons, blocked their computers from the internet so they could only do one thing on those machines: work. They had to wear headphones so that they wouldn’t accidentally overhear any conversations, they were recorded via cameras inside the office, and they were instructed to communicate with each other only on chat. (Later Jules would acknowledge to employees that they were surveilling all staff chats, including direct messages.)
On p. 288 the author mentioned some of the exuberance during the “Consensus” event in 2017:
The next day, EOS, which billed itself as a faster (but more centralized) competitor to Ethereum, kicked off its nearly year long ICO. The month before, it had advertised its sale on a massive billboard in Times Square, during the consensus conference, which had twenty-seven hundred attendees. The advertisement was ironic given that the EOS ICO blocked US IP address. That week, the ETH price again traded with highs in the $330s and lows in the $200s.
I attended this event and recall visiting the “official” afterparty wherein one of Block.One (the commercial backer of EOS) pointed out that the EOS billboard was just aesthetics and wasn’t encouraging anyone to participate in the ICO. One update for a future edition of the book: in September 2019 Block.One, settled with the SEC for a small sum of $24 million. Not-so fun fact: one of the defense attorney’s who worked on that case also (successfully) defended several other 2017-era ICOs that had purposefully focused on retail investors. This is part of the history that anti-coiners, who are new to town, should probably focus their wrath on instead of traffickingconspiracy theories.
On p. 294 we hear a prominent ICO promoter mentioned in passing:
Meanwhile, on the rocky, lizard- and fern-filled island of Ibiza the Parity team and friends were at a lovely terra-cotta-tiled, exotic-plant-adorned home rented by Brock Pierce, the former Mighty Ducks actor turned crypto VC, wrapping up a weeklong retreat that, for at least some attendees, was at times an alcohol-and drug-fueled blur. The previous Sunday, in the VIP room of the club Amnesia, the group had made merry.
There are a number of similar party-the-night-away excerpts throughout the book. One wonders how anything was shipped during this time frame! Speaking of Pierce, in early February 2018, The New York Timespublished a critical story of Pierce (and his crew) arriving in Puerto Rico to take advantage of the lenient tax treatment of capital gains (and income) without contributing much in return. Later that same month, clearly without any motivation to clear his name, he publicly pledged to donate $1 billion. To-date, there has been no follow-up, despite folks asking what he has done beyond drumming up easy PR. This is a pattern with some of the prominent coin promoters (post ICO mania) who promise big donations, yet little materializes beyond the press release.
Another example of why a future chapter dedicated to ICO then-and-now reflection is found on p. 298,
For instance, on May 26, the day after Token Summit, there was an ICO for something called Veritaseum that hadn’t open-sourced its code, hadn’t published a white paper, and, based on its jumbled marketing, appeared to be a centralized company that could have easily accepted US dollars for payment — not a decentralized network. It did not even take the basic step of having a secure website, despite the hacks rampaging throughout crypto. It raised $11 million. Early on, VERI tokens ranked tenth among crypto assets by market cap. On July 22, the market cap based on circulating supply was $458 million. But accounting for the fact that Veritaseum had only released 2 percent of its tokens, its market cap by the total float was $22.9 billion. By that measure, the one-month-old company was almost twice as valuable as Nasdaq. Its market cap was more than that of Ethereum’s, which on that day closed $21.5 billion. And who controlled 98% of VERI? The founder.
Two things that stuck out:
(1) In November 2019, Reggie Middleton (the founder of Veritaseum) settled with the SEC for about $9.5 million (most of which was disgorgement), this could be added in a future edition.
(2) Intermediaries such as Nasdaq have an oligopoly on the services (and infrastructure) they provide. If anything, the entire “blockchain” set of experiments (including those initiatives Nasdaq has rolled out into production) should highlight the large amount of market share that systemically important financial institutions and utilities are able to capture and hold and gorge upon. Dismissing all alternatives out-of-hand, as most anti-coin commentators frequently do, raises the question: who are anti-coiners actually trying to help? Financial incumbents who get bailed out by governments? Retail who get fleeced with PFOF? If their goal is to somehow “help” the average Joe, then clearly defending the status quo isn’t very helpful either since it largely rewards incumbents who despite having a regulatory moat, in times of need also get bailed out because they are “too big to fail.”
For all of the discussions around The DAO, Slock.it, and securities regulations, there was one interesting info nugget on p. 301:
While the document was incriminating and put the crypto industry on notice, it wasn’t entirely accurate (The SEC, which declined to comment on this matter, had not interviewed Slock.it and reached out only to at least one American curator. An October 2020 FOIA request turned up no documents on any discussion around who deployed the DAO) Slock.it hadn’t set up the DAO-hub forums (though it had set up the Slack), it hadn’t deployed the DAO smart contract (unknown DAO community members had created eight of them and Taylor’s then fiancé Kevin had tossed the coin that had chosen which DAO to use), and the Robin Hood and White Hat groups, which included some Slock.it employees on their own time, helped resolve the attack. Regardless, the SEC had meant the document to be foundational, to show how the SEC was looking at the space. Lawyer surmised the agency had chosen a “21a report”–giving others notice that going forward the commission would likely follow up with enforcement actions for similar behaviors–because the DAO no longer existed and people had not lost money.
What other regulators may have reached out to Slock.it and curators? Was there a line-in-the-sand somewhere?
On p. 307 we learned about one Ethereum co-founder’s involvement in several ICOs:
At this time, during the ICO craze, Anthony had made a name for himself–not necessarily in a good way. He was slapping his name on ICOs as an advisor in exchange for tokens: Civic, Blockmason, Etherparty, Enjin Coin, Worldwide Asset eXchange, Skrumble Network, Cindicator, Polymath, AION, PayPie, Storm, Unikrn, WAX, Po.et, and Veriblock. Although Civic, Polymath, WAX, and Unikrn were somewhat well-known, the others were no-name projects. He’d also invested in two Chinese projects, Vechain and Qtum.
Not sure why the Chinese angle was worth highlighting; also not an endorsement but both Vechain and Qtum are around and still putting out “announceables.” It is worth mentioning that there are a number of high profile coin VCs who have removed or whitewashed their shilly ICO past, to somehow become… thought-leaders. In the U.S. it is more than two hands can count. Despite the collective “coinesia,” retail-focused promoters-turned-investors probably deserved to be named in a future edition.
On p. 319, more interesting information about Poloniex was described:
That fall, Poloniex’s dominance began to slip. If in June it had sometimes seen trading volume of $5 billion per week, early that fall the peaks were more like $4 billion. Still, even with the dip, the exchange was making a killing. One reason for the drop was that competitors were investing in upgrades, but Polo was doing the bare minimum. Seeing competitor Kraken boast about a slew of new features, Polo employees asked, “Why are we not doing this? Why are we just letting them take our business?” One example: Kraken launched an efficient, self-service feature for two-factor authentication allowing users themselves to disable it. Even though customer service said launching a similar feature would cut a third of all open support tickets, Jules and Mike wouldn’t let Tristan work on it. (As far as most people could tell, Tristan controlled nearly every aspect of Poloniex’s code–a grasp of its intricacies wasn’t spread out among a team of people, as would be expected of an exchange transacting in billions of dollars’ worth of crypto every week.) By this point, according to someone familiar with the matter, the exchange had almost half a million open support tickets. Johnny managed to poach more trollbox moderators to act as customer service agents, reaching twelve total by year’s end. He would feel really good the few times in the fall of 2017 that they got the number of open support tickets down to one hundred thousand. Jules and Mike did let them hire a few freelancers, who Johnny, the head of customer support, trained to help out with the backlog of KYC verification. They were good, so he suggested hiring them all immediately. He recall Jules and Mike said, essentially, No, we’re not going to hire anyone. Work with what you’ve got.
It’s interesting to hear this side of the story because throughout this time period, on social media and in chat groups, people would complain about Poloniex’s customer service. Now we know why.
Dentacoin was name dropped on p. 325. It is routinely lampooned for as you can guess, what it is named after.
Chapter 12 & 13
On pgs. 335-336 readers are presented with a thought experiment:
But most of all, things had been different during the DAO drama. Back then, Ethereum had done so many forks before, the community thought forking was without consequences. At that time, not forking was the threat. However, after the DAO, they knew that a hard fork could create yet another Ethereum. And that became the threat. Another factor was that, unlike with the DAO, there was no time pressure. The funds were frozen, and absent any decisions, they would be frozen forever. With the DAO the time for a rescue was limited, and that had prompted people to act. Additionally, with so many new tokens having been built on Ethereum, a contentious hard fork created the risk of producing all kinds of duplicate assets on another chain–Gnosis Very Classic, BAT Very Classic, Status Very Classic, and so forth.
I chuckled at the “Very Classic” names. But truth be told, both Ethereum and Ethereum Classic have had hard forks since the time frame this passage took place (late 2017). So technically speaking, those alt tokens could exist, although to my knowledge no major exchange supported the now-deprecated forks and alts.
On p. 343 we see mentions of Julian Assange and efforts like Pineapple Fund. Assange is frequently lionized by some Bitcoin promoters but he willingly only dumped secrets that damaged one specific U.S. political party and went out of his way not to publish anything that damaged Putin’s government. Ecuador’s government (which allowed Assange to live in its embassy for several years) found direct ties between Assange and the Russian government. In 2017, then-Trump advisor Dana Rohrabacher visited Assange in London and offered a pardon in exchange for Assange publicly stating “the Russians were not involved in the email leak that damaged Hillary Clinton’s presidential campaign in 2016 against Trump.”
Obviously this would have been a distraction in the book but in my mind it is hard to mention this very controversial character without providing context on why he was likely a willing Russian asset.
The epilogue tries to tie many of the threads into complete knots. Some worked, like the Poloniex conclusion on p. 358:
Circle’s acquistion of Poloniex closed on February 22, 2018. Fortune reported the deal was for $400 million, but according to a source familiar with the matter, the actual amount eventually paid out was between $200 million and $300 million. The sale was almost perfectly time to when not only the flood of trading volume began to wane at Polo but also the crypto bubble itself began to burst and volumes globally were lower than at their peak in mid-December. Polo had been shopping itself since the spring of 2017, such as to Barry Silbert’s Digital Currency Group and Blockchain.com. Circle had been hoping to close the deal in November, but Jules, Mike, and Tristan, citing the crushing amount of work (which the staff and another person who worked with them attributed to their “greedy” refusal to hire additional employees), managed to drag it out while the exchange was still bringing in obscene amounts of revenue–and yet to close before the employees’ shares vested. Some early staff calculated they’d been strong-armed out of $5 million to $10 million apiece.
Wow, that sucks. I have some close friends that had a similar story about a different NYC-based technology company during the same time frame.
Other knots didn’t quite close, like the lawsuits between ConsenSys management and its former employees discussed on p. 364-365. One recently settled and at least one of the lawsuits is ongoing and continues to garner headlines and involves a fight over IP rights for infrastructure such as Metamask.
From a technical standpoint the book was pretty good, just a few small quibbles. As mentioned at the beginning, while I heard rumors, I don’t know enough about a bunch of the inner circle to comment on a number of the personalities that were the focus of the book.10
There are several other books describing the ins and outs of how Ethereum was created that I hope to read through this summer, and time willing write-up a review. In the meantime, if you are looking for a page turner that doesn’t require a PhD in cryptography to understand, I think The Cryptopians is worth adding to your reading list.
Also, if you’re interested in hearing a credible candidate for who The DAO hacker may have been, Shin published a related thread with links a few months ago.
Send to Kindle
[Note: there was a footnote from a relevant 2017 CB Insights article. [↩]
The only two interactions I am aware of on Twitter are: (1) when Brian Hoffman, creator of OB1 & Open Bazaar and Charles Hoskinson said I bashed Hoffman’s platform (For the record I repeatedly, publicly said it is unclear why Open Bazaar would succeed when it was relying on users spending bitcoin which historically they had not. Today OB1 no longer exists and Open Bazaar lives on in name only via IPFS); (2) Charles throwing barbs at Vitalik with respect to the then fork between Ethereum and Ethereum Classic. [↩]
These stats are based on their github repo contributions. [↩]
This is not the first time Bitfinex has been “debanked” before. Phil Potter, the CFO of Bitfinex, recently gave an interview and explained that whenever they have lost accounts in the past, they would do a number of things to get re-banked. In his words: “We’ve had banking hiccups in the past, we’ve just always been able to route around it or deal with it, open up new accounts, or what have you… shift to a new corporate entity, lots of cat and mouse tricks that everyone in Bitcoin industry has to avail themselves of.” [↩]
Two of the most prominent Bitcoin maximalists quickly became Ethereum Classic supporters – Nick Szabo and Eileen Ou (note: that in 2015 Ou was sued and settled with the SEC). As noted by Shin, Greg Maxwell heckled Vitalik with a couple of emails during this time as well. [↩]
Technically speaking, I spoke on Day 5 of the International Blockchain Week (agenda), on September 23 entitled: “Opportunities and Challenges for Financial Services in the Cloud: Trade-offs in digitizing and automating finance.” Interestingly, GDPR has not been strictly enforced and public blockchains seem to have gotten a “free pass.” However the lack of data sharing, data portability agreements harmed many “private” blockchain-focused consortia. [↩]
One of the founders, Jeremy Gardner, gave a public presentation in January 2015 highlighting how Augur could be used for “assassination markets.” I challenged him, in front of the audience, why anyone in that room would find that useful. He tried to brush it off and has publicly called me a “derp.” [↩]
Because of rampant fraud, several local and national regulators inspected then banned several dozen trading platforms from offering ICOs on the mainland. [↩]
Over the course of reading the book I compiled a number of personal anecdotes that while relevant, probably should be part of a separate blog post altogether. [↩]
[Note: The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
As we have discussed before, “Web3” is a nebulous term that has been used to market a slew of products and services, often via “chainwashing.”
What is “Web3?”
This past week 25 guys and one gal signed and published a 741-word letter to senior U.S. legislators calling for “Support of Responsible Fintech Policy.” And while many “Web3” promoters do deserve a good chastising, this letter has many technical shortcomings and is a disappointment to those who have been in the trenches for years… before being a “critic” was considered en vogue. Worst, it doesn’t define what “Web3” or even a “blockchain” is or is not.
But let’s start with a comment that I thought was pretty good, the intro:
“Today, we write to you urging you to take a critical, skeptical approach toward industry claims that crypto-assets (sometimes called cryptocurrencies, crypto tokens, or web3) are an innovative technology that is unreservedly good. We urge you to resist pressure from digital asset industry financiers, lobbyists, and boosters to create a regulatory safe haven for these risky, flawed, and unproven digital financial instruments and to instead take an approach that protects the public interest and ensures technology is deployed in genuine service to the needs of ordinary citizens.”
I – along with a number of other independent researchers such as Angela Walch (who they referenced) – have publicly made similar requests in the past. For instance, the original conclusion in my 2018 WSJ op-ed expanded upon the lack of transparency and surveillance sharing for why the SEC has not approved a bitcoin-denominated ETF by stating, “…the retail public wants seductive narratives and fantastical returns. The supply of fraud will therefore grow to meet that demand.”
To reuse a cliché analogy, throughout most of 2021 you could probably throw a baseball at a collection of dapps and hit one that at the very least, played fast and loose with marketing high APR yields.
This was followed with a quizzical take:
“Not all innovation is unqualifiedly good; not everything that we can build should be built. The history of technology is full of dead ends, false starts, and wrong turns. Append-only digital ledgers are not a new innovation. They have been known and used since 1980 for rather limited functions.”
The first sentence probably has a lot of supporters, including myself, as it relates to non-proliferation of weapons of mass destruction. The somber and horrific legacies of the atomic and hydrogen bombs are certainly an example of something that should not have been built.
But the shade thrown at “append-only digital ledgers” is pretty farcical. Why do these authors get to determine what is or is not useful in the spring of 2022?
For instance, if we look at the core moving pieces of the Bitcoin blockchain, all of the main elements (“prerequisites“) had been around for years. And it was by assembling them together that we have arguably the first blockchain.1 The authors are taking a page from the lazy Maximalist playbook, one that does not withstand empirical scrutiny.
In looking at the “tech stack” of Big Tech, Google maintains a project called “Certificate Transparency” (implemented as “Trillian“).2 Certificate Transparency is not a blockchain, but it is a Merkle tree of things which are interconnected and signed and in production today.
From the Trillian team:
The ideas underpinning Certificate Transparency, Revocation Transparency and related efforts are not specific to certificates, but can in fact be used to make almost anything transparent. These technologies are strongly related to the much-hyped blockchain. The reality, of course, is that there isn’t a “the” blockchain, and that decentralisation is not always the answer. We are not making “the” blockchain, and we do not claim to support decentralisation.
As mentioned in a previous post, the problem with the a priori position that anti-coiners (and many maximalists) have is that over time they continually get backed up into a corner. Why? Because over the past decade we continue to see – empirically – how blockchains and blockchain-like elements are incorporated by a spectrum of organizations from Big Tech and Big Finance all the way down to small startups.
As Matthew Green (a cryptographer) explains in a thread on this topic, the granular fine points around “blockchain technology” is mostly bad:
Unfortunately the authors – while seemingly well intentioned – do not clearly state what parts of a blockchain they dislike, what parts of “distributed ledger technology” that they explicitly think is bad.
Furthermore, the idea of a neutrally owned, shared ledger is not a new concept. Several initiatives in the financial industry — such as a Joint Back Office (JBO) — pre-date the euphoria around blockchains but languished in concept mode.3 What is the lure for maintaining a shared ledger between (competing) organizations? Resiliency and reduction of reconciliation often come up as two of the main reasons but the list is long and deserves its own post. Suffice to say, claiming that “append-only digital ledgers” are a plaything of the ’80s is not even wrong.
Another broad sweeping set of statements that lack precision:
As software engineers and technologists with deep expertise in our fields, we dispute the claims made in recent years about the novelty and potential of blockchain technology. Blockchain technology cannot, and will not, have transaction reversal mechanisms because they are antithetical to its base design.
As Green and Byrne (among other responders) have pointed out, there is a missing nuance by the authors in that there are different types of blockchains. For instance, depending on the implementation some permissioned blockchains allow – in theory – certain participants to freeze transactions.4
Likewise on public chains, administrators of USDC, USDT, and other collateral-backed pegged coins, regularly blacklist and freeze transactions. In fact, any chain with smart contract functionality can provide some form of reversibility (or at the very least, freezing of state). We also see this empirically during and after exploits, with developer teams freezing tokens.
This is a strange miss because one of the signatories is Stephen Diehl, who as far back as July 2017 (when I spoke to him in an official meeting) was/is the CTO and director at Adjoint, which is a British private blockchain firm that has previously announced payment-related partnerships.
This statement starts out good:
Similarly, most public blockchain-based financial products are a disaster for financial privacy; the exceptions are a handful of emerging privacy-focused blockchain finance alternatives, and these are a gift to money-launderers. Financial technologies that serve the public must always have mechanisms for fraud mitigation and allow a human-in-the-loop to reverse transactions; blockchain permits neither.
Green (and suzuha) points out that the authors are trying to have their cake and eat it too:
For example, as far back as 2015, banks involved in R3 presented use-cases that required – by law – protection of PII. At the time, any company or organization wanting to engage with regulated financial institutions quickly learned how PII was an unmovable touchstone (see this related presentation). And so from those functional requirements arose different solutions ranging from hardware-based solutions (like SGX) to software-based solutions (like ZK-Snarks). The public chain world was often where these ideas either first originated or at the very least, first tested.5
Over the years I have regularly pointed out how privacy and confidentiality-features could be used for a sundry of illicit activities. But just because it could be used by those types of actors, does not mean it regularly is.
On that point, in 2016 I helped edit a paper on this very topic. It was co-authored by Danny Yang (founder of Blockseer), Zooko Wilcox-O’Hearn, and Jack Gavigan. Wilcox-O’Hearn and Gavigan are executives at the Electric Coin Company, a for-profit company leading the development of Zcash. Worth pointing out that one of the signatories on the letter above amplified false information about myself two months ago, claiming I was not an advisor at Blockseer. Not only is this false, but I still own the equity in DMG Blockchain (which acquired Blockseer four years ago). This calls into question the credibility of the individuals amplifying information they did not fact check. What other false information are they claiming about blockchains?
Scare quotes is not the only thing that harms this section:
By its very design, blockchain technology, specifically so-called “public blockchains”, are poorly suited for just about every purpose currently touted as a present or potential source of public benefit. From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence, despite far better solutions already in use.
The paragraph preceding this one also mentions “public blockchains” but doesn’t use quotes around it. And neither defines or provides nuance to explain the differences between “permissioned” (or private) blockchains compared with “public” (or anarchic) blockchains.
Either way, the authors make a good argument about how pulling on the heart strings of financial inclusion is mostly bupkis and I agree, and others have pointed that this rings hollow too.6 To strengthen this, the authors should have provided a citation or at least an example of “far better solutions already in use.” For example, Raúl Carrillo (who is not one of the listed authors) has pointed to Postal Banking as a possible avenue for (re)banking not just marginalized persons. Blockchains aren’t need for that or arguably for other retail activity.7
The next part of the paragraph is painfully arbitrary:
After more than thirteen years of development, it has severe limitations and design flaws that preclude almost all applications that deal with public customer data and regulated financial transactions and are not an improvement on existing non-blockchain solutions.
First of all, the first web browser (appropriately called the “WorldWideWeb“) was launched in 1990. It wasn’t until 2004 that Google revealed Ajax-based Gmail followed by Google Maps. If the authors are trying to make the claim that anything (everything?) useful should have been invented in 13 years then they should hold other tech initiatives to the same standard.
The lack of nuance in this letter is striking because not every blockchain is based on the purposefully limited architecture of Bitcoin. Between 2009-2015, a typical on-chain user could only access Bitcoin or a Bitcoin-based fork or clone (like Litecoin). Ethereum and other chains with a virtual machine, did not launch until the summer of 2015.8 That is part of the reason why regulated financial institutions (Big Banks) and large technology companies (Big Tech) began deploying resources in this sector in 2015: first with consortia and later setting up their own internal teams of subject matter experts. What a user could do with a blockchain changed over time thus a priori declaring “almost all applications” dead is incredulous.
And again, the authors provide no examples of what “existing non-blockchain solutions” they are referring to. For example, every single major vendor that provides core banking software for banks — such as FIS, Fiserve, and Jack Henry — have integrated tools that enable the software to interact with or hook into a blockchain. Every major Big Cloud vendor provides both tools for blockchain node operators as well as dedicated “Web3” development teams to compete with Alchemy and Infura. Several CSDs and CCPs have invested in a blockchain-focused company (like Digital Asset or Axoni) and have announced blockchain-based pilots. Pretending that this digitization and tokenization trend is not occurring beyond niche NFT art collections is intellectually dishonest.
I agree with most of this statement but it needs nuance:
Finally, blockchain technologies facilitate few, if any, real-economy uses. On the other hand, the underlying crypto-assets have been the vehicle for unsound and highly volatile speculative investment schemes that are being actively promoted to retail investors who may be unable to understand their nature and risk. Other significant externalities include threats to national security through money laundering and ransomware attacks, financial stability risks from high price volatility, speculation and susceptibility to run risk, massive climate emissions from the proof-of-work technology utilized by some of the most widely traded crypto-assets, and investor risk from large scale scams and other criminal financial activity.
The nuance these authors need to include is defining what “blockchain technology” is and is not. Trillian is not a blockchain but shares several common elements. Thus throwing the baby with the bath water flies in the face of the empirical reality.9 As far as criticisms around the negative externalities created by proof-of-work-based blockchains: I 100% agree. I have written on this topic roughly every 18 months. What would strengthen their statement is to provide actual statistics and data regarding each of their points (the data exists from companies like Chainalysis or previously, Blockseer).
Their polemical statement meanders on a bit more but this statement is worth assessing:
The catastrophes and externalities related to blockchain technologies and crypto-asset investments are neither isolated nor are they growing pains of a nascent technology. They are the inevitable outcomes of a technology that is not built for purpose and will remain forever unsuitable as a foundation for large-scale economic activity.
The second sentence falls under Hitchens razor: that which is presented without evidence can be dismissed without evidence. In fact, we do know why Bitcoin was built, Satoshi explained it at length on mailing lists and in the white paper. And Bitcoin was just the first “blockchain,” other chains have arisen later that fulfill other requirements. Onyx from JP Morgan is now being used for trading intraday repos. Maybe Onyx is just a flash in the pan, but it serves as a narrative violation — and there are more than a dozen other examples that the authors are likely unaware of, just read Ledger Insights each week.10
Lastly, in the Financial Times, one of the authors was quoted saying:
“The computational power is equivalent to what you could do in a centralised way with a $100 computer,” said de Icaza. “We’re essentially wasting millions of dollars’ worth of equipment because we’ve decided that we don’t trust the banking system.”
This is true with respect to proof-of-work-based blockchains but not at all relevant to alternate Sybil resistant models like proof-of-stake (P-o-S). Conflating the two is not accurate. Also, de Icaza and others needlessly defend the status quo, both with comments like this as well as the letter itself. Fortunately for retail, “the banking system” is not completely static and changes over time (it is also not a single monolithic entity). Also, not a single author listed works for a financial institution yet opines on it; there are plenty of blockchain “skeptics” within the financial industry why not find one?
Which brings us to the next section.
(Un)intentionally defending the status quo
The only reason to publicly identify themselves is to give weight or credibility to the matters discussed in the letter. Even though this letter was directed at U.S. congressmen and women, more than half of the signees are neither US residents or citizens. Even though more than a handful work at public tech companies or large organizations that rely on donations, let us give them the benefit of the doubt that they were not explicitly defending the status quo.
Yet without offering specifics beyond vague “non-blockchain solutions,” the authors are implicitly defending both systemically important financial institutions (SIFIs) and systemically important cloud providers. Both are bad for society and we should not defend their existence.
It is worth pointing out apart from two or three, most of these authors were not actively critical during the very public 2017-2018 ICO boom.11 What has motivated them to self-deputize and attempt to police what can and cannot be done with a blockchain in 2022 and ignore those who have been pathfinders in prior years? Perhaps there is a good reason, busy solving other worldly problems. I am certainly a fan of more introspection by disinterested parties!
I have written about it before but if the aim is to (1) influence policy makers and work with (2) regulators, there are at least two ways to achieve their goals:
Set up a not-for-profit lobbying organization modeled after Coin Center… the Anti-Coin Center. Hire former regulators and policy makers and re-use the lobbyist blueprint to engage with decision makers. A couple of years ago I wrote out a general overview to a couple L1 creators, it’s not complicated. You don’t even need a blockchain. But it does require some capital to hire for various roles, so it is not completely lean (e.g., would probably need to hire an actual blockchain engineer instead of relying on IT administrators). Oh and someone who posts frivolous memes all day is a must.
About four months ago, I asked one of the authors to submit their concerns directly with various agencies, such as the SEC and CFTC. This can be done formally through a whistle blower process (I’ve done it!). An ad hoc Hail Mary… is to informally do so through letter writing campaigns coordinated on social media. And as they haven’t stated otherwise, instead of submitting paperwork, some of these authors spend all day engagement farming on social media. If the outcome is “to get regulators to do something” this seems suboptimal because U.S. regulators typically need a paper trail to get the bureaucracy moving.
The blockchain world needs critics and criticism but it also needs criticism that is technically valid. And this letter is not only imprecise but sounds like something incumbent technology firms would write to defend their turf (which probably isn’t how it originated).
Over the past 18 months, the most recent coin bull market brought in a slew of new commentators a few of whom have attempted to co-opt the term “critic.” Clearly no one owns this term, there is no monopoly on it. Heck, I’ve even been labeled a “crypto” or “bitcoin” critic on more than one occasion. Yet we are seeing a cottage industry of professional “skeptics” who have a priori made up their mind irrespective of the evidence presented.
In addition to writing the most widely cited paper on “permissioned” blockchains, I wrote the first long form discussion on potential systemic important cryptocurrency networks in 2018 and think it is a bit absurd that some anti-coin commentary claims that cyber coins currently threaten the entire financial system. Feel free to disagree, but the onus is on the party making the positive claim. The counterfactual occurred the past five months: more than half of the aggregate coin marketcap evaporated. As collateral-backed pegged coins unwound, they did not lead to massive treasury liquidations crushing the traditional financial market.12
This is not defending the way centralized, commercial-bank backed pegged coins arose or currently operate.13 Rather it is a statement of fact: today the cyber coin world is not “too big to fail” and hopefully it never will be. Contagion can be real and should be simulated and stress tested!14 There are plenty of good criticisms to be lobbed at the “Web3” world, none of which requires making up fanciful conspiracies or playing fast and loose with technical verbiage.
If we are going to (rightly) criticize startups, investors, and other interested parties for mis-marketing “Web3” we should provide specific reasons as well as definitions. And while we are at it, let us bring a fine comb and scrutinize other hyped tech verticals that dramatically impact the well being of individuals such as: A.I. and workplace discrimination, privacy rights over data (including identity).15
Crusades can be big tent and incorporate more than just a small echo chamber of folks who (rightly) point out that a lot of cryptocurrency buzz is likely a financial grift with little real utility. Yet it is not a coincidence that perhaps the best critics are actual practioners, engineers, and architects who saw the limitations or drawbacks in certain blockchain designs and decided to build a different way. If there is a second version of this letter, it is highly recommended that input from outsiders be solicited. Including the world’s richest man, Colin Platt!
Or maybe we’ll just have to settle for a Kimberley process for Web3 claims, for both promoters and pundits alike.
Send to Kindle
Depending on how it is defined, a candidate for the “original blockchain” was the Haber and Stornetta timestamping system published in 1990 (and thrice cited in the Bitcoin whitepaper). Therefore archaic blockchains had a useful niche before Bitcoin but were not capable of moving assets without a third party. Note: as they failed to provide a definition of a “blockchain” in their letter, the authors overly broad usage of “not useful” could encompass e-signature providers such as DocuSign and HelloSign. [↩]
One of the authors, Kelsey Hightower, works at Google, and a couple others work for large tech companies partly reliant on adtech revenue [e.g., monetizing personal information and data.] [↩]
At one point Accenture proposed an “edit” feature that does not appear to have been adopted by any chain. Stellar has implemented a feature that allows developers to “burn an asset.” [↩]
The experiments in the “dangerous” public chain space are funding and battle testing some of the new privacy and tech stacks that ‘Big Banks’ were not incentivized to build. Two examples in the U.S.: the FTX clearing proposal might be a better “exchange stack” than existing traditional finance operations and the Silvergate banking API (SEN) quickly confirms transactions based on on-chain data. Both services might not have been built even in the private blockchain world; at least they have not thus far. [↩]
To be fair, a number of financial incumbents and non-blockchain-related fintechs market their products and services as “financial inclusion.” They all attend many of the same events and sit on the same panels too. [↩]
See also the proposed E-Cash Act co-authored by Rohan Grey. [↩]
Technically Mastercoin, Counterparty, and several colored coin projects launched before Ethereum did, but they did not include a virtual machine that can run arbitrary code. [↩]
For balance, traditional financial markets also facilitate the transfer of illicit funds (money laundering) and ill-gotten gains from scams and fraud. The authors would have a stronger argument if they provided actual stats, e.g., what percentage of on-chain transactions involved illicit activities. [↩]
For instance, this coming October, a tokenized pound (‘synthetic CBDC’) on a blockchain platform operated by Fnality International will go-live in the U.K. Uptake may be slow in part because of issues around composability and because initial participants are banks that need to change the way they make payments. AntChain from Alibaba is a production chain used to settle e-commerce payments (connecting their banks to their merchants). Another example would be “perpetuals” which were conceived by Robert Shiller in 1992 and first implemented in 2016 by Bitmex, and now widespread on many major CEXs and a few DEXs. [↩]
The Federal Reserve Board annually conducts stress tests of the U.S. financial system. Similar tests occur in other countries. Researchers at the IMF recently released a paper describing the underlying framework of GST. [↩]
U.S. legislators at the national level have failed at providing a comprehensive digital rights and privacy framework, as well as A.I. auditing guidance. These issues are arguably just as important and impactful as cryptocurrency-related topics. [↩]
[Note: an IPFS and PDF version of this paper is available. The views expressed below are solely my own and do not necessarily represent the views of my employer or any organization I advise.]
This paper looks at the energy consumption of seven proof-of-work-based anarchic (public) blockchains such as Bitcoin and Ethereum. By using a hashrate division method – similar to the Cambridge Bitcoin Electricity Consumption Index – a lower bound and upper bound of mining hardware are provided. Based on this method we are able to show that proof-of-work chains continue to consume resources in direct proportion to the underlying coin value. Due to the rapid increase in coin value, proof-of-work-related activities – such as semiconductor manufacturing – are once again squeezing supply chains and retail channels, crowding out socially productive goods and services from entering the marketplace.
The model identified a bounded range for energy consumption. If we took the most efficient energy consumption assumptions (the lower bounds), these seven proof-of-work chains in aggregate consume 59.3 TWh per year, or roughly the footprint of Kuwait. In most cases – such as with Bitcoin itself – the lower bound is not realistic because the necessary amount of hashing equipment (miners) for that degree of efficiency has not been manufactured. In contrast, if we took a less conservative assumption and used the upper bound these same proof-of-work chains in aggregate consume 180.1 TWh per year, or roughly the footprint of Poland or Thailand. The upper bound scenario is likely unrealistic for coins that have seen their value (measured in USD) decline or stay the same (such as Litecoin). For those that have seen rapid appreciation (such as Bitcoin), it is possible that older equipment has temporarily been reconnected.
The paper is organized into several sections. Sections 1-4 provide a foundation for understanding how traditional financial market infrastructure, such as a real-time gross settlement (RTGS) system, operates, and uses Bitcoin and Ethereum as examples of how proof-of-work-based systems inherently result in socialized losses and e-waste. Section 5 contains calculations of smaller proof-of-work networks. Section 6 is a summary of the calculations found in the preceding sections. Sections 7 and 8 briefly look at misinformation spread as memes on social media. Sections 9 and 10 look at news reports covering several large ASIC and GPU mining operations. Section 11 provides several recommendations framed as a Call to Action.
This paper is a sequel to our occasionalseries on the energy consumption of proof-of-work (PoW) cryptocurrencies such as Bitcoin.
We will get to resource consumption in the next section, but let us start in reverse order this time.
Many Bitcoin promoters conjure a future world in which the future of finance clears and/or settles on the Bitcoin blockchain, and in which that the demand for PoW generating equipment (miners) will simultaneously usher in a greener world.
Putting aside the continual greenwashing that many advocates are guilty of, some of the same promoters are unaware of how clearing and settlement occur in existing financial market infrastructure.1 Take for example, a real time gross settlement (RTGS) system such as Fedwire.
Fedwire is categorized as systemically important financial market infrastructure due to the enormous amount of value it transfers and secures.
In 2018, Fedwire executed 158 million transfers with an aggregate value of $716 trillion (Federal Reserve, 2019). While many of the fund transfers executed by Fedwire were of small value, the average value per transfer in 2018 was $4.5 million.
Bureau of Economic Analysis (2019) estimated that 2018 total gross domestic product (GDP) was $20.5 trillion (para. 12). Fedwire may be viewed as a kind of force multiplier for the American economy by processing annual banking payments at 35 times the country’s GDP. Further evidence of Fedwire’s role promoting the efficiency of American financial markets can be seen by considering Fedwire payments against the aggregate value of all deposits at U.S. lending institutions – $12.6 trillion in March of 2019 (Federal Reserve Bank of St. Louis, 2019). Fedwire payments for the previous year were 57 times this figure.
We have discussed these types of large aggregates before in the past. For instance, a December 2015 paper from the Federal Reserve Board pointed out that, in the aggregate, U.S. payment, clearing and settlement systems process approximately 600 million transactions per day, valued at over $12.6 trillion.
When we mention these large, socially significant aggregates in conversations and debates at cryptocurrency-related conferences and events, many promoters are at a loss for words because they are unaware of these post-trade processes.
Another group – typically self-deputized coinfluencers – will proclaim that Bitcoin can move and secure the same value if not more, via metaphors.
The container ship fetish is a sleight-of-hand trick because Bitcoin versus a RTGS is not even a false dichotomy.
Simply: the Bitcoin blockchain only transfers and secures bitcoins. It does not move actual money like Fedwire does.2 In point of fact, all ramps into and out of the Bitcoin network necessarily involves connections and hooks into traditional financial infrastructure. Bitcoin is co-dependent on traditional finance, not the other way around. In other words, Fedwire can (and does) live without Bitcoin but Bitcoin intermediaries cannot live without Fedwire or other RTGS systems.
A tangentially related argument is that Bitcoin transactions are structured to move blocks of data that can include additional information beyond bitcoin itself: even if a single coin is a ‘container ship,’ Bitcoin structurally has more capacity or flexibility than traditional networks.
The problem with this argument is that it is entirely possible to do that with a non-proof-of-work system as well. In fact, a blockchain may not be necessary at all. The fact the U.S., or international co-ops like SWIFT, set up its payments system to move around specific types of (messaging) data was a generational choice but not a permanent design constraint. In other words, a PoW-based network architecture does not have an exclusive monopoly on richer or broader forms of data. That is a red herring when comparing the two systems.
What about “stablecoins” piggybacking on top of Bitcoin?
The ongoing growth of parasitic stablecoins (such as Tether) rely on reliable banking access, specifically dollars cleared by the New York Federal Reserve. Not to mention all the new traditional-style institutions and intermediaries hooking into Bitcoin for custody and trading. Don’t like old, monocle-wearing trusted third parties? Here are newer, hoodie-wearing trusted third parties to hold your coins!
More to the point, the majority of Bitcoin transactions today are simply bitcoins moving from one known intermediary to another, typically between coin exchanges for speculative purposes. If most of the endpoints and miners are self-doxxed then there is no longer a Sybil attack problem, removing the raison d’etre for proof-of-work.
How can we visualize this?
The monthly line chart (above) shows the USD value of bitcoins received by merchant services during the four year period (January 2017 – December 2020). Merchant services include processors such as BitPay, whom we have written about many times.3
Despite oodles of free marketing that bitcoin has received, payment-related activity is still lower than during the 2017 bubble. By some measures it is a zombie chain because Bitcoin users do not spend volatile chainletter earnings. Or more precisely, merchant processors handled less than $4 billion of bitcoin last year.
What is another key difference between an RTGS and proof-of-work chain such as Bitcoin?
We have discussed this multipletimes but it bears repeating: proof-of-work chains – by design – allow mining participants to fork or reorganize the chain. Block making is permissionless. Now in practice, this does not frequently happen because the cost to acquire hash-generating equipment needed to successfully double-spend or reorg a chain is often quite prohibitive.
Either way, all a proof-of-work chain can guarantee is probabilistic finality that some type of confirmation has occurred but that there is a possibility that a well-funded attacker could reverse or reorganize the chain. For example, in August 2020, Ethereum Classic was hit by three separate 51% attacks, one that was more than 7000 blocks deep.
In practice, the way some financial institutions involved in the cryptocurrency world (such as trading desks) mitigate the risk of a double-spend or reorg is requiring a certain amount of blocks confirmed (often 3-6 confirmations) before allowing users to have access to recently transferred funds.
Fedwire transfers are one-way, which means banks can wire funds out, but cannot debit other banks and wire funds in. Fedwire is a payment system and does not perform the traditional banking functions of managing deposits and withdrawals. It simply transfers funds between accounts within the Federal Reserve System. Once Fedwire transactions are complete, they are irrevocable.
What about the actual network infrastructure? Surely Fedwire needs millions of hash-generating machines to secure all of those transactions each day!
According to (Bilger 2020) Fedwire has around 6600 nodes, 25 which are considered “core” which also have backups in case of disruption. Critically: none of the nodes in Fedwire is purposefully consuming oodles of extra energy to generate hashes.
Because there is no Sybil attack problem in Fedwire, there are no nyms. Anarchic chains such as Bitcoin – by design – allow pseudonyms to participate in block making. To make it expensive to double-spend or conduct a block reorganization, proof-of-work was purposefully integrated in Bitcoin so that the attacker has to expend real economic resources to succeed.
This entire kludge is negated in Fedwire because all participants are known: it is permissioned.
What does this image (above) represent?
A single day of Fedwire transactions in 2004. According to (Bilger 2020), a group of researchers isolated links and the nodes that connect them, that team was able to determine that just 66 nodes and 181 links comprised 75% of the value of daily payments. These core nodes and links are illustrated above. And as mentioned a moment ago, the inner ring of approximately 25 densely connected financial institutions is also evident.
What does this all mean?
The participating computing infrastructure for Fedwire involves between ten and twenty thousand computers, none of which need to generate SHA256 hashes. Its participants securely transfer trillions of dollars in real value each day. And most importantly: Fedwire does not take the energy footprint of Egypt or the Netherlands to do so.
As we will see below, the more than 2 million machines used in Bitcoin mining alone consume as much energy as Egypt or the Netherlands consumes each year. And they do so while simultaneously only securing a relatively small amount of payments less than $4 billion last year.
In other words, Bitcoin currently uses about three orders of magnitude more computing machinery than Fedwire yet processes and secures significantly less.5 It is monumentally less efficient per watt on purpose.
Remember, the original purpose of Bitcoin was to enable P2P payments between unknown participants without intermediaries. Today, it has metastasized into a network that is primarily used for speculators to trade various coins and rarely used for actual payments. 6 And it involves a vestigial PoW infrastructure whose participants are identifiable because nearly all of the miners and major endpoints are self-doxxed.
This oxymoronic phenomenon — a resource intensive permissioned-on-permissionless infrastructure — has led to Ray Dillinger – one of the first Bitcoin users – to declare Bitcoin a disaster:
Bitcoin mining has encouraged corruption (Because it’s often done using electricity which is effectively stolen from taxpayers with the help of government officials), wasted enormous resources of energy, fostered botnets, centralized mining activity in a country where centralization means it’s effectively owned by exactly the kind of government most people thought they *DIDN’T* want looking up their butts and where the people who that government allows to “own” this whole business work together as a cartel.
There’s a pretense of monitoring the network to guard against a 51% attack, but to me it seems pretty clear that what they’re guarding against is merely the mistake of the cartel failing to give the latest warehouse full of miners a distinct network identity. The whole idea of proof-of-work mining is broken the instant hardware comes out which is specialized for mining and useless for general computation because at that point the need to have compute power for other purposes is absolutely irrelevant in having any effect on mining, and there ceases to be any force that causes mining to be distributed around the world. It becomes a “race to the bottom” to find where people can get the cheapest electricity, and then mining anywhere else – anywhere the government tries to make sure ordinary people actually get the benefit from electricity bought for tax money, for example – becomes first pointless, then a net loss.
We interviewed Dillinger a couple of years ago. Be sure to check it out.
Nornickel is a Russian mining and smelting corporation. Last year a series of news articles described how BitCluster, a Russian cryptocurrency mining company, was building a mining farm above the Arctic Circle in Norilsk. It chose this location in part because of the natural ambient cooling and in part to re-use land from a closed nickel smelting plant. The farm will utilize a local coal power plant to generate 11.2 MWh to power bitcoin miners.
The next several sections will dive into the energy consumption of the largest proof-of-work chains, including Bitcoin. As we will show, PoW chains are the equivalent of adding an undead country – a zombie chain – to the power grid: one that consumes energy and produces little beyond emissions.
If you are an asset manager considering whether or not to include proof-of-work coins in your portfolio – and have an ESG mandate – or a policymaker considering whether or not to encourage the proliferation of these types of coins in your jurisdiction, it is pretty clear that PoW coins such as Bitcoin are an ESGnightmare and not a suitable fit. If and when some (or all) of these coins transition to proof-of-stake is beyond the scope of this article.
There are multiple ways to estimate how much energy and how many resources (mining equipment, physical plant) are used generating hashes for a PoW chain.
One involves surveying miners and mining pools, and hoping they provide accurate self-reported information. Another method involves a bit of detective work, physically visiting locations or obtaining purchase order documents from mining manufacturers. However, this makes it hard to ascertain how much second hand equipment is being re-used.
For example, Bitcoin has a carbon footprint comparable to that of New Zealand, producing 36.95 megatons of CO2 annually, according to Digiconomist’s Bitcoin Energy Consumption Index (BECI). According to this tool, Bitcoin consumes as much power as Chile — around 77.82 TWh.
The Cambridge Bitcoin Electricity Consumption Index (BECI), a separate tool from researchers at Cambridge University, shows a much larger figure of 121.88 TWh — more than the entire annual energy consumption of the Netherlands.
There is one more simple method that everyone can do at home on their own computer. One that can create lower and upper bounds with a high degree of confidence. This is the hashrate division method which we have used multiple times in the past.
The way this works is by taking the publicly known hashrate of a network and dividing it by common hashing (mining) equipment metrics.
For example, on December 30, 2020, the Bitcoin network hashrate momentarily spiked to a record high 178.6 EH/s. That is exahashes per second (an exahash is one million terahashes).
How can we derive aggregate energy usage from this singular number?
Last May, Bitmain began shipping its Antminer S19 Pro. There is a bit of public information on how much each of these hashing units consumes and performs.
On paper a single S19 Pro generates a maximum hashrate of 110TH/s or terahashes per second with a power consumption of 3250 watts.
If the entire Bitcoin network were solely comprised of S19 Pro’s (which it is not), it would consist of around 1.624 million hashing machines consuming 46.2 TWh in a year. According to estimates from the EIA, that is about as much as Portugal or Singapore consumes each year. This is a likely lower bound for how much energy is being used.
But wait, where does the Egypt number come from?
Recall that the S19 Pro is basically the most efficient, mass produced machine available today. Due to variance (the inhomogeneous Poisson process), the network hashrate varies day to day. In the process of writing this article it has gone from as low as 140 EH/s to the spike mentioned above.
Due to the rapid increase in Bitcoin’s price over the last few months — because hashrate follows coin value — over the next several months it is likely that the hashrate will continue to grow as purchase orders are fulfilled and hit 200 EH/s by the end of this summer. This is why manufacturers like Bitmain are crushing it, with $327 million in cash holdings as of last month.
In practice, the network is not comprised of 1.6 million S19 Pro’s because Bitmain has not even produced half a million of them.
To get a more accurate figure we must look at older, but more common systems that are still running.
For instance, the Antminer S17e system can churn out 64TH/s running at around 2880 watts. If the entire network was comprised of S17e systems there would be about 2.8 million machines involved.
That’s about 70.4 TWh in a year. Which is about as much energy as Colombia or Bangladesh use.
But that is still not the upper bound.
Enter the older, but reliable Antminer S9i first released in May 2018 which can churn out 14 TH/s and consumes 1320 watts.
If the whole network was using S9i’s, then there would be about 12.8 million of these machines churning out hashes.
In a year these would consume 147.5 TWh or roughly the same amount of energy that Malaysia or Egypt use each year (this is larger than either Chile or the Netherlands).
While there are probably botnets trying to use CPUs or GPUs to mine bitcoin, the amount of hashrate generated by them is likely marginal. Thus the S9i approximation is probably the upper bound.
Manufacturers such as Bitmain, MicroBT, or Canaan will eventually reveal how many systems they have sold which will give us some better refinement on the lower bound, the minimum amount of machines being used.
But it is clear that the spectrum is at a bare minimum Portugal and likely closer to Malaysia or Egypt, especially with so many people and companies trying to bring on older systems right now. This would put Bitcoin around the 27th largest ‘country’ by energy consumption.
Is the hashrate division method a better estimate than the Cambridge or Digiconomist BECI models?
They both have their tradeoffs. The Digiconomist model is inherently more conservative because it is based on miners’ income, whereas the Cambridge model uses a similar framework as the hashrate division method, starting with mining hardware that is available.
In any case, it is clear that while the energy consumption is somewhere between the Netherlands and Egypt, there is not an equivalent economic gain to the same degree.
Another way to say this is that: historically as a country develops it produces more economic output per unit of energy input, getting more output with less input. For example, U.S. energy consumption has been relatively flat since 2000 yet its GDP has more than doubled over the same period. Likewise following reunification, Germany’s GDP growth rapidly outpaced energy consumption.
But the opposite occurs with Bitcoin and other PoW coins. The more valuable a PoW coin becomes, the more energy is used to extract (mine) it. We have written about this phenomenon before, in which the marginal cost to mine eventually equals the marginal value of the coin (MC=MV).7
As a result, PoW is clearly not something a fund with an ESG mandate should want to be involved in.
(3) Socialized losses and e-waste
Speaking of older systems, because these hash generating systems are single use ASICs (i.e., they can only do one specific thing: generate SHA256 hashes), they are often discarded in a time frame of 18-24 months. Some parts are salvaged and reused – such as the power supplies – and sometimes a new buyer is willing to acquire used machines second hand (as in the case of North Korean coin miners).
One estimate is that around half of all data center energy usage is now tied to Bitcoin mining. In fact, the energy consumption of Bitcoin is more than the combined energy use of Amazon, Google, Microsoft, Facebook, and Apple. And the e-waste that is generated annually from discarded mining equipment is roughly equivalent to what Luxembourg throws in the trash each year.
This also does not include the socialized costs – and privatized gains – that miners place on specific geographies due to the type of energy used in generating the hashes.
Below are several recent examples:
In December 2020, Gazprom (the state owned petroleum company in Russia) announced that a natural gas subsidiary in Siberia was setting up coin mining equipment on-site. Based on recent stories, similar setups have been built in natural gas fields in the U.S.
Another example of socialized losses and privatized gains: the Republic of Georgia. Bitfury Group used its political connections to obtain property at below-market rates and now the Republic has the distinction of having 10% of the country’s energy production siphoned off by Bitfury’s mining operations.
A coal-fired powered plant in Yates County, NY was converted to natural gas back in 2017. The owners of this 20 MW plant are trying to expand it to 106 MW, to mine more bitcoins. Putting aside the emissions this plant will create, it will also consume vast quantities of water – 150 million gallons per day – which will get discharged back into the lake solely to provide cooling to machines that can and do one thing: generate SHA256 hashes. Unsurprisingly the locals sued.
Miners in southern China depend on coal-fired power plants, especially during the winter. Due to trade frictions between Australia and China involving coal transportation ships – PoW miners which depend on these taxpayer financed coal-fired plants – are struggling with the ensuing power shortage.
Kazakhstan is allocating taxpayer funds to build more than a dozen mining farms. These are mostly powered by coal-fired plants. Miners at a 180 MW facility in Ekibastuz will consume as much electricity as needed to power 180,000 U.S. homes.
Due to concerns that the record price for PoW coins like Bitcoin could cause an energy crisis in Abkhazia, the state-owned utility (Rosseti) has banned all coin mining.
Why? Because state-run facilities are regularly targeted by electricity thieves:8
Beginning with the 2017 “crypto boom,” Rosseti started noticing abnormal jumps in electricity consumption in numerous Russian regions. The firm identified unauthorized cryptocurrency mining farms and estimated the damage to be over 718 million rubles—about $9.5 million—a significant part of which has already recovered through court procedures.
The “black” miners are known to do more than just tap into power lines. Illegal Bitcoin operations actually build their own transformer stations.
This is by no means an exhaustive set of sources on the topic. The examples serve to reinforce how PoW mining can be a one-way wealth extraction (privatizing gains) whilst externalizing environmental costs.
Like Bitcoin, the past month has seen Ethereum (ETH) hit several new record prices. Unsurprisingly this has also led to a new record in hashrate, at over 360,000 GH/s.
In December 2020, a mining manufacturer in China, Linzhi, revealed an early demonstration of its new Phoenix mining machine via F2Pool. According to the demo, the Phoenix could generate 2,600 MH/s and consume 3,000 watts. It has not shipped any to the retail market and it is unclear when it might.
In contrast, the most efficient ASIC mining system on the market today (for Ethash) is the InnoSilicon A10+ Pro. A single A10+ Pro can generate 500 MH/s and consume 1,300 watts. This is just slightly faster than the A10 which the previous article used as a baseline.
The Ethereum network hovers at over 360,000,000 MH/s per day. That is equivalent to 720,000 A10+ Pro’s.
Annually these machines would consume 8.2 TWh. That’s about as much as the Congo (DRC) or Trinidad and Tobago consume. This would probably be the lower bound.
As mentioned in the previous article, there are many mining farms that still use GPUs to mine Ethereum. So much so that it has led to a massive, publicly reported on shortage of high end cards from Nvidia and AMD.
Without any modifications, the top-of-the-line GeForce RTX 3090 can churn out 122 MH/s and consumes 350 watts. ((With some tweaking this can reportedly be increased to 150 MH/s.)) This makes it about 50% faster compared with the 3080.
A network entirely composed of 3090’s would involve 2.95 million GPUs. Altogether they would consume about 9.1 TWh per year. This is about as much as Bolivia or Panama consume annually.
As you can see, as these GPUs have closed in on the previous generation of ASIC, this has led to some speculation that GPU manufacturers such as Nvidia may once again roll out GPUs just for cryptocurrency mining (again). The last time was a major dud as Nvidia had to write-off over $57 million in hardware due to a glut in 2018.
What is an upper bound for Ethereum mining?
This is a bit harder to guesstimate compared with the upper bound for Bitcoin or Bitcoin Cash, because of the unknown factor: how many GPUs are being used. Anecdotally it appears that a lot of less efficient GPUs and older ASICs are likely being used due to the run-up in ETH.
For example, an overclocked RTX 2080 can generate 35.3 MH/s and consume 235 watts.
An entire network of overclocked 2080’s would consist of 10.2 million GPUs. These would consume about 21 TWh per year. This is about as much as Azerbaijan or Ecuador uses annually.
In the summer of 2018 it was estimated there were around 10 million GPUs churning hashes for the Ethereum network. For instance, JPR Research estimated that 3 million GPUs were sold to cryptocurrency miners in 2017. During those heady days, mining farms such as Genesis Mining, rented 747s to fly large batches of GPUs to its mining farms.
Because of the mix of older, less efficient GPUs (such as the RTX 10 series) or first generation ASICs that have been switched back on, it is likely that the network hashrate is closer to the upper bound of Ecuador than mid-range of Bolivia or Panama. This would put Ethereum around the 70th largest country by energy consumption.
Unlike many Bitcoin promoters, most Ethereum developers – and even some miners – believe that this energy footprint is temporary, pointing to an ongoing transition to proof-of-stake which started with the Beacon chain (Phase 0) launched last December. Obviously the work-in-progress towards PoS has been known since before mainnet was even launched, yet it has been a slow slog.
Despite the desire of developers to quickly sunset proof-of-work, last month we contacted Vitalik Buterin who pointed out that there is currently no EIP to switch over from PoW to PoS. Based on the roadmap at least one EIP is expected to be crafted during the year.
It also bears mentioning that Buterin – unlike Bitcoin promoters – recognizes the large aggregates of energy consumption that PoW chains account for. In an interview three years ago he explained:
“I would personally feel very unhappy if my main contribution to the world was adding Cyprus’s worth of electricity consumption to global warming.”
While “DeFi” usage and total-value-locked (TVL) has soared since the previous two articles on this topic were published, this would be an ends-justify-the-means argument. Not a fallacy per se, but also not a frequently used argument, because greenwashing is not part and parcel to the Ethereum ecosystem.
(5) Other large PoW chains
The fact that Litecoin is still a “Top 10” coin in 2021 should indicate how ridiculous proof-of-work coins are for society. No one really uses it for anything. Except one guy who invested more than he could afford to.
In fact, the hashrate is roughly the same today as it was two-and-a-half years ago because — as pointed out many times — hashrate follows coin price. Its most recent surges were due to PayPal adding it as an option users could buy or sell with, and an adult website (PornHub) that announced it would accept it as a form of payment.
Despite having launched several years ago, Bitmain’s Antminer L3+ is still basically the top ASIC mining unit that is used today. It generates ~500 MH/s with ~800 watts. A slightly more powerful L3++ is on the market as well.
At around 300 TH/s, there are the equivalent of about 600,000 L3+ machines generating hashes for Litecoin. In aggregate, these machines would consume 4.2 TWh per year. It would be placed around 130th, between Namibia and Cyprus.
The Antminer L3++ specifications are similar:
Hash Rate: 580 MH/s ±5%
Power Consumption: 942W + 10% (at the wall, with APW3 ,93% efficiency, 25C ambient temp)
If only L3++’s were used, the outcome would be about the same. 9
This consumption is pretty absurd once we factor in things like how there are only a couple of active developers who basically just merge changes from Bitcoin into Litecoin. In other words, one of the largest PoW networks has very few users or developers, yet consumes the same amount of energy as Cyprus.
How is that a socially useful innovation?
(5b) Bitcoin Cash
Unlike Bitcoin, Bitcoin Cash has seen a dramatic decline in hashrate since it briefly peaked at over 5 million TH/s in 2018. In fact, it is now oscillating around 1.3 million TH/s, or half of what it was 15 months ago.
The calculations for Bitcoin Cash are very straightforward since it is just a modified version of Bitcoin.
Recall from above that a single S19 Pro generates a maximum hashrate of 110TH/s or terahashes per second with a power consumption of 3250W.
A network consisting of just Bitmain S19 Pro systems would comprise about 12,000 systems.
In a given year these would use about 336 GWh, this will serve as our lower bound.
Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 174th or about the same as Burundi. Despite the fact that BCH has almost doubled in value since the last article, the hashrate decline is likely due to more efficient hardware now available.
This presents a problem for potential malicious forks as an attacker could rent hardware (via NiceHash) or purchase older discarded hardware previously used for Bitcoin mining. There are disagreements as to how to prevent this but most of them involve some kind of centralized group of developers manually inserting themselves into the validation process (via block signing).
For an upper bound, let us use an S9i for approximation. Recall it churns out 14 TH/s and consumes 1320 watts. That would involve about 93,000 systems consuming 1,073 GWh placing it somewhere between Fiji and Benin at 160th place.
Unlike last update, there is relatively little economic activity beyond speculators moving coins from one intermediary to another. In fact, an economist with Chainalysis noted that Bitcoin Cash saw less merchant processor volume, about $12 million in 2020.10
Clearly on-chain payments is not the use case, even though the infrastructure exists to do so.
Unlike the previous article, it appears that the decision makers behind Monero stopped trying to fork it every six months to prevent involvement from ASICs.
At the time of this writing Monero’s hashrate is hovering near its all-time high, likely due to the fact that XMR’s price has also risen, reaching a two-and-a-half year high.11
Compared with the previous article, the hashrate has increased nearly six fold to about 2 GH/s. And it is believed that most of this hashrate is still generated by GPUs and CPUs.
There are lots of how-toguides for building a CPU-focused Monero mining system, and NiceHash even has an easy-to-use profitability calculator.
In the previous article we looked at a Vega-based GPU build, which could still work, but again, CPU mining is still typically used for Monero. Currently the top performing CPU system on Monero Benchmarks is a modified 3990X Threadripper which generates 64,000 hashes/s and sips 600 watts. Note: these are self-reported, user-submitted numbers.
If the entire network were composed of just this type of machine, there would be 31,250 systems running. They would consume 164 GWh annually. This would place it around 195th, between American Samoa and Saint Kitts and Nevis. This would be the lower bound.
For comparison, a slightly more common Ryzen 3600 generates 7,400 hashes/sec and consumes 100 watts. A network would consist of around 271,000 systems. They would consume about 237 GWh annually. This would place it around 190th between Chad and Sierra Leone.
In terms of GPUs, a RTX 3090 generates 2053 hashes/sec and consumes 350 watts. A network of these would involve 974,184 systems. Altogether they would consume about 2,987 GWh per year. This would place it around 136th, between Montenegro and Jamaica. This is not the upper bound.
As you can see, just like ASICs in sections above each older or slightly less energy efficient CPU or GPU system will incrementally increase the aggregate energy consumed.
For instance, in the previous article we looked at a 12-card Vega build, the user was able to generate 28,100 hashes/sec and consume 1920 watts. That’s about 2341 hashes per card.
That’s about 854,335 GPUs each sipping 160 watts. Altogether these consume 1,197 GWh annually. This is still not the upper bound.
What is the upper bound then?
Without knowing how many large scale (organized criminal botnet) farms there are, it would be hard to guess because of how easy and common CPU mining is, especially CPU-cycle theft. For instance, cryptojacking malware is so commontoday, that there is a distinct possibility that you know someone who is a victim, it might even be you. Monero is typically the top coin mined in this process. We could do an entire article on all of the variants that have come and gone.
A few months ago a manufacturer, ASICLine, claimed to be shipping a mining system that can generate hashes for Bitcoin, Litecoin, Ethereum, and Monero. Because of how inflexible ASICs are, it is unlikely that their claim is true. While we would like to be able to say for certain how much energy Monero is consuming, there is a possibility that someone has built a custom ASIC (or FPGA) which could throw off our estimate.
Based on the same electricity consumption chart as the others, we can guesstimate that Monero drinks around 1 GWh a year and would be placed somewhere definitely above Chad and probably below Montenegro.
(5d) BSV and ZEC and DOGE
There are hundreds, if not thousands, of dead PoW coins. Three proof-of-work coins that have remained in the “Top 50 as measured by USD” over the past few years are Bitcoin SV (BSV) and Zcash (ZEC) and Dogecoin (DOGE).
BSV was created (forked) by Craig Wright, an Australian who claims – without sufficient evidence – to be Satoshi Nakamoto.
Due to a lack of interest beyond a core group of his followers, BSV — as measured in USD — has declined relative to its cousins BTC and BCH. As a result, its hashrate has also declined. At the time of this writing it is just over 600 PH/s, which is a two-and-half-year low. This makes it relatively inexpensive to successfully double-spend or reorg the chain.12
If the BSV network was composed only of S19 Pro’s there would be around 5,454 systems consuming 155 GWh per year. That is about as much as America Samoa at around 200th place. This is the lower bound. An upper bound is unknown but if we re-use the S9i there would be about 43,400 of these systems consuming 502 GWh. That would put it around Andora or South Sudan, around 170th place.
There are a number of gambling-related apps that have been built around BSV, but no substantive economic analysis beyond the regular speculation that dominates in other chains.
Zcash received a lot of attention when it first launched for its privacy and confidentiality (opt-in) properties. For one reason or another, it has not seen as much market interest as Monero (despite arguably having stronger technical capabilities).
Either way, at the time of this writing Zcash’s current hashrate (6.79 GH/s) is hovering near its all-time high. That may sound like a relatively small number compared to Bitcoin or Ethereum, but it uses a hashing algorithm called Equihash, which is more difficult to generate hashes. Unlike Monero, it is primarily mined via GPUs instead of CPUs. There are a variety of online calculators and guides comparing different setups.
There are also multiple ASIC miners for ZEC available including the Antminer Z15. The Z15 churns out 420 KH/s and consumes 1,510 watts. If the entire network were comprised of these ASIC machines there would be about 1,620 of them. Altogether they would consume 21.4 GWh each year. It would rank around 215th, near the Falkland Islands and Kiribati. This would be the lower bound.
One of the slightly dated comparisons involved tweaking a Nvidia 1080 Ti. One user was able to achieve around 641 H/s at 300 watts. A network of these GPUs would comprise 1.06 million GPUs. These would consume about 2,783 GWh. That would place it around 140th, between New Caladonia and Mauritius. While there may be older GPUs and even some CPUs mining, this is probably closer to the upper bound.
What about Dogecoin?
We wrote a bit about Dogecoin in 2014 but stopped because it merge mined with Litecoin in September of that year. While it is no longer independent — as it piggybacks off of Litecoin mining — people still mine it with the same L3+ machines mentioned above (both Litecoin and Dogecoin use the same hash generating algorithm called ‘scrypt’). Despite new record highs in prices, Dogecoin’s hashrate is about 30% less than its all-time high. In fact, it is nearly identical to Litecoin’s hashrate because it uses the same farms and pools. While some have suggested that this is an efficient usage of resources (two-chains-for-the-price-of-one) it creates a top-heavy situation that in theory, makes them both less secure.
(6) Status check
With all of these numbers and calculation spread around, let us briefly collate them in an easy to view section.
If the entire Bitcoin network were solely comprised of:
S19 Pro: it would consist of around 1.624 million machines consuming 46.2 TWh in a year. That is about as much as Portugal or Singapore consumes each year. This is a likely lower bound for how much energy is being used.
S17e: it would consist of around 2.8 million machines consuming 70.4 TWh in a year. Which is about as much energy as Colombia or Bangladesh use.
S9i: then there would be about 12.8 million of these machines consuming 147.5 TWh or roughly the same amount of energy that Malaysia or Egypt use each year. While there are probably botnets trying to use CPUs or GPUs to mine bitcoin, the amount of hashrate generated by them is likely marginal. Thus the S9i approximation is probably the upper bound.
If the entire Ethereum network were solely comprised of:
A10+ Pros: it would consist of about 720,000 machines consuming 8.2 TWh. That’s about as much as the Congo (DRC) or Trinidad and Tobago consume. This would probably be the lower bound.
GeForce RTX 3090: it would consist of 2.95 million GPUs consuming 9.1 TWh per year. This is about as much as Bolivia or Panama consume annually.
GeForce RTX 2080 (overclocked): would consist of 10.2 million GPUs consuming about 21 TWh per year. This is about as much as Azerbaijan or Ecuador uses annually and is a possible upper bound. Because of the mix of older, less efficient GPUs (such as the RTX 10 series) or first generation ASICs that have been switched back on, it is likely that the network hashrate is closer to the upper bound of Ecuador than mid-range of Bolivia or Panama. This would put Ethereum around the 70th largest country by energy consumption.
If the entire Litecoin network were solely comprised of:
Antminer L3+ there would be about 600,000 machines consuming 4.2 TWh per year placing around 124th, between Moldova and Cambodia.
It is commonly believed that there are few, if any, dedicated GPU miners due to the inefficiencies relative to ASIC equipment. Hypothetically these GPUs would serve as an upper bound.
If the entire Bitcoin Cash network were solely comprised of:
S19 Pro: would involve about 12,000 systems consuming 336 GWh, this will serve as our lower bound. Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 174th or about the same as Burundi.
S9i: it would involve about 93,000 systems consuming 1,073 GWh placing it somewhere between Fiji and Benin at 160th place. This is a possible upper bound.
If the entire Monero network were solely comprised of:
A single (modified) 3990X Threadripper: there would be 31,250 systems consuming 164 GWh annually. This would place it around 195th, between American Samoa and Saint Kitts and Nevis. This would be the lower bound.
A single Ryzen 3600: would consist of around 271,000 systems that consume about 237 GWh annually. This would place it around 190th between Chad and Sierra Leone.
An RTX 3090: a network of these would involve 974,184 systems consuming about 2,987 GWh per year. This would place it around 136th, between Montenegro and Jamaica. Because of rampant CPU-cycle theft and cryptojacking, this is not the theoretical upper bound.
If the entire BSV network were solely comprised of:
S19 Pro: there would be around 5,454 systems consuming 155 GWh per year. That is about as much as America Samoa at around 200th place. This is the lower bound.
S9i: there would be about 43,400 of these systems consuming 502 GWh. That would put it around Andora or South Sudan, around 170th place. This is a likely upper bound.
If the entire ZEC network were solely comprised of:
Antminer Z15: there would be about 1,620 of them consuming 21.4 GWh each year. It would rank around 215th, near the Falkland Islands and Kiribati. This would be the lower bound.
A tweaked Nvidia 1080 Ti: would comprise 1.06 million GPUs consuming about 2,783 GWh. That would place it around 140th, between New Caladonia and Mauritius. While there may be older GPUs and even some CPUs mining, this is probably closer to the upper bound.
What does this all mean?
As mentioned above (and in numerous previous articles) there are hundreds if not thousands of dead or dying PoW chains.
If we took the most efficient energy consumption assumptions above (the lower bounds), these seven PoW chains consume 59.3 TWh per year. Roughly the footprint of Kuwait, around 46th place. But in most cases – such as with Bitcoin itself – the lower bound is not realistic because the necessary amount of efficient hashing equipment (miners) have not been manufactured.
In contrast, if we took a less conservative assumption and used the upper bound these same PoW chains consume 180.1 TWh per year. Roughly the footprint of Poland or Thailand, around 25th place. The upper bound scenario is likely unrealistic for coins that have seen their value (measured in USD) decline or stay the same. For those that have seen rapid appreciation (such as Bitcoin), it is possible that older equipment temporarily comes back online until newer replacements are installed.
And yet, in either scenario, these PoW networks are not also adding the equivalent GDP output of similar sized countries. Society is in effect, at a net loss.
As we have mentioned in this article and others, historically, as a country industrializes, its growth is often limited by access to energy which throttles its energy consumption. Simultaneously, as it grows and develops, it becomes more efficient per wattage of input.
In the United States, energy intensity has been declining steadily since the early 1970s and continues to decline in EIA’s long-term projection. A country’s energy intensity is usually defined as energy consumption per unit of gross domestic product (GDP). Greater efficiency and structural changes in the economy have reduced energy intensity.
Despite dozens of RTGS systems being deployed across the world, in no instance do any of them consume the footprint of a small or medium sized country to operate.
The next section will look at some of the coin promoters and how they try to whitewash this issue away.
Only two nuclear reactors have been built in the U.S. in the past 25 years. One of the reasons why others may not be built in the future: the shale boom.
Interested in hearing the twenty-first century equivalent of “smoking is good for you”?
On with the show!
No, Bitcoin is not a battery.
Contrary to the musings of venture capitalists with a heavy stake in coins (and coin mining), mining PoW chains is not the same as a battery. It should be obvious that energy used in mining is not reusable, it is turned into heat as it enters the environment. When miners pay bills they convert some of their holdings into actual money, energy is not released in this process because no energy was stored to begin with.
It is hard to know where to start with this batch of Bitcoin promoters, nearly all of whom work for prominent cryptocurrency intermediaries.
Fun fact: despite continual claims that Bitcoin will spur development of Thorium-based nuclear power plants, to date, there have been zero Thorium plants built let alone funded by Bitcoin personalities.
What about stranded energy?
In practice “stranded energy” means there is some kind of inefficiency in storage and/or the transportation grid. In some cases capital could be used to increase efficiencies (e.g., new pipelines) which could reduce the price of energy extraction or transmission. Yet because it is stranded, it centralizes PoW mining in that specific area.13
But what about renewables?
Hitchen’s Razor: That which can be asserted without evidence, can be dismissed without evidence.
Even when a region has hydroelectricity available, the hydro power is not consistent throughout the year. Consistent energy generation has led Bitcoin miners to areas which they perceive as stable, which often involves coal power. The “renewable argument” that many Bitcoin promoters use, neglects to account for the ‘seen and unseen’ opportunity costs involved. For example, solar panels and wind farms still require land that could otherwise be used for different, more productive purposes; likewise dams can be deconstructed allowing habitats to regrow and rivers restored. 14
In terms of cyclical generation, even in the summer, when hydroelectric dams are at their peak output in the northern hemisphere, Cambridge BCIE estimates that more than half of energy generation still relies on non-renewables such as coal or gas.
Many miners themselves do not provide any reason to believe this. Cambridge surveys miners, and they indicated that while a majority has renewables in the energy mix, only 39% of mining is done with renewables (as it can be a small part of the energy mix).
The location data above is from Cambridge, sourced from mining pools rather than a survey. If you look at where miners are situated most of the time, you also see that while they use some renewables during the summer (wet season) in China, they are using fossil fuels the rest of the year.
According to Stoll et al., the carbon intensity of the energy used for mining Bitcoin was 480-500g CO2 per kWh in 2019 and went up to more than 550g CO2 per kWh recently due to increasing popularity of Iran and Kazakhstan. 8% of miners are now using sanctioned Iranian oil-based energy to mine.
There is also a steady stream of on-the-ground local stories providing anecdotes to the rush for relatively cheap energy. For instance, clandestine Bitcoin mining in Iran is believed to be one of the reasons for a rash of blackouts (and smog).
Lastly, even if Bitcoin miners were mostly run on renewables (which is not occurring) Bitcoin mining could not be considered environmentally friendly. Why? Because of the regular cycle of e-waste that is created as next generation ASICs are introduced.
Whataboutery is commonplace and normalized in the cryptocurrency world.
Tired of policy makers pointing out that illicit activity is attracted to KYC-less chains? Whatabout HSBC! Dislike the moans from hospitals impacted by Bitcoin-funded ransomware operations? Whatabout nuclear warfare!
This fallacy rears its head in the discussion of energy consumption: ignore this category of waste because there is also a category of waste there!
This is not a contest to waste as much energy as possible. Aircraft carriers, submarines, and airborne infantry divisions do not protect RTGS systems. All wasteful activities – such as nuclear warhead production – can clearly be categorized as bad and undesirable. It is also unclear from that thread how Bitcoin can end war or reduce military spending.
Speaking of poor analogies:
If we are going to play along with this game above: we actually know who participates in Federal Reserve decision making processes. Whereas we still do not have a regularly updated list of who funds those with merge control in the Bitcoin Core github repo.
At the time of this writing about 70 RGTS systems are live across the world. But only a small handful of countries with an RTGS also have nuclear weapons and/or aircraft carriers. And only six have both. 15 This illustrates that you can have one – a secure large value transfer system – without the other.
Held’s argument is a Whataboutism. Why? Because this is not a contest over who wastes more (or less).
As Galloway correctly points out in that thread: no one is trying to run a PoW-based payment system with Christmas lights. Christmas light operators are not incentivized to string up more lights as the aggregate market capitalization of light manufacturers increases.16
No one is trying to run a PoW-based payment system with smartphones. Furthermore, telecoms do not need to consume oodles of more energy per extra unit of phone added to their networks. PoW chains empirically and theoretically will consume energy in direct proportion to the value of the coin price. That is why we continue to see ever larger amounts of ASIC machinery sold by Bitmain and MicroBT to miners, not less. Yet PoW chains do not have a monopoly on securing permissionless payment systems.
Proof-of-stake (PoS) chains require some electricity too. If this was a comparison of say Polkadot or Avalanche (both of which are PoS-based), they would consume several orders less than Bitcoin does today.
And if these were compared to running full nodes (since there is no hash generation needed)?
For instance, according to Bitnodes there are approximately 9,415 nodes relaying transactions on the Bitcoin network (including the 25 or so mining pools).
At the time of this writing, there are about 110 validators alive on Polkadot and about 830 up on Avalanche. Yet both PoS networks are arguably just as secure as Bitcoin yet neither requires burning mountains of coal to stymie malicious actors. While we could debate ways to quantify “decentralization,” more is not necessarily better. 17 In this case, the thousands of extra non-block making validators in Bitcoin are essentially superfluous.
Virtually every sentence is incorrect. And this is all Whataboutery. Bitcoin mining usage could boil the ocean? But what about banks!
For what it is worth, nearly every large bank has announced some kind of carbon neutral initiative or has attempted to provide some semblance of where the energy is sourced. 18 That is not an excuse to justify their wastes or privatized gains (and socialized losses).
The bar should be: how can a value transfer system reduce its energy consumption and externalities, not to distractingly point fingers at other entities that also waste.
Speaking of which, in her examples above, it is also a different type and magnitude of waste. Banks do not generate more revenue if they leave their computers on 24/7 whereas PoW miners have to be left on around the clock to generate hashes in order to compete for block rewards.
Furthermore, banks as a whole provide many more services (and products) beyond just processing payments. In contrast, Bitcoin has very limited functionality, including the inability to do any on-chain lending.
That is not an accurate description of boiling gold (alchemy?) or what proof-of-work is as described by the original creators (Dwork and Naor). Neither its supply schedule nor energy consumption is what creates value for PoW coins, external demand is.
Claiming that PoW imbues a cryptocurrency with value because it requires real effort to produce it is a variation of the Labor Theory of Value. And saying PoW can promote energy efficiency is like saying paying people to dig holes and fill them up again helps the economy. 19
The chart (above) that Held uses, does not actually describe what he is saying about Kardeshev scale civilizations. If anything, assuming a “million dollar” bitcoin happens, PoW will actually drag Norway, China, and the U.S. back down towards Afghanistan. Why? Because if energy consumption goes up in those countries (via PoW mining), per capita GDP is decreasing because Bitcoin itself does not really produce anything.20 As a result, productive capacity for goods and services is being squeezed (or crowded out) by PoW-related endeavors.
In his accompanying article for this image Held states that: “The pressure to find cheap electricity sources will accelerate the effort to build fusion reactors.”
But that basically saying if you leave your car running it is good because it incentivizes finding alternate power sources.
Speaking of which:
Due to the demand shock from COVID-19, depending on geography, the cheapest sources of energy today might actually be oil and gas. Perhaps the near-future of mining are cars parked outside of refineries in Houston, churning up hashes for PoW networks.
And last but not least:
According to modeling from the Resources for the Future, a think tank, Miami will become the most vulnerable major coastal city in the world with “100-year floods” occuring every few years rather than once a century in many locations. A quarter of all homes at risk from flooding due to climate change reside in Miami-Dade county. If the mayor wanted to stave off this crisis the last thing he should be encouraging is direct investments in proof-of-work based cryptocurrencies.
(9) Competing for scarce resources
Due to the rapid rise in some cryptocurrency prices, foundries that churn out semiconductors have months of backlogs due to GPU and ASIC demand. Why? Because there are only a small handful of foundries capable of manufacturing state-of-the-art chips and as a result there is a limited capacity irrespective of what the ultimate destination may be.
This has led to a shortage of chips used in automobiles to the point where large manufacturers such as Ford or General Motors (GM) have announced plant shutdowns. In its most recent earnings announcement, GM estimated that:
The semiconductor shortage will shave $1.5 billion to $2 billion off adjusted earnings before interest and taxes this year.
How much semiconductor output capacity is being squeezed because of PoW miners?
Digiconomist estimates that TSMC – the largest semiconductor manufacturer in the world which produces most, if not all, ASICs for cryptocurrency mining – would need 3-4 months at full-capacity of its 7nm output just to produce the ASICs for PoW mining equipment that have been ordered. 21
This also impacts any industry or job that needs cutting edge GPUs, including squeezing smartphone manufacturers, console manufactures, graphic designers, and e-sport gamers. Why? Because the surge in mining demand has resulted in street prices for GPUs doubling what the original MSRP is.
History repeats itself: in November 2017, Chen Min (a chip designer at Avalon Mining) gave a presentation which noted that 5% of all transistors in the entire semiconductor industry were used for mining and that was driving up DRAM prices. Last cycle this negatively impacted a variety of ancillary set of actors, such as astronomers who rely on GPUs to chug through cosmic signals.
We are witnessing a similar phenomenon today. For instance, MSI announced that it may launch mining-specific GPUs this year.22
The current surge in demand for GPUs for mining has led some participants to acquire hundreds of gaming laptops en masse, crowding out, again, anyone who needs a high performance GPU. The image (above) comes from a Weibo account tracking various China-based miners who are showing off their GPU farms consisting of high-end laptops.
“Laptop mining” has pushed new buyers down the performance curve, to hardware that is two generations old.
Below are three publicly listed companies that have announced large purchases of mining equipment in the past several months:
Riot Blockchain – which pivoted during the last bull run from a biotech company (Bioptix) to a coin mining company – announced it was purchasing and installing about 10,000 S19 Pro’s from Bitmain.
Hut 8 purchased 5,400 mining machines from MicroBT for $11.8 million
The9, a gaming company, purchased 26,007 mining machines from Canaan
A few days ago UK-listed Argo Blockchain announced it would build a 200 MW mining facility in West Texas.
Private companies have also announced large purchases of coin miners. For instance, last month Blockstream announced that it had purchased $25 million worth of equipment from MicroBT and that this would be part of its 300 MW of mining capacity.
And an anonymous buyer in Russia, recently acquired 20,000 mining systems that consume 70 MW for a new farm in Bratsk, Siberia.
And this is just the tip of the iceberg.
A GPU farm of 78 GeForce 3080s was photographed (above) churning up hashes for Ethereum last month.
An entire paper or two could be written on large bulk purchases of ASICs or GPUs which crowd out other industries that need the same resources for actual productive activities.
(10) Undead countries are an ESG nightmare
Is it a stretch to call Bitcoin a ‘smoldering Chernobyl sitting at the heart of Silicon Valley’?
In May 2014 we briefly discussed a hypothetical “million dollar” bitcoin. At the time, Bitcoin’s price had dropped below $500 and we were already able to empirically discern that hashrate grows (or declines) directly proportional to coin value.
In the previous articles we found that, despite the introduction of increasingly energy efficient hardware, a PoW network like Bitcoin consumes ever larger amounts of energy. That is because of the Red Queen’s Race: miners do not downsize farms in aggregate, they simply replace aging hardware with newer ones; they must run faster in order to stay in the same place.
That is why anyone that has access to a hashrate chart can project with decent certainty what the likely outcome of a “million dollar” bitcoin will be in the future.
If a $40,000 bitcoin has already led miners to consume the energy equivalent of the Netherlands or Egypt, a million dollar bitcoin would be about 25 times as much.
What does that mean in actual numbers?
If the Netherlands is the proxy: 2,757 TWh, roughly midway between India and the U.S.
It Egypt is the proxy: 3,764 TWh, roughly the same as the U.S.
Critical to any analysis of energy usage is economic output. In a million dollar bitcoin world, society would be bearing the externalities of mining activity that does not produce a proportional amount of GDP. For instance, much of the coin mining industry is reliant and dependent on taxpayer funded utility companies and grids. As a result, we would see the equivalent of an additional U.S.-sized energy usage without seeing anywhere near the economic output, this would be a huge net loss.
This also does not take into account e-waste that is created via discarded single-use ASICs. And it does not take into account other PoW networks such as Litecoin which are basically ghost towns yet consume country-sized energy units too.
Miners will surely lead to greener sources of energy production, right?
This is a red herring.
Through the usage of either permissioned systems (like an RTGS) or a proof-of-stake chain, the energy consumed by PoW chains did not need to take place at all. In fact, PoS chains can provide the same types of utility that PoW chains do, but without the negative environmental externalities. PoW chains are the equivalent of adding an undead country – a zombie chain – to the power grid: one that consumes energy and produces little more than emissions.
Because of disputes among its undead participants these zombie chains must utilize the judicial and legal resources of third party countries. The chains also have a parasitic relationship to other government-run services that they continue to rely on such as taxpayer-financed energy grids.
(11) Call to Action
What can be done?
For starters, do not patronize coin lobbying organizations that weaponize misinformation. They are not dedicated to protecting consumers or the environment. Their mission is to convince legislators around the world to take a hands-off approach to regulations, including potential taxes on miners.
Nearly three years ago, the executive director of Coin Center, Jerry Brito, solicited names to hire to whitewash easy-to-prove energy consumption numbers.
Why? Because it is bad for business. Some Bitcoin promoters like to present themselves as being part of the cutting-edge future, one disassociated with the ancien régime. But as we have seen repeatedly in this paper, PoW miners compete for the same scarce resources and capacity that society relies on to generate real goods and services.
This is not true. Agrawal, who works with Brito at Coin Center, attempts to limit the available options when there are a wide range of other possibilities.
In 2020, Tesla sold about $1.58 billion worth of these [carbon] credits—almost exactly the value of the Bitcoin purchased.
Tesla is going to account for its Bitcoin holdings as intangible assets (goodwill) which is not how this line item was intended for. This is clearly shrewd opportunism (and accounting), not some re-imagination of resource consumption.
If 12 million people used Bitcoin to buy a Tesla, it would be enough to completely offset the combined total of CO2 saved by these EVs (by Tesla’s own account).
Elon Musk says he is now a fan of Bitcoin but PoW miners are directly cannibalizing the chip production capacity required to produce Tesla vehicles, a point that Tesla’s latest 10-K filing indirectly touches on.
Like parasitic stablecoins, miners in proof-of-work networks such as Bitcoin piggyback on top of the current energy extraction and generation infrastructure. 23 Furthermore, Bitcoin itself is not an alternative to an RTGS (traditional finance) so much as it is a shadow payment service that enables illicit activities to occur via a spectrum of intermediaries (e.g., underregulated coin exchanges). Continually comparing one versus the other is specious because one fully depends on the other to exist.
What can you do?
Most developed and developing countries levy taxes on polluters or “sin” activities. 24 Clearly proof-of-work mining falls into both categories.
Contact your local Public Utility Company and explain the socialized losses and privatized gains that are possibly accruing to miners. In addition to levying a tax on coin mining activity, perhaps introducing a tax on PoW-based holdings at intermediaries could be discussed since they directly benefit from miners providing the underlying blockchain infrastructure.
And if you are a user of a cryptocurrency, publicly advocate for switching to proof-of-stake (PoS) chains or accelerating such transitions if they are already underway. You can still enjoy decentralized finance in a way that does not dramatically contribute to climate change.25
Thanks to the following people for their helpful feedback: CK, JG, VB, RG, KR, JH, MW, and AV.
Send to Kindle
As one reviewer noted: this leads to a Bastiat-esque “what is not seen” argument: if Bitcoin forces really smart people to work even harder on renewable energy, that would come at the cost of those really smart people working on other things that could easily be just as important. You can’t just make people do more stuff in the abstract by throwing more problems into the world and expect the result to be better on-net. If that were true, then we should advocate destroying cities to help promote the development of next-generation construction and medical technology. [↩]
There is a clear distinction between Bitcoin and actual money that is beyond the scope of this article (it partially has to do with the unit-of-account). We could focus on the non-money-moving-related functions of the financial system that of course Bitcoin does not provide at all (although “DeFi” on Ethereum partially does). However, for the purposes of this article, the act of securing, transferring, and verifying payments is what we wanted to highlight. [↩]
In 2016 I visited Hong Kong a few times. On one visit I met with a couple of executives at a coin exchange. They said that their number one product was pre-loaded debit cards that were sold to mainlanders, typically to skirt capital controls and/or bribe folks with. Some of the large cryptocurrency payment processors (like BitPay) also provide payroll services, perhaps some of those coins are miscategorized as “payments.” In another anecdote, one commenter explained that: I can say w/ high confidence that most of that volume in ’17 was related to bitcoin wallets converting BTC to USD through Bitpay in order to load funds to prepaid cards – up until Visa killed that product in early Jan 2018. So not really representative of “BTC payment activity”. [↩]
One counter-argument from promoters is: “what about stablecoins” such as Tether that piggyback on top of Bitcoin via Omni? Through an FMI lens, a lengthy rejoinder can be found in Parasitic Stablecoins. Through a technical lense, it bears mentioning that these piggyback coins arguably make the underlying PoW networks less secure; see Watermarked tokens and pseudonymity on public blockchains. [↩]
According to Chainalysis, more than three quarters of on-chain activity in a given day for Bitcoin are transfers between intermediaries, specifically exchanges. Due to volatility, users typically resort to utilizing ‘parasitic stablecoins’ – such as USDT. In this case, PoW chains are superfluous due to the usage of permissioned end points. [↩]
One reviewer commented: From an outside view, even taking into account economies of scale and miniaturization, it is extremely rare that consuming more of something takes less energy than consuming less of something. A contrived example is: ‘if you invade a country with more soldiers you could lose fewer soldiers because the war finishes more quickly.’ But that’s not really the same situation at all. [↩]
Several months prior to that report, Rossetti announced that it had been victim to at least $6.6 million in stolen electricity via coin mining. Following the run up in coin prices in 2017, one of the culprits believed to have stressed parts of the European power grid in early 2018 were coin miners. [↩]
A network of only L3++ would comprise 517,241 machines and consume 4.3 TWh. [↩]
The XMR price is still well below the highs from late 2017 – early 2018. [↩]
Due to the size of its blocks, BSV also regularly sees orphans and accidental reorgs. [↩]
PoW mining might also be inadvertently subsidizing energy that would otherwise be anathema (e.g., “dirty” hydrocarbon extraction due to its lower costs). [↩]
Another unseen cost: scarce resources such as rare earth minerals used to construct solar panels or PoW equipment (and the e-waste it generates) that could have been used in more productive endeavors or not consumed at all. [↩]
The six countries that have both are: China, France, India, Russia, the U.K., and the U.S. [↩]
There are some good jokes waiting to be made about “alternative” Christmas light implementations. With faster or slower blinking; or larger bulbs! [↩]
In 2019 over 50 banks and other financial institutions launched the Partnership for Carbon Accounting Financials (PCAF) to assess and disclose the impact their loans and investments will have on climate change using common carbon accounting standards. Several other initiatives track the aspirations of banks including Mighty Deposits and Bank Track. [↩]
Ironically they do not yet realize it but PoW proponents are embracing a type of impaired Keynesianism. [↩]
Bitcoin-focused intermediaries (such as coin exchanges) do enable trading of various financial products (such as derivatives) which likely contribute to some kind of economic output. But these trusted third parties are – from an accounting perspective – separate from the Bitcoin network which only produces intangible bitcoins. [↩]
According to Digiconomist: 28 TWh annually of Antminer S19 Pro’s is about a month of capacity. If the Bitcoin network doubles from current levels, it will take about 3-4 months (not including replacement of older ones). And that is just production for Bitcoin-specific hardware. [↩]
Tom’s Hardware recently compared 30 different GPUs to find out which ones had the best return-on-investment for Ethereum. Surprisingly, it was the Nvidia 1060 first released in July 2016. [↩]
Again, PoW chains such as Bitcoin often involve hundreds or thousands of superfluous nodes that maintain copies of the blockchain and verify balances; all of this subsists on top of the existing energy exploration and production infrastructure. [↩]
Another consideration that funds with an ESG mandate should consider is not just the environmental impact of PoW mining but also the human rights that may be violated in the production of said coins. [↩]
The second half of 2020 saw a large set of draft regulations and proposals surrounding cryptocurrencies and specifically, “stablecoins.”1
For instance, in July, the influential Group of Thirty published its investigation into digital currencies and stablecoins. In late September, the E.U. announced an expansive regulatory framework called Markets in Crypto Asset Regulation, or MiCA.2 A month later the Financial Stability Board (FSB), the top global stability watchdog, released its “final” report on what they called global stablecoins (GSCs). A month after that, the Bank for International Settlements (BIS) released a report specifically looking at stablecoins.
A few days later there was a flurry of tweets and articles written up in response to the newly proposed STABLE Act in the United States. And coincidentally, this past month the President’s Working Group on Financial Markets released a report on stablecoins that came out swinging against “multi-currency” projects like Facebook’s Diem (formerly Libra) as well as broad pieces of enabling infrastructure. 3
While each was written by different sets of authors in different jurisdictions, all had some common ground: regulation and risks of panjurisdictional commercial bank-backed “stablecoins.”4
This post will go through some of the background for what commercial bank-backed stablecoins are, the loopholes that the issuers try to reside in, how reliant the greater cryptocurrency world is dependent on U.S. and E.U. commercial banks, and how the principles for financial market structures, otherwise known as PFMIs, are being ignored.5
Let’s start in reverse order.
What are the PFMIs?
We have discussed the Principles for Financial Market Infrastructures (PFMIs) before. It is an evolving set of principles and guidelines for financial market infrastructures (such as CSDs, CCPs, payment systems) that are maintained and updated based on research and collaboration between two international regulatory bodies: BIS and IOSCO. Their joint 2012 paper is considered the gold standard and is frequently cited in the press, academia, and regulatory bodies.
For the purposes of this article, we will look at just once slice of the 2012 document. Principle 9 of the PFMIs states:
An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money.
We have ample evidence from the 2007-2009 Great Financial Crisis (and other eras) that dependence on commercial banks is subpar and adding yet another (underaccountable) layer on systemically important financial institutions (SIFIs) is not ideal. 6
Without going into weeds, the PFMIs and the committees involved in drafting them, state and then re-state the importance of reducing credit risk exposure to commercial banks. Yet in all instances today, almost every collateral-backed stablecoin that has thus far been issued does so through tokenizing deposits custodied at commercial banks.
This is improper for a variety of reasons and there are remedies and solutions. For instance, while we await liberalized access to central bank digital accounts (CBDAs) or currencies (CBDCs), setting up “narrow banks” or FedAccounts have been highlighted as complimentary solutions in the United States.78
When presenting these alternatives in public — especially on social media — a noticeable amount of “fist shaking” and “pearl clutching” occurs from partisans unaware of how reliant stablecoins are on the U.S. and E.U. commercial banking systems. 910
For example, a number of prominent cryptocurrency promoters claim that draft legislation (such as the STABLE Act) would destroy innovation or even blockchains themselves. 11
As it stands today, non-compliance with the Bank Secrecy Act (BSA) is strictly speaking not “innovation.” It is regulatory arbitrage which can create a race to the bottom that may harm consumers.1213 Commercial bank-backed stablecoins are ‘innovative’ insomuch as they are not playing by the same explicit rules that other bank-like entities have to.
We will discuss them at length further below but currently – as measured in trading volume – the two most “popular” commercial bank-backed stablecoins are USDT (Tether) and USDC (USD Coin).14 Both claim to be collateralized by U.S. dollars held in custody at commercial banks. Together they accounted for nearly 90% of all stablecoin trading volume this past year. 15
How big is that volume?
As an aggregate, in 2020, on-chain volume alone from these stablecoins reached more than $1 trillion. That does not count the exchange-based (off-chain) transactions that also use these collateral-backed coins. And problematic for policy makers: the on-chain volume was exchanged with limited oversight or surveillance sharing, which is part of the reason why various governments are moving quickly to pass laws to deanonymize self-hosted wallets that are exchanging this parasitic “e-banknote” or “shadow deposit.”161718
For example, Tether and USDC are not being stifled through the proposed STABLE Act, rather they would be required to jump through the same hoops as anyone else providing similar financial services.19 Based on how their product is used, these issuers are arguably a form of wildcat banks (from the 19th century) or what is called a shadow bank or shadow payments today. Lots of shadows!
What is a “shadow bank”?
The term itself is just over a decade old but these entities existed prior to 2007. In general they are “non-bank financial intermediaries that provide services similar to traditional commercial banks but outside normal banking regulations.”20 Readers can imagine that this type of activity is what organizations such as the Financial Stability Board (FSB) would like to keep track of.
One member of the FSB is the Federal Reserve. The screenshot (above) is a relevant portion of their mandate and why they could – in theory – be interested in obtaining information of off-shore entities that are attempting to (anonymously) use U.S. linked e-banknotes.21
“Shadow banking” is occurring off-shore through intermediaries (e.g., coin exchanges and lending protocols) that use Tether or USDC without needing to connect to a local bank who would require some semblance of surveillance such as AML or CFT compliance.2223
Based on their external messaging, multiple centralized exchanges (CEXes) claim to operate banklessly but this is a superficial: they each maintain an umbilical cord to the U.S. dollar via USDT or USDC. 24 Similarly, decentralized lending protocols such as Compound or Aave accept commercial bank-backed stablecoins as collateral and allow rehypothecation of these same tokens (or others). 25
Putting aside new proposed legislation for the moment: stablecoin issuers (administrators) have fought feverishly to categorize themselves under a “lighter” more lenient regulatory regime (money service business) despite more stringent laws covering deposit-taking activities that are not enforced, such as 12 USC 378 (a)(2) being on the books. 2627
More precisely, in retrospect specific activities enabled by commercial banks (such as issuance of e-money) were not properly regulated. Righting this wrong that exists to day – so the argument goes – all MSBs (not just commercial bank-backed stablecoin issuers) should no longer be able to conduct unregulated shadow payments or banking activities.2829
Related to the concept of shadow banking is shadow money, and clearly stablecoins fit the bill. When he was a Governor at the Federal Reserve, Dan Tarullo gave a speech, stating:
“Shadow banking also refers to the creation of assets that are thought to be safe, short-term, and liquid, and as such, “cash equivalents” similar to insured deposits in the commercial banking system. Of course, as many financial market actors learned to their dismay, in periods of stress these assets are not the same as insured deposits.”
The classic example of shadow money is money market funds which were deemed to be “money good” pre-2008 crisis. Reforms were implemented post-crisis, such as redemption gates and floating NAVs for certain money funds, but in March 2020 the Federal Reserve still had to backstop money funds via the money market mutual fund liquidity facility (MMLF). Last month the President’s Working Group on Financial Markets released a report highlighting the need for further reforms to money market funds.
If consumers and investors think stablecoins are the same as insured deposits because they are “backed” by insured deposits at a commercial bank, they are clearly not. Does this mean that if stablecoins become big enough, the U.S. government would bail the sector out just like they have bailed out other shadow money investors? This is an open question but the answer should arguably be no. 30
While regulators have informally discussed systemically important cryptocurrencies networks and potentially overlap with PFMIs, to date there have been few discussions in long-form prose.31 Let us check back in on this topic next year.
Double the credit risk
As mentioned above, the credit risk (solvency) of commercial banks is worse than central banks.32 During the 2007-2009 financial crisis, while a number of commercial banks received direct taxpayer-funded bailouts that immediately underwent public scrutiny, the entire financial industry was effectively propped up through the coordinated actions of central banks and finance ministries around the world.
We could always argue about which policies should or should not have been implemented during that time. The Dodd-Frank Act was just one set of legislation that was passed in an attempt to prevent another, similar systemic crisis from happening again.
What does this have to do with parasitic stablecoins?
Transactional users and speculators of commercial bank-backed stablecoins are faced with at least two potential credit risks:
the credit risk of the stablecoin issuer
the credit risk of the commercial bank that the stablecoin issuer uses as a custodian
A conventional bank account exposes to the account holder to a single level of credit risk, the risk that the bank becomes bankrupt and is unable to meet its liabilities to account holders. In most developed countries and many developing countries, deposits are protected by a national deposit insurance scheme ranging between tens and hundreds of thousands of dollars.
Even if Signature Bank or Silvergate Bank have impeccable credit quality, they are not the lender of last resort. They rely on the implicit and explicit backing of the FDIC and the Federal Reserve.33
As a result, stablecoins present a double layer of credit risk. There is the risk that the issuer of the coins fails and the risk that the party holding the reserves (e.g. a bank, fails). Generally stablecoins would not benefit from the deposit insurance provided for bank accounts.34 Where the issuer invests in a more complex range of assets to act as reserves, such as debt instruments, it also exposes the stablecoin holder to the risk that assets fall in value, which can be an issue, even for relatively short-dated assets, where reserves have to be liquidated. 35
This raises a major question: who bears losses, the issuer or the holder of coins? An issue banks deal with (to a certain extent) by having to set aside regulatory capital.3637
In other words: a stable coin backed by commercial bank deposits has worse credit risk than simply having money in the bank because it would not benefit from any deposit insurance scheme.38
Tangentially related to the PFMIs are central bank digital currencies (CBDCs). Public discussions surrounding the regulation of stablecoins often neglects prior research conducted by central banks, industry, and academia.
For instance, several years ago, the Bank for International Settlements (BIS) published one of the most widely cited papers on the topic of CBDCs. In it, the so-called “money flower” Venn diagram illustrated how existing money could be categorized:
As we can see, the current crop of stablecoins (such as USDC) and cryptocurrencies (such as Bitcoin) are clearly in different categories from CBDCs.
Representatives of coin lobbying organizations, such as the Chamber of Digital Commerce, makes the common mistake of conflating the two:
Are commercial bank-backed stablecoins a central bank digital currency (CBDC)?
No. There is a lot of commentary which blends stablecoins with CBDCs but they are not the same. Unless a stablecoin is backed by reserves at the central bank or issued directly by a central bank, a stablecoin marketing itself as a CBDC is being dishonest.
Furthermore, the DC/EP initiative in China is not a CBDC. It is a liability of an intermediary that is not the People’s Bank of China.39
Are CBDCs a stablecoin?
No, although in theory central bank reserves could be tokenized and put onto a blockchain. But that’s not what is happening today (yet).41
Any other reasons why stablecoins are lumped together with CBDCs?
Stability. Credible central banks such as the Federal Reserve, provide a reliable unit-of-account such that more than two dozen countries “dollarize” their domestic economies with it. This article will not go into the merits or demerits of issuing CBDCs or if a blockchain is needed in doing so.42
Ironically, while some vocal coin promoters have claimed a “hyperbitcoinization” event will occur soon. But the cryptocurrency ecosystem as a whole has seen the opposite take place: rapid dollarization due to the growth of commercial bank-backed stablecoins. This is the central conceit for much of the coin world today: promoters and meme artisans often claim they are about to launch off from planet Earth all while drilling ever deeper foundations into the Earth’s crust.
For example, in the second half of 2020 at least four U.S.-based cryptocurrency companies applied for deposit-taking licenses or banking charters.43 And because of how embedded these tokens have become to “DeFi” apps, portions of it have turned into centralized DeFi (CeDeFi), which is an oxymoron.44
As a result, it has made anarchic chains less resilient which will be discussed later.45
Relianceon external U-o-A
One characteristic or function of actual “money” is something called the unit-of-account (U-o-A). A unit-of-account is used to price goods and services in an economy. On a macro level, economic aggregates such as GDP are measured by a stable U-o-A, such as the USD or EUR.
Similarly, international commerce and trade is often denominated in a stable U-o-A. In this case, foreign exchange ultimately takes place somewhere along on “the edges” but the price discovery and (often) payment settlement occurs in the stable U-o-A. 46
For instance, despite doomsday predictions, the USD is becoming more dominant – not less dominant – in financial markets.
What does this have to do with cryptocurrencies and specifically stablecoins?
More precisely, the question should be: why are stablecoins so popular?
The answer is one that has been discussed many times on this site: volatility.47 Contrary to what some promoters claim, Bitcoin is not becoming less volatile over time. As JP Koning illustrated in the chart (above), bitcoin is more volatile today than it was in early 2017 when it had a ‘market cap’ of just $15 billion or in 2013, when it was worth just $1 billion.
While some early coin investors and hoarders may be okay with rampant swings in volatility, actual users (such as day traders or remitters) desire stability. As a result, more than 20 different U.S. dollar-linked stablecoins have been created to fill that need. And unsurprisingly, because the identity of on-chain activity can be obfuscated, another set of stablecoin users are criminals involved in money laundering and terrorism, as identified by the Financial Action Task Force (FATF).
For the purposes of this article “stablecoin” is a catch-all term used to describe a spectrum of coins that attempt to peg a token to exogenous (external) value.48 Typically the exogenous value is denominated in USD. In terms of trading volume, the two biggest buckets of stablecoins are:
Collateral-backed tokens such as USDT (Tether), USDC, PAX, TrueUSD, and DAI49
Algorithmic or synthetics such as AMPL, ESD… and the older generation of BitUSD, and Nubits
In practice, nearly all collateral-backed tokens in use today are commercial bank-backed tokens that are centrally issued by a singular entity.50 In contrast, virtually all of the algorithmic tokens are launched by anonymous teams and often use a form of rebasing or Seigniorage Shares model to arrive at a value.51
The focus of this article is on the former not the latter. Let’s dive into a few of them.
USD Coin (USDC) is a stablecoin issued through the Centre Foundation and backed by Circle, Coinbase, and others. This entity is registered as a MSB in the United States. USDC is an ERC20 token that can be moved around the Ethereum network however the “backend” on-and-off ramps are fully powered by U.S.-based commercial banks such as Silvergate in San Diego.52
At the time of this writing about $4.3 billion of USDC has been issued. In Q4 2020, the trading volume of USDC was usually between $335 million to $1.3 billion per day.53
USDT is issued by Tether Ltd which is also registered as a MSB in the United States.54 Customers that want to use USDT, create an account on the Tether website and link their bank account. Then using the traditional financial system, wire cash to Tether’s partner banks. USDT has been issued onto multiple different blockchains, including Bitcoin and Ethereum. As of this writing, it is the most actively used ERC20 token.
Tether Ltd and its parent company (iFinex) have been debanked multiple times. Why?
Because both are under multiple investigations from several regulators and law enforcement (such as the New York Attorney General) for lying about their collateralization levels, among other allegations.
At the time of this writing about $21.3 billion USDT has been issued. In Q4 2020, the trading volume of USDT was usually between $25 billion to $80 billion per day.55
When it was initially launched in December 2017, DAI was collateralized only with ETH and the software company that created it, Maker, is not registered as a MSB (though it could be categorized as a “shadow MSB“). About 18 months ago, DAI transitioned to accept “multi-collateral” which includes other types of coins, such as commercial bank-backed stablecoins. In addition to being listed on most major cryptocurrency exchanges, traders can also buy DAI directly via 3rd party partners (such as Wyre and MoonPay).
However, depending on the day of the week, the proportion of U.S. commercial bank-backed stablecoins can comprise more than 50% of the collateral backing DAI (which is why it was identified by authors of the STABLE Act):
The chart (below) shows the growth (measured by ‘supply’) of the most popular collateral-backed stablecoins this past year.
Assuming the self-reported numbers are correct, this illustrates an increase in USD deposits sitting in banks on behalf of stablecoin issuers.
Note that at the time of this writing about $21.3 billion USDT has been issued and about $4.3 billion of USDC has been issued.
The bar chart (below) shows the daily trading volume of roughly the same collateral-backed stablecoins over the past three year:
Recall from above that in Q4 2020, with a few outliers the trading volume of USDT was between $25 billion to $80 billion per day and the the trading volume of USDC was between $335 million to $1.3 billion per day.
In other words, the average daily turnover for USDT was about 2 to 4 times the amount allegedly deposited with their banking partners. This likelyshows that some forms of leverage, credit creation, and rehypothecation are taking place. 5657
The line chart (below) shows the total value of tokens that are locked up (TVL) in DeFi-related projects over the past ~3 years:
As we can observe above, growth of TVL substantially increased between January 1, 2020 and January 1, 2021 by about 2,000 percent. DAI contributes to about 20 percent of these deposits.
What about Diem née Libra?
With mountains of press and marketing the past 18 months, they are finally planning to launch (soon). What Libra initially proposed in the summer of 2019 (to the chagrin of regulators and payment-related partners) was that Libra would deposit user funds in multiple custody banks (like Citi) but purposefully do it in a way such that no single regulator (such as FinCEN or OCC or the Fed) would have complete oversight. That was shot down and the proposal evolved further the past year.
For example, it initially involved pegging to a basket of currencies (including SGD) kind of like an SDR, but without FSB or IMF oversight. This put commercial banks at risk in part because of non-existent AML controls. Thus the entire proposal was scrapped and a new narrative created through the use of a commercial bank-backed stablecoin similar to USDC.
There are other bits and bobs that we can dive into – such as the older generation of algorithmically “stabilized” coins Nubits or BitUSD – but that’s a separate, mostly irrelevant category of faux stablecoins.
What would happen if issuers of collateral-backed stablecoins had to obtain something akin to a bank charter?58 Last month Paxos (PAX) applied for a national charter in the United States, will other issuers do the same?
While there may be rigorous surveillance at the on-and-off ramps of USDC or USDT today, the same cannot be said for on-chain activity where the “Travel Rule” is ignored or compliance with the BSA is non-existent.
If the self-reported volumes at coin exchanges is accurate, then tens of billions (measured in USD) of these stablecoins are traded each day likely in a non-compliant manner. This undersurveilled activity is part of the motivation behind a new draft rule from the U.S. Treasury department.
For perspective, according to The Block in the first 11 months of 2020 stablecoins hit some hockey stick growth:
Supply grew 322%
Transaction volume grew 316%
Daily active addresses grew 332%
And as mentioned in the first section above, total stablecoin on-chain volume surpassed $1 trillion during 2020.59
If payment processors are held liable for the activities (e.g., knowingly processing payments for scams) that take place on their networks, the argument goes, so should stablecoin issuers. In the past, both Tether and USDC have frozen funds and blacklisted addresses due to law enforcement orders, so at a minimum they should be held to the same standard as a payment processor (but are not).
Either way, it is clear that from trading activity and total-value-locked up (TVL), that the DeFi ecosystem (and all coin worlds really), are reliant on maintaining frictionless U.S. banking access.
Is this DeFi-in-name-only (DeFi-ino)? Without the on-and-off ramps into U.S. banks and most importantly – parasitic access to a stable unit-of-account, arguably the middle (TVL) activity would be a lot less than it is today.60
If the (end) goal or ethos of the DeFi world — and broader anarchic cryptocurrency universe — is to be self-sovereign and enable self-custody and not reliant on U.S. commercial banks or the Federal Reserve, the exact opposite has occurred.61
A quick DAIdiversion
It is not a full barnacle however some have previously argued that DAI could become a victim of its own success. 62
How’s that? Maker’s current governance leans heavily on identifiable humans and VCs which would be hard to quickly anonymize/decentralize. Recall that its human-led governance process modified the collateralization process, allowing new types of coins and tokens to be included.63
As a result:
Often more than half its collateral are other USD stablecoins (none of which have bank charters), so if these are shut down or liquidity severely restricted, this could impact DAI stability and/or liquidity64
Dependence on humans to manage governance and reliance on oracles for exogenous info; these are a single-point-of-failure.
What are some solutions for Maker (DAI), whose investors and developers are identifiable?
Act like cypherpunks, “disappear,” and go fully anonymous making enforcement more difficult65
Eschew the current crop of oracle architecture because it is arguably a single-point-of-failure
Remove collateral whitelists, which is something prominent developers have suggested in the past
Regarding that last point, here’s an example:
Let us check back next year to see what Maker, Compound, and Aave do with their formal governance and collateralization processes.
Worth noting that USDT, USDC, and DAI have either broken their pegs with the USD or at some point dramatically drifted from their pegs. There are multiple reasons why.
For example, in April 2017, USDT dropped below $1.00 and traded at $0.91.
Why the sudden drop?
As mentioned in a previous post, a lawsuit revealed that Bitfinex sued WellsFargo because the bank had refused to process Bitfinex’s international wires. Over a span of a few months, tens of millions of USD had been wired through WellsFargo into and out of four different banks in Taiwan which Bitfinex, Tether Ltd, and other affiliated subsidiaries had bank accounts with. At some point prior to March 2017, someone on the compliance side of WellsFargo noticed this large flow of USD and for one reason or other (e.g., fell within the guidelines of a SAR?), placed a hold on the funds. In early April 2017 Bitfinex’s parent company filed a lawsuit for WellsFargo to release these funds.
WellsFargo eventually returned the USD-denominated funds but without those funds, the peg was unable to withstand sell pressure. In other words, WellsFargo was integral to Tether Ltd’s correspondent banking relationships. About a week later Bitfinex withdrew its lawsuit but not before causing a Streisand Effect.
This was not the first time Bitfinex has been “debanked.” Phil Potter, then-CFO of Bitfinex, gave an interview and explained that whenever Bitfinex had lost accounts in the past, they would do a number of things to get re-banked. In his words:
“We’ve had banking hiccups in the past, we’ve just always been able to route around it or deal with it, open up new accounts, or what have you… shift to a new corporate entity, lots of cat and mouse tricks that everyone in Bitcoin industry has to avail themselves of.”
With this blasé attitude, it is any wonder they are under active investigations from the Department of Justice, the CFTC, and the NY AG.
The ethos of blockchainology is supposedly: “don’t trust, verify.” Above is a tweet from Paolo Ardoino, current CTO of Bitfinex and Tether.
Because no reputable firm will provide regular audits of Tether Ltd, we are left having to trust a non-credible actor.66 For instance, in April 2019, during its legal proceedings with the New York Attorney General, Stuart Hoegner, the general counsel for Tether Ltd admitted that USDT was not backed 1:1 as was claimed on their website. Instead it was running an undisclosed fractional reserve operation that was only uncovered due to this ongoing lawsuit.
“As of the date [April 30] I am signing this affidavit, Tether has cash and cash equivalents (short term securities) on hand totaling approximately $2.1 billion, representing approximately 74 percent of the current outstanding tethers.”
Executives at the parent company (iFinex) would not even acknowledge ownership of Tether Ltd until an exposé from The New York Timesrevealed it was the case due to leaks from the Paradise Papers (be sure to also read Amy Castor’s timeline).
We know historically that other intermediaries have lied or misled users (and investors) of what they do with deposits. For instance, during a series of investigations in 2017 in China, at least two major domestic cryptocurrency exchanges (Huobi and OKCoin) were found to have secretly re-invested customer deposits into other financial instruments.
This type of abuse is the reason why at a minimum regular audits from reputable, independent firms are required for financial service providers. Let us check in next year to see if Tether Ltd gives us more than tweets to audit.
We briefly mentioned this topic at the beginning of the article but worth looking at this closer.
In the early 2010s, several prominent VC-backed fintech efforts insisted they needed carve-outs for what they knew were highly regulated activities.67 Some even hired lobbying organizations to push the “don’t suffocate innovation” meme which persists today in the form of “deregulated finance.”68
For instance, in 2014 the New York State Department of Financial Services (DFS) proposed a new virtual currency regulation dubbed the “BitLicense.” Prior to its enactment in 2015, the same sort of “everyone will leave the US” argument was made by its opponents. Throughout the second half of 2014, DFS held multiple public comment periods, the responses of which were made public. Among others, the EFF submission included the word “innovation” thirteen times. 69 Upon its enactment, a few coin-related companies claim to have left, some vowing never to return.
From a systemic risk standpoint, is society worse off because of the small handful of coin companies that had no intention of becoming compliant with a stricter MSB, let alone a banking license, left New York? No. Is the BitLicense perfect or flawless? No.
But contrary to views of partisans, entrepreneurs continue to seek it out as a stamp of approval: as of this writing there are 25 entities that have been approved for a BitLicense (although a couple overlap).70
Three years after its enactment, in May 2018, coin-focused media gave softball interviews to the “refugees” that left New York, notably Shapeshift and Kraken. Both are cryptocurrency exchanges and had (have?) legal and regulatory issues.
At the time Shapeshift allowed KYC’less transfers to take place. That changed in September 2018 after The Wall Street Journal did an investigation discovering that Shapeshift was being used to launder proceeds of crime such as the infamous WannaCry ransomware.
Perhaps publicly telling the world that you are not going to comply with the BitLicense was a redflag?71
The other prominent “departure” from New York was Kraken, another U.S.-based cryptocurrency exchange.73 The CEO publicly has written multiple articles and posts on social media for why the organization would no longer cater to New York residents. But upon closer examination, in September 2018 the New York Attorney General announced that it had evidence that Kraken was still operating in New York. While that investigation simmers in the background, a year later a lawsuit was filed by Jonathan Silverman, who had run Kraken’s OTC desk in NYC for a couple of years. He sued the exchange because they had stiffed bonus payments. It is unclear what the current status of Kraken’s business is in New York, however, a number of employees appear to reside there.74
Likewise many prominent ICO promoters made similarly grandiose statements after the SEC released its report on The DAO in 2017. That capital pooling and investments would move off-shore and the U.S. would be left behind. Regulatory arbitrage certainly did take place, with hundreds of ICOs being registered in Singapore, Taiwan, and other island nations (such as The Caymans).75 But we also saw that in practice, coin-focused developer teams continue to be hired here in United States.
Shadow banks have always sold themselves as providing competition to the regular banking system. And to a certain extent, they do. But its an undesirable form of competition which causes a race to the bottom.
If other nations want to put their own financial infrastructure at risk due to underaccountable shadow banking – so the argument goes – that is not a great outcome but not a terrible outcome for the U.S. banking system in terms of systemic risk.76 For example, the aim of the STABLE Act is not to globally enforce a regime: it is to prevent systemic risk in the U.S. and this can be done by strictly enforcing existing laws or enacting new laws on entities such as stablecoin issuers reliant on U.S. commercial banks.
This may sound repetitive, one cannot overstress systemic risk in the context of an underaccountable IOU layer, as Tankus once more explains:
The [STABLE Act] is aiming at systemic risk. leaving unlicensed stablecoins as a fringe financial product offered in other jurisdictions unlisted or on minor exchanges that can survive not being able to interact with the U.S. legal system accomplishes the goal
Recall that in the U.S., the only entities that have access (accounts) at the Central Bank are commercial banks. And we empirically know that the credit risk of commercial banks is worse than a Central Bank because there is just one type of money: reserves at the central bank.
Everything beyond coins, notes, and money equivalents is arguably a credit risk. Thus, not only should we want Narrow Banks and FedAccounts created, but from a resiliency standpoint at the very least we should require stablecoin-issuers to stop piggybacking on other commercial banks due to their modus operandi.
Miners and block makers
We have touched on this topic more than a dozen times on just this site alone. Let us look at this issue from a different angle.
Visa and other payment providers are liable for certain activities that take place on their networks, hence why they on-board certain merchants and off-board others that are deemed “higher risk” or whom have violated some law.77 Similarly all FMIs have various binding agreements (MSA, TOS, EULA, SLA), and the penalty for violating them could result in a participant being removed (e.g., Fedwire has a terms of service that is effectively passed on to the users of commercial bank wiring services). ISPs and telecoms are also regulated and permissioned and they can (and do) kick users off for violating their TOS.
Proof-of-work chains like Bitcoin intentionally did not include a ‘terms-of-service’ and by design did not include hooks into any legal agreement or, for that matter, attempt to integrate AML screening of participants.78
But this is just RICO theater: in an “even Steven” world, miners should be held to the same standard as other processors. Assuming some or just one of the frameworks mentioned at the top of this article is ratified, issuers can be held accountable for additional disputes that arise.79 What then of the block makers who process transactions that fail to comply with a specific jurisprudence?
For example, in terms of proof-of-work chains – in practice – nearly all of the mining pools for both Bitcoin and Ethereum are operated by identifiable entities. FinCEN’s 2013 guidance gave miners a carve-out based on the assumption that mining pools were neutral, but in practice they are not and do manually add (or censor) transactions.
For instance, at a public event in 2019, Roger Ver and Tone Vays (aka Anthony Vaysbrod) made a bet on stage regarding sending transactions – and importantly the associated fees – across both the Bitcoin and Bitcoin Cash blockchains. To aide Vays’ attempt to send a below-market transaction fee, Slush (a mining pool), manually included it despite the below-market fee. They were not neutral the opposite to how miners are often portrayed to regulators.
During the frenzy of ICO mania, the rush to get into a “capped” raise meant that some speculators would “bribe” mining pools to guarantee that their transaction could be included in a specific block. For example, in May 2017, a principal at a Canadian-listed fund successfully paid more than $6,000 to an Ethereum mining pool so that his transaction could be included during the sale of the Basic Attention Token (BAT).
We could spend a couple of posts just walking through the subreddit /r/bitcoin in what is basically the de facto customer service forum in the event that a user accidentally sends a mining fee that is too big or small.
What these human-run chains independently highlight are some of the lessons from 2015. How can validators become BSA compliant or apply for a MSB license?80
Why would they need to?
In what became the “permissioned chain” or “enterprise chain” vendor world, startups like Symbiont and Digital Asset first looked at using Bitcoin mining pools to process transactions for regulated financial institutions (e.g., banks) but ultimately walked back for a couple of reasons:8182
transaction fees or payments could be going to sanctioned entities
The discussions surrounding identifiable validators (this paper uses the term “KYM” – know your miner) – and the legal and regulatory buckets they fall under – has been an ongoing topic since at least 2013. The STABLE Act potentially fixes that loophole.83
Why hasn’t law enforcement prosecuted mining pool operators in the past? Partly because of coin lobbying organizations have successfully pushed a one-sided agenda on behalf of their donors and rallied external support by fear mongering about criminalizing node operators.8485
This is a red herring and is not the aim of the STABLE Act; in fact its co-authors believe that would be a bad strategy. But a bigger issue has been a lack of resources. Agencies like FinCEN have in general been underresourced and went after the lower hanging fruit (e.g., ransomware profiteers in Iran).8687 It is an open question whether they will have more resources under a new administration to look at miners.88
With the roll out of real-time transaction monitoring from many different vendors, intermediaries such as cryptocurrency exchanges and mining pools can identify and flag suspicious or illicit activity before participants can fully realize their gains.
For instance, almost four-and-a-half years ago, Bitfinex was hacked and lost 119,756 bitcoins. At the time this was worth about $65 million of actual money. Today that is around $4 billion. The hacker(s) have never been (publicly) caught. Proportionally, this would be equivalent to a large commercial bank losing $20 – $30 billion USD. There have been Congressional hearings for much less.
As I have pointed in previous posts and presentations (slides 10-12), at the time 9 out-of-the-first 10 mining pools that processed the stolen Bitfinex tokens operate outside of the U.S. (specifically in China).89 If a U.S.-based financial intermediary was hacked and $4 billion in customer deposits was stolen, the fine print in the terms-of-service kicks into high gear to protect customers. Despite the billions in VC funding and headline-grabbing coin prices, similar consumer protections do not exist in the coin world.90
Even with the existence of real-time monitoring from multiple vendors, intermediaries including miners have gotten away with profiteering from processing illicit transactions that would have shook up FMIs or PSPs. Ransomware, a blight on critical public infrastructure, and the processing of its transactions are something that well-resourced prosecutors could disgorge.91
The motivation behind anarchic chains, such as Bitcoin and Ethereum, was about creating an alternative, sovereign economy that was independent of any nation-state. But if your alternative economy uses USD (or any other fiat-linked cryptocurrency) as its unit-of-account, it is not really an alternative economy, but a subsystem subordinate to the monetary policy and pricing system of the nation that the system is supposed to be independent of.
If the aim or ethos of anarchic cryptocurrencies is to truly reduce moral hazard (e.g. taxpayer funded bailouts of banks) and systemic risks that unfortunately occur during a financial crisis, the DeFi ecosystem has a long way to reverse the current trend.92 It is not too late and in fact, client pluralism (in Ethereum) is one way to reduce systemic risk.93
“Pegged coins” are clearly fragile because they rely on an exogenous judiciary system to resolve disputes and an exogenous banking system to maintain a unit-of-account. Much of the proposed legislation above should serve as a motivation for building a more resilient on-chain U-o-A.
Perhaps the one call to action is to encourage education around “narrow banks” which could be viewed as a ‘middle ground’ between a bank charter and a MSB.94 If you are interested in learning more on the short history of commercial bank-backed stablecoins, worth re-reading the prequel from 2018 to see what has changed.
I would like to thank the following people for their feedback: AC, RG, RS, RR, CW, MW, LR, JM, PE, FC, JG, JK, KV, DZ, AV, JW, and VB
Send to Kindle
Regarding terminology, one reviewer noted: “By necessity, a stable coin is either subsidized or fictional. Dollars cost money to hold and transact in, so the only way a stable coin can be stable is if the sponsor takes risk on the underlying or uses it as a loss leader. The term has come to imply backing. Which not only is probably not true, it doesn’t necessarily need to be true. Have you ever tried to redeem a “stable coin”? Any stability of a “stable coin” is derived not from the assets backing the coin but by the ability to sell (not redeem) for a fixed amount. Which is of course true until it isn’t.” [↩]
One commenter explained: “In the E.U., MiCA will take a while to be implemented by member states. As a result, some member states are trying to get ahead of the E.U. itself by releasing their own related laws with the aim of attracting market participants; at least until the E.U. comes to a consensus of what it will want to do. Even if being ahead of the E.U. could have short term benefits, it is also extremely important to not deviate from E.U.-wide consensus, so part of this is identifying areas that the E.U. would obviously regulate. One approach, which has been seen in Hong Kong as well, has been a phased approach to regulating cryptocurrencies by first regulating the areas that are easier to regulate (e.g. funds and fund managers, applying existing requirements to those who want to invest in cryptocurrencies), and waiting for things to develop before trying to regulate areas that are hard to regulate (e.g. custody). There is a key difference between a directive and a regulation in the E.U. A directive has to be transposed into law by the member states, which have to update their own legal systems. And when a member state is behind in transposing, like Cyprus for AMLD5, they get put in special working groups and the E.U. can even take legal action toward them. A regulation is already a law that is automatically enforceable across member states.” [↩]
The PWG uses a broad definition: “For the purposes of this statement, “stablecoins” are the digital assets themselves. A “stablecoin arrangement” includes the stablecoin as well as infrastructure and entities involved in developing, offering, trading, administering or redeeming the stablecoin, including, but not limited to, issuers, custodians, auditors, market makers, liquidity providers, managers, wallet providers, and governance structures.” [↩]
Most industry-driven commentary thus far seems to use the term “stablecoin” as if it is a well-defined concept. As one reviewer noted: “Assuming that there is a case for regulating a non-custodial coin, if you push the analysis to try to clearly characterize the type of coin that should be regulated, there is no other way to draw the boundary other than to say: coin that’s designed to track the unit-of-account of any currency that’s considered to be money under the law in question.” [↩]
It could be argued that coin promoters are looking at engagement the wrong way: the onus is not on any government to bend to the needs of coin efforts. Governments should not necessarily be accommodating since it is not a reciprocal or equitable relationship. For example, Satoshi intentionally did not architect Bitcoin to be compliant with any surveillance regime, it has been an one-way conversation — mostly a monologue — from day 1. [↩]
Recall that in both the U.S. and E.U., access to central bank accounts are restricted to commercial banks and handful of non-banks. Rather than create narrow banks themselves or seek central bank access, stablecoin issuers are arguably de-stabilizing the highly concentrated U.S. banking system by building underaccountable shadow banks on top of systemically important financial institutions (SIFIs). If an aim for “DeFi” is protecting consumers and investors, concentrating more activity onto SIFIs is not the way to go. [↩]
One reviewer who previously worked at a central bank noted: “We need to understand narrow banks and think through what they would look like. Even I have skipped this because ‘The Federal Reserve won’t approve them so why bother.'” [↩]
In his November 2020 speech, Andy Haldane, chief economist at the Bank of England, said: “On financial stability, a widely-used digital currency would change the topology of banking in a potentially profound way. It could result in the emergence of something closer to narrow banking, with safe payments-based activities to some extent segregated from banks’ riskier credit-provision activities. In other words, the traditional model of banking would be disrupted.” [↩]
Ironically by vocally defending Tether or USDC, partisans that do not like the Federal Reserve or JP Morgan are actually defending the very entities they claim to dislike, because commercial bank-backed stablecoins are just tokenized deposits sitting in a bank. And each of those banks rely on dollar-clearing services provided by the New York Federal Reserve. In other words, the aspiration of “anarcho-capitalism” is in direct conflict with how all settlement, clearing, and payment FMIs operate today; to use a stablecoin necessarily involves needing an exogenous U-o-A maintained by the Fed. [↩]
Quizzically, the “moral hazard” issue – that taxpayers are once more on the line to bailout commercial banks – has been glossed over by many DeFi and CeDeFi proponents. Again, the benefits of commercial bank-backed stablecoins largely accrue to issuers, traders, and speculators. These are privatized gains. Unless issuers move to a different banking model, they are ultimately relying on socialized losses by taxpayers via FDIC. [↩]
Worth pointing out that the article above is about specific groups of people, not technology. Several years ago Steve Waldman authored the memorable “soylent blockchain” presentation. It is germane because chains – in practice – are (often) run by identifiable humans. [↩]
One reviewer commented: “There probably needs to be a new regulatory framework, such as a narrow bank or something enabled by the STABLE Act because stablecoin issuers do not fit well in existing models. In the U.S., issuers are stuck between obtaining a bank charter versus an MSB so the current framework might accidentally muzzle innovation. If stablecoins grow to a size where meaningful risk – shadow banking, systemic risk, reduced consumer protection – are visible then how to achieve regulatory outcomes without stifling innovation? On the one hand you have the argument ‘if it looks or talks like a bank it should be regulated as one’ and on the other extreme you have ‘if it is involves a blockchain it shouldn’t be regulated.’ Both those polar extremes are wrong. Blockchain advocacy is often full of hyperbole where the centralized implementation doesn’t really follow the decentralization thesis. On the other hand, the financial industry’s default position often is: technology companies that do what we do should be as heavily regulated we are. And then financial institutions use this to curb innovation and secure their moat. The question is: how to have an enlightened discussion without interference from lobbyists in the VC-backed tech world versus the banking industry? There is probably a middle ground approach that does not result in us having to take sides. Narrow banks are one approach although it also could become political.” [↩]
One area that cryptocurrency promoters often claim “innovation” is taking place is in the cross-border or remittance arena. Yet little more than anecdotes are provided to back up that narrative. For a detailed explanation for why this narrative is probably false, see: Does Bitcoin/Blockchain make sense for international money transfers? One reviewer commented: “This is not to dismiss the very real demand for banking services in underserved markets. The majority of companies around the world are SMEs and they provide the majority of global jobs, yet in many cases they have historically had trouble accessing banking services. This dovetails into “open banking” – access to APIs and bank data – which is a different approach from what the cryptocurrency-focused narrative often seeks to market.” Another reviewer explained: “The argument that stablecoins are not inherently as stable because they depend on the underlying creditworthiness of the backing institution is hard to argue against. At first glance, the current generation of stablecoins allow value to reach areas of new economic interest – inclusion – that traditional banks seem to ignore, yet this is likely accomplished by eschewing strict KYC gathering, AML, and CFT compliance that banks are required to conduct.” [↩]
This article does not explore projects like USC or JPM Coin, the latter of which is ultimately backed by the balance sheet of the bank itself. [↩]
Generally speaking, most stablecoins are issued as USD. As one commenter noted: “Recently a subsidiary of GMO, a Japanese IT giant, was authorized to issue a USD and a JPY stablecoin under New York State regulations. I think we’ll see much more of these cross-border combinations. And I don’t see regulators in New York State bowing to an emerging market central bank that doesn’t want to see its currency being wrapped into a stablecoin.” [↩]
One reviewer noted: “Instead of saying ‘e-cash’ I would say ‘e-banknotes’ or ‘shadow deposits’. I think ‘cash’ has specific properties that most of these blockchain/account-based payments systems don’t have. It is too generous to call them cash and for the banking laws, it is the deposit-equivalent that’s the real issue.” [↩]
Another reviewer commented: “In one scenario you effectively end up with a regulatory regime where any stablecoin issuer has to whitelist (or blacklist) the supported chains and then only custodial wallets or KYC’ed wallets can hold coin. An alternative is having to monitor activity and while this can become “theater,” compliance is still robust and the team can point to “we are doing something” that can be tweaked and tightened up. Monitoring obligations may be the route otherwise you end up having to authenticate every address as a stringent requirement. Mandatory KYC’ed addresses could make certain “digital cash” impossible to use.” [↩]
The terms within the STABLE Act also provide latitude for U.S. regulators to create ‘narrow bank’-like structures for these types of issuers. [↩]
The Board of Governors of the Federal Reserve oversees two FMUs in the United States: CLS and CHIPS. CLS was launched about 20 years ago in part to reduce Herstatt Risk. In all cases, users of FMIs and FMUs have large MSAs to agree to. [↩]
The term “Tether” itself connotes a purposeful tie to actual money. And like the term “smart contracts,” stablecoins are neither stable and nor coins. Just a risk disguised as a rational ‘crypto safe haven.’ [↩]
One reviewer commented: “‘1-1 fiat-backed at the Central Bank’ stablecoins are close to narrow banks but far from full license banks. Lending is the risky part of the license. The Ant Group IPO debacle is in part around this distinction. We need to think through what a “just lending” bank looks like.” [↩]
Some of these exchanges allow users to trade a variety of other financial instruments and even add leverage. [↩]
Promoters often claim that these protocols are just tools that help the unbanked but that is another way of saying the ends justify the means. [↩]
The observation around illicit deposit-taking is not new, I even wrote about it more than five years ago. [↩]
One reviewer noted: “The best argument stablecoin issuers have is “Paypal got to do it, why cant we?” the response to which is: Paypal shouldn’t have been allowed to do it, and we certainly shouldn’t repeat this mistake now when we have a real chance to fix up all of this mess.” [↩]
Another reviewer noted: “For stablecoin issuers this ‘fix’ could become a slippery slope resulting in a bifurcation of blacklisted versus white listed addresses (or coins). Today physical cash transactions are not KYC’ed but intermediaries have KYC obligations for a reason: because they are an intermediary engaged in regulated activities (e.g., holding client deposits). One of the innovations with cryptocurrencies was getting rid of account-based money but creating white and blacklisted addresses brings account-based money back in so if that happens why bother using it versus PayPal?” [↩]
State intervention already occurs via taxpayer subsidies to proof-of-work miners removing a raison d’être for proof-of-work mining. [↩]
We know empirically that the credit risk of commercial banks is not zero, hence why the supervisory departments at central banks regularly perform not just audits, but stress tests to see how financial institutions would weather systemic events. [↩]
It is quite common to hear professional coin traders claim that a governmental organization like FinCEN or SEC would never shut down an entity like Tether because the knock-on effect would be devastating… that Tether was “too important to fail.” Concentration of risk this early in the game is not a good thing. [↩]
The FDIC has a history of stepping in and protecting uninsured deposits as well. Do stablecoin issuers believe this is an implicit guarantee for future crises? [↩]
Office of the Comptroller of the Currency’s guidance from October permits national banks to hold fiat stablecoin reserves. This supports the argument that these “projects” are inextricably linked sovereign currencies. And while it is likely that Acting Commissioner Brooks is replaced under the upcoming Biden administration, changing that guidance may not happen. While it can be rescinded it is probably not a high priority and it is clear that some banks were already holding stablecoin reserves and the guidance just gave them more cover. A major caveat comes in its footnote #5 regarding a 1:1 ratio for collateralization that we know, for example, Tether Ltd has lied about before. [↩]
As noted in the Appendix: “Other relevant issues to maintaining the stability, or even basic credibility of a stablecoin relate to legal and operational issues. If the issuer of a stablecoin fails, the assets ideally should be in a legal structure that is “bankruptcy remote” i.e. the holders of the coins can claim the reserves in preference to other creditors of the issuer. The bankruptcy remoteness of the Libra foundation, or even the general recourse Libra holders would have to the reserves of the Libra foundation are currently unclear. For the stablecoins used in cryptocurrency trading such as Tether and the Gemini Dollar there are varying degrees of bankruptcy remoteness. JPM Coin (or almost any commercial bank-issued stablecoin) is supported by the overall balance sheet of the bank. Holders of JPM Coins would most likely be treated like any other bank account holder.” [↩]
Another reviewer commented: “The argument for exchanges and stablecoins to have direct Fed access to my mind is about protecting retail investors. Exchanges and stablecoin issuers encourage retail investors to make fiat deposits. These deposits are uninsured and there is no guarantee that the investor will ever get the money back. Tether specifically says in its legal documentation that it doesn’t guarantee to redeem USDT in actual dollars. Retail deposits can be lent to margin traders with or without the knowledge of the depositor, and they can also be leveraged up and traded by exchanges themselves, since exchanges seem to have no shame whatsoever about commingling funds. Fees can also be high, and naïve retail investors can be vulnerable to hacking if they leave their coins in hot wallets, as I suspect many do. This whole area desperately needs the sort of consumer protection that banks are forced to provide to their depositors. To my mind exchanges and stablecoin issuers should not be allowed to take retail fiat deposits at all unless they are licensed depository institutions, which would give them access to Fed liquidity. And retail fiat deposits on crypto exchanges should have FDIC insurance.” [↩]
A third systemic-like risk that a users faces is if and when a blockchain partitions and forks. Each issuer has a different view on handle these. For instance, according to the USDC User Agreement: “In the event of a fork of USDC, Circle shall, in its sole discretion, determine which fork of USDC it will support, if any.” [↩]
Note that Raphael Auer from the BIS wrote in response: “Interesting but that’s not what we know about the project.” Even if it turns out that the highly esteemed ex-PBoC source was wrong, the tweet still confirms that several things we call CBDCs are not direct claims on the Central Bank. And if they are not, maybe we should just call them e-money or similar terms for new forms of commercial bank money. [↩]
Projects like USC from Fnality are attempting to tokenize reserves at the central bank. While formal approvals have not been made, there is a possibility that non-banks are provided a pathway to opening an account at the central bank. For example, in July 2017, the Bank of England announced that it would allow direct access to RTGS accounts to non-bank payment service providers; this was followed up with a detailed information pack in December 2019. [↩]
There are several parallels between CeDeFi and permissioned-on-permissionless chains. For instance, introducing regulated intermediaries that collect KYC removes the raison d’etre for proof-of-work (as P-o-W was used to make Sybil attacks costly). [↩]
From a technical perspective, if these anarchic systems were fully resilient and sufficiently decentralized, it should not matter what laws are passed or enforced. Why? Because the assumption in 2008 and 2009 was that these proof-of-work networks would be operating in an adversarial environment. Currently the end-points (on-and-off ramps) act as weak, fragile links that can be compromised. As one reviewer quipped: “Based on the outcry on social media, cypherpunks seems to have gotten soft and forgot why proof-of-work is used.” [↩]
‘Nominalism‘ and why it is important to legally enforceable contracts and debt is a tangential point to this. As is nemo dat. [↩]
Some analysts and lawyers refer to a stablecoin as a “pegged coin.” [↩]
Note: TrueUSD (TUSD) was operating for an extended period without registering as a MSB. As of this writing, TrueCoin LLC (a subsidiary of TrustLabs) is now registered with FinCEN. [↩]
One reviewer commented: “Any system that involves trusting some central actor (a bank, an issuer) is not embracing the core element to cryptocurrency innovation, and is mostly just a way of using money over the internet. Since stablecoins (or coins issued by tokenized deposits at banks) fall into that category, I don’t think they’re fundamentally different from the banking I can already do today. I know some people disagree—they think the openness of the ledger still means something important—but I tend to think that’s not that big a deal if you have to rely on centralized actors again.” [↩]
Several of the “rebasing” tokens seem to be replicating the ‘Hayek Money‘ proposal from 2014. Whereas a number of the Seigniorage Shares projects frequently cite a paper authored by Robert Sams. Note: since rebase and Seigniorage Shares tokens do not custody any commercial bank-backed stablecoins, they may not be directly impacted by some of the proposed legislation. [↩]
Silvergate’s total cryptocurrency-related USD balances were up $500 million (39% QOQ) as of Q3 2020. Note: the Silvergate Exchange Network (SEN) is administered and operated by a single entity and is not a distributed ledger (blockchain). [↩]
There were several spikes for USDC beyond that amount, including one $24.1 billion spike on January 3, 2021. [↩]
Tether Ltd is incorporated in Hong Kong and registered with FinCEN, but in searching the Wyoming’s banking regulator, Tether Ltd is currently not listed. To be registered as a U.S.-based MSB, typically Tether Ltd would have to have a license with one of the state banking departments. What this means is: Tether Ltd is a foreign business that has chosen to register with FinCEN but Wyoming does not require MSBs that deal in cryptocurrency to get a state license. So Tether Ltd is operating in Wyoming as a transmitter, but does not have a license. That does not mean that the foreign jurisdiction where they reside regulates them. Many jurisdictions lack any sort of MSB framework. For instance, Canada does not have licenses for MSBs. So a Canadian business that transmits money does not operate by a separate set of rules from any other business, unlike in the U.S. where the state banking departments put limits on what sorts of assets MSBs and transmitters can hold. [↩]
There were several spikes for USDT beyond that amount, including one $211.3 billion spike on January 4, 2021. [↩]
There is leverage in the traditional foreign exchange marketplace too. Statista has a relevant chart showing average daily turnover in the global FX market. [↩]
One reviewer commented: “Credit is a huge part of the current monetary system. We would be wrong to ignore it when we talk about stablecoins, which are interconnected with the financial system. Stablecoin promoters who intend to disrupt this system often don’t understand the very system they are disrupting. For example, some issuers wouldn’t be able to answer how their stablecoins would account for potential inflation or deflation, how supply and demand for these coins would be stabilized, or what happens during a crisis. This also ties back to an understanding of interest rates, which is so often lacking among stablecoin disrupters and is an integral part of the current system. [↩]
Note: one of the common misconceptions of the STABLE Act is that stablecoin issuers would necessarily have to get a bank charter but the language of the actual bill provides lots of flexibility to regulators. [↩]
We do not want to conflate velocity with TVL or rehypothecation either. Without the ability to see an exchanges books, the leverage facilitated by on-chain lending protocols is likely a magnitude order less than the leverage provided by off-chain exchanges. [↩]
One reviewer commented: “The rapid growth in DeFi is directly correlated with the developments of the current generation of stablecoins, and this has been used to justify DeFi’s current value proposition. As a result, I do not see that as a sustainable way to create real value because of the dependency on these types of stablecoins. Programmable money and programmable assets is where the real innovation is and ideally neither should be reliant on pegged coins.” [↩]
In other words: if large portions of “DeFi” applications rely on USDC or USDT, arguably this is incompatible with cypherpunkism or the decentralize-all-the-things meme. [↩]
One reviewer noted that: “Cryptocurrency, like Bitcoin, was supposed to be sui generis. But if you peg or wrap to a fiat currency you are going to fall into regulatory problems. Even if DAI itself was just cryptocollateral they have a human-run governance mechanism and it is pegged to the dollar so it could fall under Securities law or Exchange regulations. If DAI remained entirely crypto, would be less problematic.” [↩]
Maker maintains a public forum in which new types of collateral are proposed and voted on. [↩]
In contrast, RAI only uses ETH as collateral and Seigniorage Shares is re-based solely on endogenous info. It is arguably hard to do but using endogenous data from the chain itself to rebase the coin value leads to a more resilient app and system (e.g. hard to switch off). [↩]
Coin promoters – some of whom call themselves as cypherpunks – can ignore whatever regulations they want but that doesn’t prevent regulators and law enforcement from attempting to regulate and enforce activities in their remit. Over time the modus operandi of some coin promoters has shifted away from an endogenous engineering effort: ‘we have built an anti-fragile sovereign network and exited, so who cares what the government does.’ It has shifted towards an exogenous model, wherein coin promoters ask their followers to write to policy makers and donate to coin lobbyists because a popular “dApp” relies on something that the government regulates. [↩]
Friedman LLP was the most recent auditor and they publicly walked away from Tether Ltd in 2018. See also research from professor John Griffin. [↩]
One germane social media comment: “Stablecoins are IOUs with collateral in state-issued money. You can not expect non-intervention from State if you peg your asset to money issued from State. Stablecoins are Statecoins.” Another said: “If your coin is pegged to the USD, I don’t think you’re sticking it to The Man quite as much as you think you are.” [↩]
Felix Salmon arguably had the most adroit take on the pushback against the STABLE Act. [↩]
Another example: during the summer of 2014, rumors circulated that the BitLicense was about to be enacted (it wasn’t until the following year). During one of these periods, billionaire Tim Draper and his son, Adam, hosted a public meetup at their “university” in San Mateo. Multiple speakers repeated the same erroneous claims that the license would stymie “innovation.” Another memorable exchange was an reddit AMA with Ben Lawsky (then-Superintendent of Financial Services and architect of the BitLicense) in which the word “innovation” was flung around a lot as well. [↩]
Executives from overseas cryptocurrency exchanges used to tell investors and potential investors that they had submitted paperwork to receive a BitLicense. This “impressive feat” was meant to show how “legit” the exchange was. One story involved Bobby Lee, then the CEO of BTC China, telling potential investors in the U.S. that BTC China had filed the paperwork with DFS. But what was left unsaid was that the application was mostly left blank and may actually have never been sent at all. [↩]
Following the WSJ exposé, ShapeShift implemented identification checks for all trading activity. [↩]
Note: I did say something similar to that on stage at the American Banker event. It was a panel that included Barry Silbert, who coincidentally was helping ShapeShift fundraise the next round at that time. It was the only panel whose video was not published online because not all of the panelists would give A/V permission to do so. The funding round was announced two months later. [↩]
Payward Inc is d/b/a Kraken. It is registered with FinCEN as a MSB and has licenses in more than 50 territories and states. Strangely, Kraken’s Chief Legal Officer – Marco Santori – recently said Kraken is not a MSB: “Kraken is not a money transmitter. We haven’t sought licenses in the U.S. This is an alternative path to that, speaking purely from the regulatory perspective. The SPDI charter will help us to satisfy those rules as we seek to bring more and more of the payments flow in-house.” Technically speaking, a MTL is a subset of the MSB but unclear what that means in the context of Kraken or Tether Ltd. [↩]
One of Kraken’s vocal investors, Caitlin Long, lobbied on their behalf in Wyoming and helped them gain approval for an SPDI. It will be interesting to see which bank(s) in New York handle the correspondence wiring between the two states. [↩]
Dozens, perhaps a couple hundred, ICOs have registered in Singapore. The accommodative stance from MAS stems in part due to political influence from senior leaders, some of whom are believed to own ICO tokens. [↩]
One reviewer commented: “It is probably too extreme to requires cryptocurrency exchanges and stablecoin issuers to become licensed banks. I think exchanges and stablecoin issuers that don’t deal with retail investors should be allowed to do what they like on the understanding that if they get into trouble, they will have no help whatsoever from the Fed Reserve or the U.S. government. But exchanges and stablecoin issuers that take retail deposits must be licensed and subject to banking regulation, and there may also need to be legislation to enforce structural separation of retail deposit-taking from crypto trading – something like a modern Glass-Steagall Act.” [↩]
Technically speaking Visa is a card association that provides products to intermediaries, including access to VisaNet. Visa directly competes with China UnionPay and Mastercard. They operate tangentially to Square or Stripe who operate payment gateways on behalf of merchants. In his debate hosted by The Block, Jeremy Allaire conflated USDC issuance with activity on PayPal and Venmo. This is apples-to-oranges because USDC issuance and redemption happens at the very edge. And unlike PayPal and Venmo (who can continuously surveil internal accounts), USDC via Centre cannot on Ethereum. In fact, PayPal will not allow cryptocurrency-related transfers because the organization would be unable to comply with the “Travel Rule” or other FinCEN reporting requirements which by definition would mean USDC operates under a less strict framework relative to commercial banks. Note: other brokers such as Robinhood, Sofi, and Webull also do not allow users to transfer coins. [↩]
There is some irony in how proof-of-work (P-o-W) chains have evolved. Initially P-o-W was used because Satoshi wanted to make Sybil attacks expensive in an adversarial environment with unknown participants including governments. Over time, as the dependency on U.S. and E.U. banks has grown, many promoters are now stating that governments better not (properly) regulate commercial bank backed-tokens despite some of these same promoters linking their KYC’ed wallets to other intermediaries. In theory, anarchic chains maneuver around The Man, by decentralizing and pseudonymizing the set of parties responsible for processing transactions. But in practice, most activity — more than 80% — still takes place between trusted intermediaries. [↩]
From a systemic standpoint holding specific parties (issuers) responsible for activities they permitted (or were involved in) is a positive development. Why? Because, like banks or even payment processors, stablecoin issuers would have to monitor malignant behavior more closely than it does today. [↩]
For perspective, at the state level there are MSB and/or MTO licenses that the entity such as a cryptocurrency exchange has to apply for. A couple of states don’t license this activity, hence why a few large cryptocurrency exchanges have 47 or 48 licenses. At the federal level the entity also registers with FinCEN (and then complies with the BSA). [↩]
I wrote the most widely cited paper on “permissioned chains,” the creation of which was spurred by the inability of P-o-W chains to provide settlement finality or meet other requirements of the PFMIs. [↩]
Bears mentioning that if any anarchic chain has to rely on exogenous legal or financial support then it is not sovereign or anarchic. For example, each day somewhere there are multiplecourts around the world in which aggrieved parties sue one another because of activities involving cryptocurrencies. While some of the outcomes remain as judicial precedent, others could become codified as statutes by legislatures. In either case, the disputes are not being handled on-chain. This off-chain dispute handling is another example of the “parasitic” reliance that anarchic chains continue to have on exogenous legal systems. [↩]
For example, Coin Center published an article scaremongering readers into thinking the STABLE Act would – among other allegations – criminalize node operators. Vocal maximalists did the same thing. Not only are these claims unfounded but neither of these groups are focused on consumer or taxpayer protections. Commercial entities involved in money transmission, payment services, and/or using financial market infrastructure have to comply with a sundry of requirements in each jurisdiction they operate in. Irrespective of how mining nodes or non-mining nodes are categorized in the U.S. (or elsewhere), a “sufficiently decentralized” network should be resilient in an adversarial environment, including one with State-sponsored law enforcement snooping around. No one but faux “crypto lawyers” are talking about outlawing anonymous ledgers or chains. In other words, non-neutral critics are dwelling on remote edge cases that are outside the Overton Window. No law enforcement is going to go door to door searching for a Raspberry Pi node. [↩]
One reviewer explained: “At both the state and federal level, governmental bodies in the U.S. have done a lot of heavy lifting and diligence to understand the cryptoasset and blockchain space. They have given it space to grow and develop, much more so than other innovations like drone deliveries which are just now being approved. For instance, the SEC created FinHub in 2018 which has its own permanent office; and in 2020 the SEC released a safe harbor proposal for special purpose broker dealers for custody of digital assets. If U.S. regulators wanted to kill the cryptoasset space, they could always go to the extent of cutting the cables, and destroying the servers, or using physical force and throwing everyone involved in jail, but what they have done was the opposite. It may have taken a couple of years to build capabilities and get it right, but they have devoted real resources and staff to make sure they understand what cryptoassets and blockchains are.” [↩]
According to a recent article from Politico, the Office of Terrorism and Financial Intelligence is one of the few areas at Treasury under Secretary Mnuchin that has seen a resource bump. This trend could continue under the Biden administration as the recently passed NDAA included provisions (Section 6102) to enhance FinCEN’s capabilities and widen the definition of what a financial institution and money service transmitter are to broadly include other entities such as all virtual asset service providers (VASPs). [↩]
A savvy prosecutor could probably make an easier case for why a mining pool / block maker is legally liable for say, knowingly processing ransomware payments because they are the “issuers” of coins. Whereas it may be harder to build a case against a vanilla non-mining node operator who merely performs non-administrative tasks. [↩]
Run-of-the-mill “validating” nodes are not equivalent to actual miners who process transactions and build blocks. Without re-earthing the multitudinal debates around UASF / SegWit2x circa 2016-2017, mining pools are objectively in a different league. Non-mining nodes are often (but not always) overstated in importance on anarchic chains. With Deadcoins.com as evidence, proof-of-work chains live and die by miner participation. [↩]
Of the ten pools, the sole exception was Bitfury, who uses its political connections in the Republic of Georgia to receive taxpayer subsidies for its massive mining operations. About 10% of the energy production in the Republic goes towards powering Bitfury’s mining rigs. [↩]
This is not an idle thought experiment. In 2016, fraudulent wiring instructions from a compromised SWIFT account of the Central Bank of Bangladesh resulted in multi-year, multi-national investigation. Whereas the hackers attempted to transfer $1 billion to the Philippines, because of the financial controls and fraud detection framework at the New York Federal Reserve (which clears these types of transactions), only 10% of the total funds were transferred and of the stolen funds about 15% has been recovered. In contrast, throughout 2020, the hacker(s) in control of the stolen Bitfinex coins continued to peel off portions of the heist into unknown wallets. The restitution to the Bitfinex victims is itself worth looking at, as it involved the exchange self-issuing two different IOUs (BFX and RRT). Further Balkanization via more tokens by intermediaries is not the answer to hacking, oversight and accountability are. [↩]
One reviewer commented: “In theory, all prudential regulations should be proportional to the risks. In addition to payment versus lending, most stablecoins are likely too small to be categorized as “systemic.” This is not an argument to not regulate them, it is one to phase in levels of regulation on stablecoins based on design and scale. Nobody wants to hear this, but here ETFs are probably a better parallel than banks. Maybe a way out is opening access to Central Bank accounts to stablecoin issuers (not individuals directly) and regulating other types of stablecoins as securities.” [↩]
In the Ethereum world there is clear separation between a reference design (Yellow Paper) and client implementation. In practice, there are multiple independent teams working on different client implementations written in different coding languages. In the event one team disappears or one implementation has a bug and crashes, the network can continue to work. Pluralism creates resiliency. In contrast Bitcoin is developed in the opposite manner: the Bitcoin Core implementation used by block makers is also the reference design. Confusingly, a group called “Bitcoin Core” acts as a gatekeeper to the Bitcoin Improvement Proposal (BIPs) and have used their position to lobby exchanges and miners to prevent or stifle certain alternative client implementations and/or BIPs from being adopted (such as SegWit2x). See: Who are the administrators of blockchains? [↩]
[Note: this is part of a standalone document written by Martin Walker in late 2019. It has been edited and condensed as it provides important considerations surrounding the topic of stablecoins. For more context, be sure to read the accompanying Parasitic Stablecoins article.]
In spite of the relative immaturity of “Stablecoins” as both an asset class and as a form of financial sector technology, they has recently attracted a huge degree of attention from regulators, central banks, academia, the media and many parts of the financial sector. This attention has particularly intensified since the announcement by Facebook of its own stablecoin (Libra) on June 18, 2019.
Reportedly prompted by this, a joint committee was formed by central banks from the G7 group of major economies, the International Monetary Fund (IMF) and the Bank for International Settlements (BIS).1 This group reported its own findings, focusing on potential regulatory and economic impact in October 2019.2
Defining stablecoins can be challenging business because there are already a significant number of variations and some of the most discussed stablecoins are still in development. The most basic and broadest definition includes three main characteristics,
They are intended to perform at least two of the main characteristics of money, acting as a means of exchange and as a short-medium term store of value
They use some variant of Distributed Ledger Technology (DLT) to record and transfer ownership in a similar way to cryptocurrencies such as Bitcoin and Ether
They are intended to have a value that is relatively stable compare to major currencies.
While most research on stablecoins focuses on the economic and regulatory implications, the purpose of the this paper is to present an analysis of the practical implications for key processes such as payments and settlement, not to mention the potential impact on systems within financial institutions and overall financial market infrastructure. Stablecoins as both an asset class and to some extent a form of financial sector. Consequently they have challenges to adoption in terms of competing with the current world and interacting with it.
Stability and Collateral
The most straightforward step to create a form of digital currency that has a stable value is to peg its value to a financial asset with a stable value. Most stablecoins are pegged in value to a specific currency. Tether is pegged in value to the U.S. dollar on a one-to-one basis. Others are pegged (or proposed to be pegged) to a basket of currencies. Libra was originally proposed to be pegged in value to a basket consisting of the U.S. dollar, euro, yen, British pound and Singapore dollar. Other stablecoins attempt to achieve a higher degree of stability by pegging their value to a basket of assets, including cryptocurrencies, in the belief that diversification alone will achieve a higher degree of stability. Finally there are stablecoins pegged in value to commodities such as gold or oil. Claiming to have a pegged value does not (as is discussed below) mean a stablecoin is fully backed by funds in that currency.
Maintaining a peg is much harder than simply claiming a stablecoin has a value pegged to another asset or basket of assets.3 The degree of stability depends on
The type of reserves
The proportion of reserves relative to the amount of stablecoins issued
The nature of the issuer of the stablecoins
The legal structure including the protection of the reserves from the issuers creditors in the event of the issues default
Real or proposed stablecoins have reserves in one or more of the following types
Deposits in a commercial bank marketed as providing one-to-one back – this is the backing claimed by Tether, the Gemini Dollar, Pax and many others.4
Backed by the balance sheet of the issuer where the issuer is a bank. JPM Coin, at least based on initial news about the proposed stablecoin, would be supported by the balance sheet (i.e. the assets and capital of JPMorgan). From a credit and valuation perspective it should be broadly equivalent to funds deposited in a JPMorgan bank account.
Backed by a basket of bank accounts and other financial assets – According to the Libra whitepaper the stablecoin would be supported by assets held by the Libra foundation consisting of bank deposits and short term debt denominated in a basket currencies, subsequently announced as the U.S. dollar, euro, yen, British pound and Singapore dollar.5 Potentially the set of assets held by the Libra Foundation could include central bank reserves, subject to being allowed to open reserve accounts.
Stablecoins backed by a reserve of cryptocurrencies can be one of the most transparent ways of demonstrating the existence of a reserve. If created correctly holders would be able to check the balances of cryptocurrencies held by addresses relevant to the stablecoin. Unfortunately due the relatively high correlation of all major cryptocurrencies to each other means it is unlikely that the degree of diversification that could be obtained would provide much stability.
Algorithmic stablecoins such as the proposed, “Basis” Coin are intended to be a form of currency that had stable value but which was not fully collateralised. The plan for Basis was for it to be partially collateralised but to use an algorithm to maintain stability by buying or selling the coin in the market. The problem with a “currency” created like this is that it creates the incentive to short the asset, perhaps one of the reasons Basis was abandoned.
It is easy to claim a stablecoin is pegged to the value of an established currency and is backed by reserves is not by itself, it is another matter to maintain a stable value for a stablecoin some of which, such as USDT, experience periods of extreme instability.
Central Banks could potentially issue a form of electronic money that had the same economic characteristics as physical cash or central bank reserves. This is typically referred to as Central Bank Digital Currency (CBDC). CBDC could be issued on some form of DLT (making it a form of stablecoin) or a centralised system. While there have been experiments by central banks with central bank money issued on distributed ledgers, no central bank has announced plans to create a “stablecoin.” The People’s Bank of China has been developing the concept of a form of using digital cash (potentially using DLT) for five years but nothing is in production yet. As of late-2019 the closest thing to a real world CBDC system was Ecuador’s failed attempt, the Dinero Electrónico, which was launched in 2015 and closed in 2018.6
Other relevant issues to maintaining the stability, or even basic credibility of stablecoin relate to legal and operational issues. If the issuer of a stablecoin fails, the assets ideally should be in a legal structure that is “bankruptcy remote” (i.e. the holders of the coins can claim the reserves in preference to other creditors of the issuer). The bankruptcy remoteness of the Libra foundation, or even the general recourse Libra holders would have to the reserves of the Libra foundation are currently unclear. For the stablecoins used in cryptocurrency trading such as Tether and the Gemini Dollar there are varying degrees of bankruptcy remoteness. In the USC model, Fnality funds would be set up in a bankruptcy remote structure. JPM Coin (or almost any commercial bank issued stablecoin) is supported by the overall balance sheet of the bank. Holders of JPM Coins would most likely be treated like any other bank account holder.
For any stablecoin to remain truly stable it would need an issuer willing to buy and sell the stablecoin at par, or a very small spread above and below par. Even existing stablecoins with better controls that Tether such as Pax or the Gemini Dollar shows significant fluctuations in price. Convertibility on demand causes challenges for stablecoins, it would increase the probability in most jurisdictions that issuers would need to treat the owners of their coins as their customers for AML/KYC purposes. It would also cause challenges in terms of liquidity management. According to the Libra white paper, only specified liquidity providers will be able to buy and sell Libra directly with the Libra foundation. Other holders of Libra will not be able to redeem their Libra directly. JPM Coins will simply be transferred to or from client’s existing J.P. Morgan bank accounts.
Auditing of the reserves and the controls that are put in place to ensure the reserves are segregated from the issuers other liabilities is another fundamental feature required for maintaining price stability against the assets pegged against. One of the major reasons for the volatility of Tether was the lack of a recognised audit of their reserves and the worry, subsequently proved to be correct, that the Tether was not fully backed by reserves held as bank balances.7
Payment and Settlement Processes
For stablecoins to be effective as a part of conventional Financial Market Infrastructure as opposed to just being a tool to support cryptocurrency trading, they need to support the following fundamental processes that involve the transfer of money, either one way movement or synchronised with the movement of money or securities in the other direction.
Payments in between two parties in the same jurisdiction in the local currency.
International payments typically involve a foreign exchange transaction as the sender’s home currency is converted in the recipient’s home currency. In many cases such as cross-border payments within the Eurozone there may be no need for a foreign exchange transaction.
Delivery versus Payment is the synchronised exchange of a security for cash. DVP is used in both the settlement of purchase/sale of securities and the temporary exchange of cash in securities in areas such as Repo and Securities Lending. In conventional financial markets. Currently DVP requires the use of a trusted third parties such as a Central Securities Depository/Securities Settlement System e.g. DTCC or Euroclear or a custodian.
Payment versus Payment, is the synchronised exchange of two different currencies. PVP is used for the majority of transactions by volume in the foreign exchange payments using the services of CLS Bank.
Holding a financial asset on behalf of the economic owner of the asset. Custodians provide of a variety of services in addition to basic safe keeping of assets including, lending securities, financing long positions and dealing with corporate actions and events.
Temporarily delivering financial assets to another party to offset credit risk is fundamental part of the operation of most financial markets. Collateral in the form of money, securities or other financial assets may be delivered to the counterparty, a central bank, a tri-party agent or a CCP depending on the nature of the transaction
Novation is the transfer or contractual obligations and rights from one of the original parties to a contract to another party.
Domestic payments between customers within the same bank are always the most technically and operationally simple to process. Most banks should have little difficulty in processing payments in anything less than a few seconds and at minimal cost. Fundamentally all users of a particular stablecoin will essentially have an “account” at the same virtual bank, or in the case of JPM Coin or Signet, the same actual bank. Even if a bank has archaic batch-based or even paper-based solutions for internal transfers, using DLT is just one of many possible approaches to speeding up transfers.
Domestic payments between parties that bank use different banks is more considerably more complicated than payments within the same bank because of the need for banks to manage intra-day liquidity in order to avoid running out of the funds required to meet their liabilities.
However huge progress has been made in this area over the last two decades. Payments between parties that bank at different banks has been made close to instant in most developed countries through the implementation of low cost and efficient Real-Time Gross Settlement (RGTS) systems and internationally via initiatives such as SWIFT gpi.
Previously settlement of domestic payments was based on systems that used Deferred Net Settlement (DNS), basically settlement of payments was made at the end of the day after all payment instructions had been received and the net amount each bank owed each other was calculated. The existence of RTGS in over 90 countries has demonstrated that making payments instantly and settling in central bank cash does not remove the problems of liquidity or even credit risk. Central Banks have found the need to implement additional measures to avoid problems resulting from the “lumpy” nature of payments flow between banks, stress conditions and banks passively releasing their own payments after receiving payments from other banks.8
To deal with these issues central banks introduced a variety of mechanisms including Liquidity Savings Mechanisms (LSM), which group together payments before releasing to get smoothing payment flow, targets for the proportion of payments released immediately, and lower fees for the releasing payments earlier during the day. Stablecoins, if they reach sufficient scale, would not get rid of any of these problems and it is likely they would have to replicate the same mechanisms. It is worth noting that as part of its experiment with DLT in domestic payments (Project Ubin) the Monetary Authority of Singapore implemented an LSM using DLT.9
While small scale international payments for many countries can take minutes, wholesale payments can still take days, particularly if they involve the settlement of a related foreign exchange transaction. Based on analysis by SWIFT some of the key sources of delays in international payments include, errors within the systems and processes of both the sending and recipient banks, the need to carry out checks for Anti-Money Laundering (AML) and combatting the financing of terrorism (CFT) and in some countries the operations of exchange controls.
Stablecoins do not innately solve any of these issues, particularly where the desired end result of a payment in a deposit in the bank account of the ultimate recipient in the appropriate currency. More retail-focused stablecoins such as Libra may simplify international payments if Libra is used to directly purchase goods and services. However, holders of Libra (assuming Libra is backed by assets in a basket of currencies) will be exposed to the market risk of fluctuations in exchange rates. It is also unclear what the costs will be on converting into and from Libra.
The need for payment-versus-payments is an essential need for wholesale FX trading, to avoid settlement or “Herstatt” risk. This is risk that one party to an FX transaction delivers the currency they have sold but the other party does not deliver the currency they are owed, for example due to bankruptcy.
PVP currently requires a trusted third-party to manage cash flows including the release of funds when both parties have delivered the required currency. The majority of foreign exchange transactions are settled through CLS Bank, which provides multilateral netting and connections to the RTGS systems of 17 central banks. On a typical day CLS settles $5 trillion of transactions. The ability to net settlements on a multilateral basis for over 90 of the world’s largest financial institutions allows CLS to reduce the net amount of funds that have to be transferred by 96%.10
The potential opportunity claimed for some stablecoins is the ability to implement a PVP mechanism without the need for having a third party involved and a shorter (if not instant) settlement cycle. The mechanisms required to support PVP using a stablecoin depend on where and how the two currencies are represented. Excluding cryptocurrency related stablecoins such as Tether or Pax, there are the following combinations.
Scenario 1 – Currency 1 and Currency 2 are stablecoins created by the same issuer
Scenario 2 – Currency 1 and Currency 2 are stablecoins created by different issuers
Scenario 3 – Currency 1 is a stablecoin and Currency 2 is a fiat currency
Scenario 1 – USC is currently planned for up to 5 currencies and also plans to have separate ledgers for each currency. Therefore to achieve PVP they would need to create smart contracts that operate on two ledgers simultaneously. Fnality plans to use an architecture called Ion produced by Clearmatics but this is still a work in progress.11 Ion is also planned to support PVP between different ledger technologies such as Ethereum and Hyperledger Fabric.
A more commonly discussed model for dealing with assets on different ledgers, potentially ledgers implemented using different DLT is the “Atomic Swap” where a smart contract on one ledger will only allow the transfer of funds if funds have been transferred on the other ledger:
“Atomic swaps solve this problem through the use of Hash Timelock Contracts (HTLC). As its name denotes, HTLC is a time-bound smart contract between parties that involves the generation of a cryptographic hash function, which can be verified between them. Atomic swaps require both parties to acknowledge receipt of funds within a specified timeframe using a cryptographic hash function. If one of the involved parties fails to confirm the transaction within the timeframe, then the entire transaction is voided, and funds are not exchanged.”12
All the proposed technical models for achieving PVP for ledger-based assets are in the early stages of development. In some proposed stablecoins the degree of centralisation of the stablecoin would make it easier to use an established technology and process design to achieve PVP.
Achieving PVP between a stablecoin and a conventional currency, without involving an intermediary is considerably more problematic. The nature of conventional forms of money mean they are inherently centralised either as a record at a commercial bank or a central bank. Possible models of interaction with existing payment infrastructure is described in the next section “Interaction with Current Financial Market Infrastructure.”
In terms of shortened settlement cycles, stablecoins used for PVP are likely to come into competition with services such as CLS Now, which allows same day settlement of FX transactions using PVP for Canadian dollars, Euros, Pound Sterling and US dollars.
Interest Charges and Payments
It is very easy in a low interest rate environment to forget stablecoins are likely to need some capacity for the payment and collection of interest on balances. This is a particularly strong requirement even now for stablecoins that are proposed to be based by central bank reserves.
For currencies (at time of writing) where the central bank has negative interest rates on balances in reserve accounts (for example the -0.5 % charged by the European Central Bank), it will be necessary to pass on the charge to the holders of stablecoins otherwise the issuer of stablecoins will rapidly become involvement. The issuer of the stablecoins (who holds the backing funds in a reserve account) will need to carefully track who held what balances for what time periods and charge relevant holder, deducting interest owed from balance in the stablecoin or be able to charge interest directly if there are insufficient balances in their stablecoin wallet to pay interest. This inherently introduces and element of credit risk.
Similarly, where a central bank pays interest on reserve accounts it will be necessary for interest to largely be paid on to the relevant stablecoin holder otherwise there is a major disincentive (even at low positive rates) for firms to hold balances in stablecoins for anything other than the shortest possible duration.
Delivery versus payment is the synchronised exchange of a security for cash. DVP is used in both the settlement of purchase/sale of securities and the temporary exchange of cash in securities in areas such as Repo and Securities Lending. Currently DVP requires the use of a trusted third parties such as a Central Securities Depository (e.g. DTCC or Euroclear or a custodian).
DVP presents many of the same challenges and opportunities as PVP. Three key scenarios would need to be dealt which are similar to the PVP scenarios.
Scenario 1 – Stablecoin and securities are both created by the same issuer that contains the same overall network but data is stored on different ledgers
Scenario 2 – Stablecoin and securities are recorded on different ledgers run by different organisations and potentially using different forms of DLT.
Scenario 3 – Stablecoins would need to be exchanged for securities where ownership is recorded on a central database controlled by a Central Securities Depository or a Share Registrar.
Neither Fnality, JP Morgan, nor Libra have currently announced plans to issue securities on the ledgers they are planning to build to support their stablecoins. This currently leaves only scenarios 2 & 3 as plausible short-term possibilities. Scenario 2 raises the same challenges described for PVP but assumes a significant number of securities would be available as securities that are initially issued as on a distributed ledger or are tokenised versions of conventional securities.
A “tokenised” security is one where the original security is “immobilised” i.e. held in trust by a third party such as custodian and economically and legally equivalent representation of the security is recorded on a Distributed Ledger. There is currently only a small number of securities either issued on distributed ledgers or tokenised. Those that have been issued are typically small scale pilots. Interacting with a CSD to achieve DVP is problematic for the same reasons as trying to achieve PVP between a stablecoin and a conventional asset.
In the existing financial world, financial assets are held in the name of a third party for a variety of reasons including security and the desire to gain access to the range of service offered by custodians. Custodians provide a range of services that go beyond simply safe keeping of assets. These include operating lending programmes for securities, lending funds against the security of assets held and the processing of corporate actions on securities.
Keeping cryptocurrencies and other crypto-assets with a third party has grown in popularity because of the inherent vulnerability to theft of that most cryptocurrencies and crypto-assets. Obtaining a private key is all that is necessary to transfer all the assets associated with that key.
It is nearly impossible to cancel ore reverse transactions if assets are stolen or even sent to the wrong party by mistake. This is a feature included in cryptocurrencies such as Bitcoin, by design. Reversing transactions in the event of crime or area depends on either law enforcement seizing the private keys or other parties co-operating to return assets (which may have costs) – This is due to lack of central control. Anyone can attempt to “fork” most blockchain based systems but this technical process which basically comes down to re-writing history and pretending certain events did not happen is dependent on the co-operation of a critical mass of infrastructure providers called “miners.” And the loss of the private key means the assets are essentially gone for ever and impossible to retrieve.
Custody of most crypto-assets means handing over the private keys to a third party and attempting to ensure that private key is not used by the third party or their staff to steal. With some custodians, private keys are printed on paper and kept in physical safes. Private keys are broken up into pieces and distributed across multiple systems. In the worst case this simply increases the risk of losing access to the crypto assets.
The need for this form of custody essentially depends on the extent to which a stablecoin is operated on a decentralised ledger. For Libra the extent of decentralisation is currently unclear. For Fnality and JPM Coin the high degree of central issuance makes it unlikely that cryptocurrency type of custody would be required. It is likely that organisations wishing to hold wholesale forms of stablecoins may wish a third party to hold their balances in order to outsource the processing of stablecoin transactions, including payments, receipts and conversion to or from conventional currencies.
The final area of processing that stablecoins would need to support is the ability to give or receive them as collateral. Collateral is provided either to a counterparty or trusted third party such as tri-party agent or CCP to offset the credit risk arising from other financial transactions such as derivatives trades. In principal there should be no major issues providing stablecoins as long as the recipient has the technical infrastructure to process stablecoin transactions, value stablecoins and the ability to represent them correctly in systems such as their risk, finance, accounting and operational systems.
Inter-Operating and Competing with Existing Infrastructure
Stablecoins that are designed to appeal to a wider range of users than cryptocurrencies have to be capable of integration with existing financial market infrastructure. To be accepted by regulators they also need to comply with the appropriate regulations for each jurisdiction. This section describes the types of market infrastructure that will need to be integrated with and the challenges that creates.
The Challenge of Integration
One of the major and inherent weaknesses in the design of cryptocurrencies is the problems that arise when a new form of financial infrastructure is designed without giving any thought to how to integrate with existing infrastructure, whether in terms of market level infrastructure or internal to financial services firms.
The current cryptocurrency industry did not grow to its existing size by operating as a parallel payments and banking system that provides alternative ways to make payments or store value. It grew by throwing away the basic principles of decentralisation and disintermediation by recreating centralised systems (i.e., intermediaries) that kept a parallel record of cryptocurrency holdings to that stored on the ledgers of the relevant cryptocurrency. The repeated hacks, thefts, and other failings consistently demonstrated that this centralised infrastructure to support decentralised assets was seldom built with any regard to meeting the BIS Principles, or even in some cases local laws.13
Challenges to integration largely arise from the factors present in most forms of DLT:
Lack of central control over the operation of the system
Lack of central control of the deployment of changes to code
General inability to stop transactions
General inability to reverse transactions
Global visibility of all transactions
Owners not identifiable
Dependence on a cryptocurrency to pay for processing of transactions
Many of these features have been abandoned or worked around as the various forms of DLTs have evolved but to vary degree represent challenges both in terms of integration to FMI and the operation of the key processes related to settlements and payments. Sometimes to the point where it is questionable why a form of DLT makes any sense at call compared to conventional Centralised or Distributed Systems.
Forms of inter-operability
The following are the potential conventional forms of infrastructure that the next generation of proposed stablecoins will would potentially need to interact with.
In the following section we focus on the conventional types of financial market infrastructure described below that would be significantly impacted by the more widespread adoption of stablecoins.14
“A set of instruments, procedures, and rules for the transfer of funds between or among participants; the system includes the participants and the entity operating the arrangement.” This includes the various RTGS.
Central Securities Depositories (CSD)
“An entity that provides securities accounts, central safekeeping services, and asset services, which may include the administration of corporate actions and redemptions, and plays an important role in helping to ensure the integrity of securities issues (that is, ensure that securities are not accidentally or fraudulently created or destroyed or their details changed).”
Securities Settlement Systems (SSS)
“An entity that enables securities to be transferred and settled by book entry according to a set of predetermined multilateral rules. Such systems allow transfers of securities either free of payment or against payment.”
Central Counterparties (CCP)
“An entity that interposes itself between counterparties to contracts traded in one or more financial markets, becoming the buyer to every seller and the seller to every buyer and thereby ensuring the performance of open contracts.”
“CLS Bank (CLS) is a limited purpose bank for settling FX, based in New York with its main operations in London. It is owned by 69 financial institutions which are significant players in the FX market. It currently settles trades in 17 currencies. CLS removes principal risk by using PVP – you get paid only if you pay. On settlement day, each counterparty to the trade pays to CLS the currency it is selling – eg by using a correspondent bank, as with the example in the previous box. However, unlike the previous example, CLS pays out the bought currency only if the sold currency is received. In effect, CLS acts as a trusted third party in the settlement process.”16
Internal Financial System Infrastructure
The core internal infrastructure of banks and financial institutions. This includes systems used for risk management, P&L calculation, transaction execution and accounting
Payment Systems (PS)
Stablecoins that are backed (in whole or in part) by bank balances at commercial or central banks will need some degree of integration with a payments system or the payments infrastructure of a given bank. This will be necessary to process the receipt of funds that preceded the issuance of new coins, outgoing payments when there is a redemption and potentially payments or receipts of interest on stablecoin balances. A stablecoin based on central bank reserves would generally need to be connected to some of Real-Time Gross Settlement system to minimise delays in the issuance of new coins.
Such integration is generally straightforward assuming the issuer of stablecoins is allowed to access directly relevant payment systems. A more interesting question is the impact of stablecoins as a competitor to conventional payment systems.
A stablecoin denominated in a single currency needs to demonstrate it has some form of superiority in terms one or more of the following
Reduced Operational Risk
Ability make payment conditional on other parts of a financial transaction (as in the case of PVP, DVP etc.)
While at the same time dealing with the challenges of ensuring there is sufficient liquidity in the stablecoin network for parties to meet their obligations. The experience of introducing RTGS in over 90 central banks since 1980s demonstrated that allowing a pure system of gross settlements in payments, with participants free to release payments at any time can cause liquidity issues that need to be dealt with by technical changes, such as the implementation of Liquidity Saving Mechanisms (LSM).17
To quote the New York Fed:
“Liquidity-saving mechanisms (LSMs) are queuing arrangements for payments that operate alongside traditional real-time gross settlement (RTGS) systems. LSMs allow banks to condition the release of queued payments on the receipt of offsetting or partially offsetting payments;”18
Some central banks also created rules/targets for when payments should be released or financial incentives for early release of payments.
Retail focused stablecoins need to be able compete with faster payments, credit card and debit card networks. Payments mechanisms that can be highly efficient in many economies. In cross-border payments, stablecoins need to be able to demonstrate they are a more efficient mechanism for dealing with the major areas of delays and costs such as compliance with AML rules and in some markets exchange controls.
Central Securities Depositories & Securities Settlement Systems
For infrastructure such as Euroclear, DTCC, ASX’s CHESS system or Takasbank in Turkey to perform delivery versus payment, they need to have access to a security register to update ownership records and a funds belonging to participants, either held directly at the FMI or at a Central Bank. They also need to be able to provide trade capture, matching and netting capabilities.
For a stablecoin to be used in the DVP settlement, the FMI needs to be able to directly access stablecoin balances belonging to the participants in trades, either directly or on behalf of participants by a third party. This would require work by both the CSD/SSS and the stablecoin provider. There is no obvious benefit from this arrangement. Other systems belonging to the CSD/SSS would need to be modified to represent what is effectively a new currency. For countries that have long established infrastructure in this area, it quite likely adding an additional currency would require additional effort.
Central Counterparties (CCP)
Any organisation likely to acquire large balances in high quality stablecoins is likely to want to be able to provide those stablecoins as collateral in bilateral transactions, with central banks and with Central Counterparties. Should CCPs chose to accept stablecoins they would need to make significant changes to their systems to interact with the relevant distributed ledgers and set them up as new currencies or asset classes within their systems.
CLS is such a fundamental part of the global financial market infrastructure that any stablecoin that is used on a very large scale is likely to need some degree of integration. It should be remembered though that the vast majority of currencies (by number not importance) are not supported by CLS. Potentially a stablecoin could be added as another CLS currency allowing the benefits of multilateral netting and integration into the core global FX processing. However it would depend on a very high degree of demand and a many regulatory approvals.
In many ways stablecoins compete directly with existing CLS services so it is also questionable the extent to which CLS may support their adoption.
Interoperability with Financial Sector Internal Systems
There are two main areas where the internal systems of financial sector firms would require modification. Their outward facing interfaces that would need to interact with a range of distributed ledgers (unless they outsource this interaction to third parties – essentially creating a new class of correspondent bank) and modifications to inward facing systems such as those belonging to the risk, finance, trading, operations and treasury departments. Perhaps the closet analogy was the creation of an offshore version of the Chinese Yuan, commonly known as “CNH.” Though no wholescale re-engineering was required, it did commonly require changes to be made across a great many systems to recognise the difference between CNH and the on-shore version of the Yuan, “CNY.” This had a particularly large impact for those banks offering services in CNH.
Having two versions (or more) of essentially the same currency creates a great deal of scope for confusion in trading, treasury and support processes. Subtle differences in liquidity and conversion costs also mean that the different versions of the same currency have to be treated differently in many different ways including charges, interest rates and the curves used in pricing positions.
Interoperability with Distributed Ledger Based Infrastructure
Interoperability with emerging infrastructure based on DLT is also likely to create a number of challenges.
Some forms of Market Infrastructure in-progress (or beta) such as ASX’s CHESS system (for securities settlement) and the HQLA-X system for exchange of High-Quality Liquid Assets for lower grade assets are essentially centralised systems that use elements of DLT as part of the overall system design. Interfaces would need to be like any other form of FMI. Those interfaces would need to take into consideration security, privacy and the need for agreed data standards. There would also be the complications of adding what is effectively a new currency.
One of the proposed methods of allowing interaction between different types of ledger or even different instances of the same DLT but recording different assets or used by different parties, is the Atomic Swap. Using this method, funds on the two different ledgers are only released when both parties acknowledge that assets have been transferred. If the two acknowledgements are not received within the agreed time, the assets will be transferred back to the original addresses.
Atomic Swaps are still an emerging technology that have been widely tested in cryptocurrencies. However on a theoretical level they raise governance issues. If assets are on ledgers ultimately controlled by two different parties, whose has governance over the transaction? It also provides an element of optionality to each party to change their mind about whether to go ahead with the transaction. They could simply not deliver and have their asset returned to them. There are similar problems in the current world. Some counterparties have high rates of settlement failure on securities related trades because of issues in their operational processes or systems. Others at times have financial incentives to allow trades to fail, which had created significant problems in the operation of the Repo market.19 This has resulted in stricter rules and fines in many jurisdictions.
Creating stablecoins as forms of either financial market infrastructure (i.e. used by multiple financial bodies in the case of USC or as essentially internal systems, as is in the case of JPM Coin, Wells Fargo Digital Cash or Signet) clearly does not require the use of any form of Distributed Ledger Technology. Most of the use cases ultimately involve some form of book transfer of funds within essentially the same systems. Allowing customers of the same bank to transfer funds between each other in real-time 24*7 at little to no cost is a service provided by many banks today. The only bottleneck to allowing this in other banks is either a lack of willingness to provide the service or the use of antiquated systems that rely on batch processing.
Liquidity issues out of hours
At the market level, real-time payments within a currency bloc, that settle in central bank money have been implemented using Real-Time Gross Settlement Systems in over 90 countries to date. Some of those payments systems such as the Eurosystem’s TARGET2 have been extended to support securities settlement (T2S) and smaller scale instant payments (TIPS). For the cross-border market CLS connects together the RTGS of 17 currencies to allow PVP settlement against central bank reserves.
The challenges faced in creating creditable stablecoins that can grow beyond simply supporting speculation in cryptocurrency trading are large. Stablecoins backed by Central Bank reserves require the explicit backing of the relevant central banks. Stablecoins such as Libra have attracted extreme scrutiny if not outright opposition from Central Banks and politicians both because of concerns over the stability of the financial system and a lack of trust by some politicians in Facebook as an organisation. Any stablecoin that is regarded as a key part of Financial Market Infrastructure is likely to be required to meet strict regulatory controls, reflecting the principles laid out by the BIS in “Principles for financial market infrastructures.”
Creating interoperability between the infrastructure on which stablecoins operate and existing infrastructure, not to mention potential future infrastructure that runs on different versions of DLT is a non-trivial task, not made any easier by the use of DLT. Such interoperability will be vital if stablecoins ever hope to be anything more than parallel RTGS systems.
Finally the obstacles that have been encountered by RTGS in managing liquidity are unlike to be removed by the use of DLT. In many countries the introduction of RTGS, identified the need to create mechanisms to ensure firms did not hold back payments, creating intra-day funding needs, intra-day credit risk and general systemic risk. If is very likely that if stablecoins were used in a significant volume of transactions there would be a need to introduce many of those measure described that had to introduced for RTGS such as Liquidity Savings Mechanisms.
Then there are the challenges with DLT. None of the various forms of DLT have proven themselves at scale and in a regulated environment and it is questionable whether they a better form of technology, even for implementing stablecoins that existing technologies.
Stablecoins may succeed in the long-run if they can demonstrate an ability to support better ways to manage liquidity including broader, if not continuous, settlement cycles for both money and securities. Finally one of the key concepts between more advanced forms of DLT such as Ethereum or Fabric was to allow parties to agree bilaterally or in groups to deploy agreed business logic in the form of “Smart Contracts” that can be executed when transactions are processed. This type of flexibility could be a potential path to the a higher degree of standardisation in processing financial transactions without the need to have a central, and inherently slow moving body, setting standards for a whole area of business or jurisdiction.
More than a couple of people have asked for an update to a popular post published 14 months ago.
What has changed?
Before we begin, a quick reminder: the basic security model behind proof-of-work (PoW) blockchains is to make it economically costly to successfully rewrite the chain’s history. Finite resources, whether it is in the form of electricity or semiconductors, have to be consumed.
Therefore, a PoW chain such as Bitcoin, cannot simultaneously be secure and inexpensive to operate. Because if it was inexpensive to operate it would also be inexpensive to successfully attack.
For Bitcoin, Bitmain announced its S17e system which can churn out 64TH/s. Each machine consumes ~2880 watts at the wall. The first of these units are scheduled to be shipped to customers in November (however other less powerful variants shipped during the summer).
The current Bitcoin hashrate has been oscillating around 100 million TH/s the past few weeks.
If the entire network was comprised of the unreleased S17e-based machines, there would be around 1.56 million of them. In a given year these would gulp down about 39.4 billion kWh. But we know that is not the case yet. Thus, this will serve as our lower bound.
Bitmain is also shipping several other newly released systems, including the T17e. Like its cousin above, the T17e also consumes about ~2880 at the wall. But it is not as efficient per hash: creating only 53 TH/s with the same amount of electricity.
Why manufacture and sell two (or more) different machines that draw roughly the same amount of power?
Cost. the T17e costs $1665 and the S17e is $2483. The target market for the T17e is supposedly for miners who have low or no electricity costs.
How many T17e’s would it take to generate the 100 million TH/s network hashrate? About 1.88 million; or an additional 300,000 more machines than the S17e.
A quick pause. these types of bulk purchases are not idle speculation. In the middle of last summer, during a two-week period of time, the equivalent of 100,000 mining machines was added to the Bitcoin network (likely early variants of the S17). This is a reversal from last November, wherein the equivalent of ~1.3 million S9s were taken offline during one month.
Again, we know that in practice that there are many more less efficient miners still online. But crunching the numbers, 1.88 million machines each pulling in 2.88 kWh over one entire year results in… ~47.6 billion kWh annually.
Another Bitmain machine purchasable today is the new T17 that generates 40 TH/s, drawing about 2200 watts at the wall. It would take about 2.5 million of these to generate the Bitcoin hashrate all while consuming… ~48.2 billion kWh per year.
To be thorough, Bitmain released the S9 SE in July which generates 16 TH/s, drawing 1280 watts. It’s unclear how many of these have been sold but if the entire network was comprised of these: 6.25 million would need to be used. And they would collectively guzzle ~70 billion kWh. This would be a plausible upper bound.
For comparison, if Bitcoin (T17) were its own country it would at minimum consume roughly the same amount of electricity as Romania or Algeria. If the network were comprised of just S9 SE’s, that’d be about the energy footprint of Austria. In either case, very little is value is produced in return… aside from memes and lots of social media posts. And no, despite historical revisionism by maximalists, “hodling” is not what Bitcoin was originally designed for.
As mentioned in the previous post: no other payment system on earth uses the same amount of electricity, let alone aggregate number of machines, as a PoW coin network. That is a dubious distinction.
In looking at my previous post you will see a similar figure. In August 2018, using the (older) S9 machine (~13 TH/s) as a baseline, the Bitcoin network consumed about ~50.5 billion kWh / year.1 Some of these types of machines (like the S9 SE) are still on.
Thus whenever you hear a PoW promoter claim that:
Bitcoin doesn’t use much electricity; or
Bitcoin’s electricity usage will naturally decline over time; or
Bitcoin is more efficient than traditional payment systems
You can rightly tell them all of those claims are empirically false. In fact, the only way for the resource demands of a PoW coin to decline is if there was a long decline in the coin price.
What do taxpayers – who underwrite the state-owned utility companies – get in return for subsidizing these energy guzzlers? New economic zones of growth and prosperity?
Nope. According to Chainalysis, in a given day more than 90% of activity on the Bitcoin network is simply movement from one intermediary to another. 2 Coin trading is by far the largest category.
And since most of these coin intermediaries increasingly require some form of KYC / AML compliance, the Bitcoin network has morphed into a expensive permissioned-on-permissionless network that has the drawbacks of both and the benefits of neither. There is no point in using PoW in a network in which all major participants are known: Sybils no longer exist.
A common refrain by PoW promoters is, Christmas lights and set-top boxes also consume huge amounts of energy!
First of all, that’s a whataboutism. But it also ignores how several Bitcoin mining manufacturers have actually tried to embed chips into these wares.
Bitmain has a couple of routers called the Antrouter that will mine either BTC or LTC for you.
As you can imagine, a fixed unit of labor eventually becomes unprofitable once difficulty levels increase. It’s the same fundamental problem that faced the 21.co toasters. Thus neither of these took off (the light bulb didn’t ship) even though retail users often keep both their home routers and living room lights on all day. Historically PoW equipment becomes e-waste fast and the last thing consumers want is embedded e-waste that guzzles electricity.3
We haven’t even touched on other PoW coins such as Ethereum, Bitcoin Cash, or Monero… but it is worth pointing out that nearly all of the money going to miners via the block reward is value leaking from the system, either to semiconductor manufacturers or state-owned utilities.
This isn’t idle speculation either, as Nvidia counted on massive consumption of its GPUs in early 2018 which didn’t materialize due to the crash in coin prices. This led to a glut of high-end GPUs in its channel partners, which hit Nvidia’s bottom line and was later reflected by a 50% decline in share prices (the same phenomenon impacted AMD too):
Apart from a couple of small investments, the value that a couple of semiconductor manufacturers or a clique of state-owned utilities receives via mining is money that is not being invested towards developing the chain itself.
And some of these mining manufacturers have privatized gains at the expense of taxpayers. For instance, Bitfury, used its political connections to obtain cheap land in the Republic of Georgia where it setup massive mining farms:
“The efforts have given Georgia, with 3.7 million people, a dubious distinction. It is now an energy guzzler, with nearly 10 percent of its energy output gone into the currency endeavor.”
In Kyrgyzstan, 45 “crypto” mining firms consumed more energy than three local regions combined:
“[They] consumed 136 megawatts of electricity, which is more than the amount consumed by three Kyrgyzstan regions: Issyk-Kul, Talas and Naryn.”
Uzbekistan’s Ministry of Energy has introduced a new bill that would dramatically increase the electricity price to miners who are viewed as being “very energy intensive.”
We could probably create an entire post on these types of stories too.
At least Bitcoin is “decentralized,” right?
While the farms may be geographically dispersed to areas with the cheapest electricity, the mining pools, mining manufacturers, and other infrastructure participants are a small and centralized enough group that they can fit into a hotel for regular conferences.
Unlike Bitcoin, Bitcoin Cash has seen a dramatic decline in hashrate since it peaked at over 5 million TH/s earlier in the summer. It is now oscillating around 2.5 million TH/s.
For Bitcoin Cash, with a Bitmain S17e system, remember it generates 64TH/s and consumes ~2880 watts at the wall. If the entire network was comprised of the unreleased S17e-based machines, there would be around 40,000 of them. In a given year these would use about 985 million kWh. This will serve as our lower bound.
Bitmain’s S9 SE generates 16 TH/s, drawing 1280 watts. It’s unclear how many of these have been sold but if the entire network was comprised of these: ~156,000 would need to be used. And they would collectively use ~1.75 billion kWh. This would be a plausible upper bound.
Not counting e-waste, that would put the energy usage of Bitcoin Cash somewhere around 150, betweenBenin and The Bahamas. Compared with last year (when it was around 122), this decline is largely due to the nearly 60% price decline in BCH. This once again illustrates that hashrate follows price (e.g., miners expend capital chasing seigniorage).
Coupled with “the thirdening” in February (in which block rewards declined from 3 to 2 ETH), and an overall decline in ETH prices, hashrate also declined over the past year:
According to Coinwarz, the hashrate is oscillating around 200 TH/s, about 1/3 it was when the previous article was written.
A proposed ASIC from Linzhi that hasn’t been built or shipped aims to generate 1400 MH/s with an electricity consumption level of 1 kWh. As the story goes:
To put those figures in perspective, NVIDIA’s GTX TitanV 8 card is now one of the most profitable piece of equipment on the ethash algorithm, able to compute 656 MH/s at an energy consumption level of 2.1 kWh, according to mining pool f2pool’s miner profitability index.
There are a couple of other ASICs on the market including one from Innosilicon and another from Bitmain. The previous post looked at the same Innosilicon A10 on the market, so to simplify things and because the Bitmain machine is roughly just as efficient, let’s reuse it here.
The A10 generates 485 MH/s and consumes ~850 W. The Ethereum network is around 200,000,000 MH/s. That’s the equivalent of 412,371 A10 machines.
Annually these would consume about 3.1 billion kWh per year. Around 132, about as much as Senegal or Papua New Guinea.
If we used the GTX TitanV 8 card, as described in the article above, we find that 304,878 GPUs would be used. These would consume 5.6 billion kWh per year. That’d be around the same amount that Mongolia does annually.
This is one of the reasons why Ethereum is transitioning over to proof-of-stake. As Vitalik Buterin said last year:
I would personally feel very unhappy if my main contribution to the world was adding Cyprus’s worth of electricity consumption to global warming.
Will the nebulously defined “DeFi” on an actual proof-of-stake system change the usage dynamics in the future?4
Litecoin, better known as Bitcoin’s other testnet, has seen its hashrate decline along with its price.
For simplicity sake, let’s call it an even 300 TH/s which coincidentally it was at 14 months ago too. CoinWarz says it is also currently around that, who are we to argue with them?
As mentioned in the previous article, Bitmain’s L3+ is still around. It generates ~500 MH/s with ~800 watts. A slightly more powerful L3++ is on the market as well.
There are the equivalent of about 600,000 L3+ machines generating hashes.
As an aggregate:
A single L3+ will consume 19.2 kWh per day
600,000 will consume 11.5 million kWh per day
Annually: 4.2 billion kWh per year
It would be placed around 124th, between Moldova and Cambodia.
According a distributor, the Antminer L3++ specifications:
Hash Rate: 580 MH/s ±5%
Power Consumption: 942W + 10% (at the wall, with APW3 ,93% efficiency, 25C ambient temp)
If only L3++’s were used, the outcome would be about the same. 5
This consumption is pretty absurd once we factor in things like how there is only a couple of active developers who basically just merge changes from Bitcoin into Litecoin.6 In other words, one of the largest PoW networks has very few users or developers, yet consumes the same amount of energy as Moldolva. How is that a socially useful innovation?
Note: an easy way to double-check our math on this specific one: the price of LTC is nearly the same today as it was 14 months ago. Ceteris paribus, miners will expend capital no higher than the coin price, to ‘win’ the seigniorage.
In terms of mining, it appears that several decisions makers (administrators?) in the Monero world really dislike ASICs. So much so that they routinely coordinate forks that include “ASIC-resistant” hashing algorithms. Stories like this are mostly just PR because we know that any PoW coin with a high enough value, will eventually become the target of an ASIC design team.7
From the chart above, you can clearly see when the forks occurred that added “ASIC-resistance.”
Compared with the previous article, the hashrate has declined by about 1/3rd to about 325 MH/s. And it is believed that most of this hashrate is generated by GPUs and CPUs.
There are lots of how-toguides for building a Monero mining rig. Rather than getting into the weeds, based on this crazy 12-card Vega build, the user was able to generate 28,100 hashes/sec and consume 1920 watts. That’s about 2341 hashes per card (more than 10% faster than the one used in the previous article).
That’s about 138,829 GPUs each sipping 160 watts. Altogether these consume 194 million kWh annually. That’s likely a lower bound for GPU mining.
If we reused the Vega 64 mentioned in the previous article, there would be about 162,500 GPUs at the current hashrate. These would consume around 228 million kWh annually.
Not surprisingly, coupled with the “ASIC-resistant” fork and a coin price decline of nearly 50%, this resulted in about 1/3 energy used from the previous year. But this is still not an upper bound because it is likely that CPUs contribute to a non-insignificant portion of the hashrate via persistent botnets and cryptojacking.
Based on the same electricity consumption chart as the others, Monero would be placed somewhere above Grenada and the Mariana Islands. Perhaps a bit higher if lots of CPUs are used. Remember, this is called CPU-cycle theft for a reason.8
In aggregate, based on the numbers above, these five PoW coins likely consume between 56.7 billion kWh and 81.8 billion kWh annually. That’s somewhere around Switzerland on the low end to Finland or Pakistan near the upper end. It is likely much closer to the upper bound because the calculations above all assumed little energy loss ‘at the wall’ when in fact there is often 10% or more energy loss depending on the setup.
This is a little lower than last year, where we used a similar method and found that these PoW networks may consume as much resources as The Netherlands. Why the decline? All of it is due to the large decline in coin prices over the preceding time period. Again, miners will consume resources up to the value of a block reward wherein the marginal cost to mine equals the marginal value of the coin (MC=MV).9
This did not include other PoW coins such as Dash, Ethereum Classic, or Bitcoin SV… although it is likely that based on their current coin value they each probably consume less than either Litecoin or Bitcoin Cash.
Thus to answer the original question at the beginning, the answer is no.
PoW networks still consume massive amounts of electricity and semiconductors that could otherwise have been used in other endeavors. Some of these power plants could be shut down entirely. PoW-based cryptocurrencies crowd out and bid up the prices of semiconductor components.10 Apart from a few stories designed to pull on our heartstrings, little evidence exists (yet) for PoW coins creating socially useful economic output beyond moving coins from one intermediary to another.
And because most coins are mined via single-use ASICs, they generate large amounts of e-waste which leaks value from towards a small clique of semiconductor manufacturers and (mostly) state-owned utilities, neither of whom typically contribute back to the coin ecosystem.11 Will this change in the next 14 months?
I – and many others – have written about this before. PoW mining is a Red Queen’s race — miners are incentivized via block rewards to expend additional capital on mining, but the total reward available to miners is fixed. Thus while chip efficiency may increase each generation, miners as a whole increase capital outlays for equipment rather than reduce. [↩]
According to The Token Analyst, nearly 7% of all mined bitcoins reside in exchanges. [↩]
Another way some have used to describe Bitcoin is an ASIC-based proof-of-stake. But really it is DPOS but not with the “D” that you may be thinking. Since mining equipment rapidly depreciates (with a typical lifespan of less than 18 months), Bitcoin arguably uses depreciating proof-of-stake. [↩]
According to both DappRadar and State of the Dapps, there has been about a marketed increase in “users” and Dapps (although they combine all Dapp platforms, not just Ethereum). [↩]
Although obviously, as in all examples above, there are loses in efficiency as the energy travels from the power plant all the way through the grid and into a home or office. [↩]
If there is only one actual developer maintaining the Litecoin codebase, how is this ‘sufficiently decentralized’ or not an administrator under FinCEN’s definition? Even the “official” foundation is basically out of funds. [↩]
Wouldn’t it be interesting if a few botnet operators or sites like The Pirate Bay were moonlighting as Monero developers, so they could directly benefit from CPU mining? [↩]
Outright theft continually takes place. For instance, a Singaporean allegedly stole $5 million worth of computing power to mine bitcoin and ether, and “for a brief period, was one of Amazon Web Services (AWS) largest consumers of data usage by volume.” [↩]