Thursday, May 9, 2019

Immutability FTW!

There's an apparently apocryphal story that when Willie Sutton, the notorious bank robber of the 1930s  to 1950s, was asked why he robbed banks, he answered:
Because that's where the money is!
Today's Willie Suttons don't need a disguise or an (unloaded) Thompson submachine gun, because they rob cryptocurrency exchanges. As David Gerard writes:
Crypto exchange hacks are incredibly rare, and only happen every month or so.
Yesterday Bloomberg reported:
Binance, one of the world’s largest cryptocurrency exchanges, said hackers withdrew 7,000 Bitcoins worth about $40 million via a single transaction in a “large scale security breach,” the latest in a long line of thefts in the digital currency space.
Below the fold, a few thoughts:

BTC-USD on Coinbase 5/8/19
First, "7,000 Bitcoins worth about $40 million" implies 1BTC ≅ $5,700. Just before the news 1BTC ≅ $5,900 on Coinbase, an exchange where it is possible to sell BTC for USD, On the news it dropped to $5,700 before recovering to around $5,800.

But in order to allow customers to withdraw USD, Coinbase conforms to the Know Your Customer/Anti-Money-Laundering laws. So it is unlikely that the perpetrators could use any of the BTC-USD exchanges to turn their ill-gotten BTC into USD. They would have to use a less scrupulous exchange, which means they'd end up with USDT (Tether) not USD.

Since the New York State Attorney General sued Bitfinex, the exchange that sponsors Tether, and revealed an $850M hole in Tether's reserve, Tether was forced to admit that it was not backed 100% by USD. They now claim only 74%, but there has never been an independent audit to confirm their USD holdings. Despite this, the USDT-USD rate has held up well although customers are fleeing Bitfinex. Because USDT is so central to cryptocurrency trading, it has become too big to fail. But the converse of this is that if it does fail, the whole house of cards collapses.

Even assuming the perpetrators could trade their BTC for USD, what effect would selling 7,000BTC have on the price? Cryptocurrency markets are heavily manipulated; around 95% of all cryptocurrency trades are fake. Apart from the fake trades, the markets are not very liquid, as the Mt. Gox bankruptcy trustee found out:
An upset Mt. Gox creditor analyses the data from the bankruptcy trustee’s sale of bitcoins. He thinks he’s demonstrated incompetent dumping by the trustee — but actually shows that a “market cap” made of 18 million BTC can be crashed by selling 60,000 BTC, over months, at market prices, which suggests there is no market.
So the stolen 7,000 BTC are in practice unlikely to end up worth anything close to $40M. Still good for the perpetrators, but not so good for the journalists reporting on the theft.

Second, the initial response from the CEO of Binance is revealing:
In the wake of a multimillion-dollar hack Tuesday, Changpeng Zhao, the CEO of cryptocurrency exchange startup Binance publicly discussed whether the company might seek to encourage bitcoin miners and node operators to “rollback” the bitcoin blockchain, reversing transactions confirmed by the network to return the funds. ... Zhao said:
“To be honest, we can actually do this probably within the next few days. But there are concerns that if we do a rollback on the bitcoin network at that scale, it may have some negative consequences, in terms of destroying the credibility for bitcoin.”
Mining Pools 05/08/19
Zhao is right that Binance could have paid for a rollback. They would only have to have persuaded 4 mining pools to do it. 7,000 BTC is the reward for nearly 4 days of mining, so they would have had a lot of BTC to do the persuasion with.

The whole point of the blockchain technology underlying cryptocurrencies is to implement an "immutable public ledger", and thus make transactions irreversible. But, as we saw with the great DAO heist, the first reaction to a major theft is to consider a "hard fork" to reverse the transaction. Because immutability is for the little guys, not for us:
  • Immutability of blockchain ledgers is sold as being enforced by the technology, but as we see it is really enforced socially.
  • Ifa ledger is really immutable it is a "be careful what you wish for" thing, because in the real world it works well until it doesn't.
Binance have suspended withdrawals, but have promised to make good customer losses. However, as David Gerard reports, there is much less to this promise than meets the eye:
Binance has reassured customers that their SAFU insurance fund fully covers the loss, and customers will not be out anything.

The SAFU fund was created after July 2018 irregularities on the exchange involving Syscoin, a minor altcoin. SAFU contains only Binance’s own BNB on-exchange token — and the July 2018 compensation to affected traders was paid out in BNB.
...
That’s at least 188,000 bitcoins that can’t be sold on real markets for a week. The Bitcoin price on Binance is likely to diverge wildly from the prices on exchanges still open to withdrawals.

Binance itself — and insiders — would be able to move their coins off just fine. The price differences would create remarkable arbitrage opportunities, and ability to capture what liquidity exists in the markets — for those privileged few who can still deposit and withdraw.
The transaction that removed the 7,000 BTC was confirmed with 7.5 BTC, or about 0.1% of its value. Recent game-theoretic analysis suggests that there are strong economic limits to the security of cryptocurrency-based blockchains. For safety, the total value of transactions in a block needs to be less than the value of the block reward. Which kind of spoils the whole idea, doesn't it?

4 comments:

David. said...

To the moon! BTC is back over $7400! This just might be related to the $800M in new Tether injected into the market in the last month. Large infusions of USDT tend to be correlated with legal woes for Bitfinex and Tether, such as December 2017's CFTC issues and the recent NY Attorney General's suit.

David. said...

David Gerard's commentary on the spike in BTC is here:

"It’s frankly implausible that someone spent $800 million of actual US dollars buying tethers in the past month, on the assumption that Tether constitutes a trustworthy financial institution.

Why? Because this last month was when it came out that there was an $850 million hole in Tether’s accounts. Because they were using a blatant money launderer as their payment processor — and the money was either seized by the authorities, or stolen by the company in question.
...
But, Bitfinex/Tether are patching up the hole in their accounts. Bitfinex claimed today to have sold $1 billion worth of its LEO exchange tokens in ten days, for $1 billion worth of cryptos. Perhaps they did!"

David. said...

Two gems from David Gerard's latest post:

"I’ve had people try to tell me the Bitcoin price rise is linked to coverage of Flexa’s new thing — “Large retailers including Starbucsks, Amazon, Whole Foods, Barnes & Noble and Crate and Barrel, will accept crypto payments starting today.” — which correctly translates as: they will continue to accept only conventional money, but now there’s two more middlemen if you want to pay with crypto. Adding middlemen was the point of crypto, right?"

And:

"The Stellar XLM blockchain went down yesterday — Tim Swanson describes how “a critical mass of nodes went down causing a cascading failure and so the entire network went down.” It also turns out that you can take Stellar down by taking out just two nodes. Fortunately, nobody uses Stellar."

Decentralization FTW!

David. said...

David Gerard reports on the latest squeeze on the crypto margin traders:

"The price of Bitcoin went from $4000 in early April, to $6000 on 9 May, to $8000 one week later on 16 May — and Bitcoin fans treated this as only its right and natural due. Number go up!
...
The Bitcoin price is a game for “whales” — the largest traders — to wreck the smaller players. The prize is whatever small amounts of actual-money dollars come into the crypto market.

And then the price dropped again — from a single transaction, around 02:50 UTC on Friday 17 May — in the biggest single-day dip since January 2018."

Stuff like this is why the BTC "price" has quotes around it.