Wednesday, December 8, 2021

Talk at TTI/Vanguard Conference

I was invited to present to the TTI/Vanguard Conference. The abstract of my talk, entitled Can We Mitigate Cryptocurrencies' Externalities? was:
Bitcoin is notorious for consuming as much electricity as the Netherlands, but there are around 10,000 other cryptocurrencies, most using similar infrastructure and thus also in aggregate consuming unsustainable amounts of electricity. This is far from the only externality the cryptocurrency mania imposes upon the world. Among the others are that Bitcoin alone generates as much e-waste as the Netherlands, that cryptocurrencies enable a $5.2B/year ransomware industry, that they have disrupted supply chains for GPUs, hard disks, SSDs and other chips, that they have made it impossible for web services to offer free tiers, and that they are responsible for a massive crime wave including fraud, theft, tax evasion, funding of rogue states such as North Korea, drug smuggling, and even armed robbery. In return they offer no social benefit beyond speculation. Is it possible to mitigate these societal harms?
The text with links to the sources is below the fold.

[Slide 1: Title]
I'd like to thank John Markoff for inviting me to present to this amazing conference. You don't need to take notes; when I stop talking the text of my talk with links to the sources and much additional material will be at I'm aiming for 10 minutes for questions at the end. Before I start talking about cryptocurrencies, I should stress that I hold no long or short positions in cryptocurrencies, their derivatives or related companies; I am long Nvidia. Unlike most people discussing them, I am not "talking my book".

Cryptocurrencies' roots lie deep in the libertarian culture of Silicon Valley and the cypherpunks. Libertarianism's attraction is based on ignoring externalities, and cryptocurrencies are no exception.

[Slide 2: Externalities]
Bitcoin is notorious for consuming as much electricity as the Netherlands, but there are around 10,000 other cryptocurrencies, most using similar infrastructure and thus also in aggregate consuming unsustainable amounts of electricity. This is far from the only externality the cryptocurrency mania imposes upon the world. Among the others are that Bitcoin alone generates as much e-waste as the Netherlands, that cryptocurrencies suffer an epidemic of pump-and-dump schemes and wash trading, that they enable a $5.2B/year ransomware industry, that they have disrupted supply chains for GPUs, hard disks, SSDs and other chips, that they have made it impossible for web services to offer free tiers, and that they are responsible for a massive crime wave including fraud, theft, tax evasion, funding of rogue states such as North Korea, drug smuggling, and even as documented by Jameson Lopp's list of physical attacks, armed robbery, kidnapping, torture and murder.

[Slide 3: Alecus]
Alecus, El Diario de Hoy
The attempt to force El Salvador's population to use cryptocurrency is a fiasco. They offer no significant social benefit beyond speculation; Igor Makarov and Antoinette Schoar write:
90% of transaction volume on the Bitcoin blockchain is not tied to economically meaningful activities but is the byproduct of the Bitcoin protocol design as well as the preference of many participants for anonymity. ... the vast majority of Bitcoin transactions between real entities are for trading and speculative purposes
exchanges play a central role in the Bitcoin system. They explain 75% of real Bitcoin volume
Our results do not support the idea that the high valuation of cryptocurrencies is based on the demand from illegal transactions. Instead, they suggest that the majority of Bitcoin transactions is linked to speculation.
[Slide 4: "Transaction" Rate]
Bitcoin is only processing around 27K "economically meaningful" transactions/day. And 75% of those are transactions between exchanges, so only 2.5% of the "transactions" are real blockchain-based transfers involving individuals. That's less than 5 per minute.

What are the causes of these costs that cryptocurrency users are happy to impose on the rest of us? Fundamentally, they arise from four attributes that cryptocurrencies promise, but in practice don't guarantee:
  • Decentralization
  • Immutability
  • Trustlessness
  • Anonymity


Nakamoto's motivation for Bitcoin was distrust of institutions, especially central banks. When it launched in the early stage of the Global Financial Crisis, this had resonance. The key to a system that involves less trust is decentralization.

[Slide 5: Resilience]
Why do suspension bridges have stranded cables not solid rods? The major reason is that solid rods would fail suddenly and catastrophically, whereas stranded cables fail slowly and make alarming noises while they do. We build software systems out of solid rods; they fail abruptly and completely. Most are designed to perform their tasks as fast as possible, so that when they are compromised, they perform the attacker's tasks as fast as possible. Changing this, making systems that are resilient, ductile like copper not brittle like glass, is an extraordinarily difficult problem in software engineering.

I got interested in it when, burnt out after three startups all of which IPO-ed, I started work at the Stanford Library on the problem of keeping digital information safe for the long term. This work won my co-authors and I a "Best Paper" award at the prestigious 2003 Symposium on Operating System Principles for a decentralized consensus system using Proof-of-Work. When, five years later, Satoshi Nakamoto published the Bitcoin protocol, a cryptocurrency based on a decentralized consensus mechanism using proof-of-work, I was naturally interested in how it turned out.

Decentralization is a necessary but insufficient requirement for system resilience. Centralized systems have a single locus of control. Subvert it, and the system is at your mercy. It only took six years for Bitcoin to fail Nakamto's goal of decentralization, with one mining pool controlling more than half the mining power. In the seven years since no more than five pools have always controlled a majority of the mining power.

[Slide 6: Economies of Scale]
In 2014 I wrote Economies of Scale in Peer-to-Peer Networks, explaining the economic cause of this failure. Briefly, this is an example of the phenomenon described by W. Brian Arthur in 1994's Increasing returns and path dependence in the economy. Information technologies have strong economies of scale, so the larger the miner the lower their costs, and thus the greater their profit, and thus the greater their market share.

"Blockchain" is unfortunately a term used to describe two completely different technologies, which have in common only that they both use a data structure called a Merkle Tree, commonly in the form patented by Stuart Haber and Scott Stornetta in 1990. This is a linear chain of blocks each including the hash of the previous block. Permissioned blockchains have a central authority controlling which network nodes can add blocks to the chain, and are thus not decentralized, whereas permissionless blockchains such as Bitcoin's do not; this difference is fundamental:
  • Permissioned blockchains can use well-established and relatively efficient techniques such as Byzantine Fault Tolerance, and thus don't have significant carbon footprints. These techniques ensure that each node in the network has performed the same computation on the same data to arrive at the same state for the next block in the chain. This is a consensus mechanism.
  • In principle each node in a permissionless blockchain's network can perform a different computation on different data to arrive at a different state for the next block in the chain. Which of these blocks ends up in the chain is determined by a randomized, biased election mechanism. For example, in Proof-of-Work blockchains such as Bitcoin's a node wins election by being the first to solve a puzzle. The length of time it takes to solve the puzzle is random, but the probability of being first is biased, it is proportional to the compute power the node uses. Initially, because of network latencies, nodes may disagree as to the next block in the chain, but eventually it will become clear which block gained the most acceptance among the nodes. This is why a Bitcoin transaction should not be regarded as final until it is six blocks from the head.
[Slide 7: Blockchain Patent Filed 1990]
Discussing "blockchains" and their externalities without specifying permissionless or permissioned is meaningless, they are completely different technologies. One is 30 years old, the other is 13 years old.

Why are economies of scale a fundamental problem for decentralized systems? Because there is no central authority controlling who can participate, decentralized consensus systems must defend against Sybil attacks, in which the attacker creates a majority of seemingly independent participants which are secretly under his control. The defense is to ensure that the reward for a successful Sybil attack is less than the cost of mounting it. Thus participation must be expensive, and so will be subject to economies of scale. They will drive the system to centralize. So the expenditure in attempting to ensure that the system is decentralized is a futile waste.

Most cryptocurrencies impose these costs, as our earlier system did, using Proof-of-Work. It was a brilliant idea when Cynthia Dwork and Moni Naor originated it in 1992, being both simple and effective. But when it is required to make participation expensive enough for a trillion-dollar cryptocurrency it has an unsustainable carbon footprint.

[Slide 8: Bitcoin Energy Consumption]
The leading source for estimating Bitcoin's electricity consumption is the Cambridge Bitcoin Energy Consumption Index, whose current central estimate is 117TWh/year.

Adjusting Christian Stoll et al's 2018 estimate of Bitcoin's carbon footprint to the current CBECI estimate gives a range of about 50.4 to 125.7 MtCO2/yr for Bitcoin's opex emissions, or between Portugal and Myanmar. Unfortunately, this is likely to be a considerable underestimate. Bitcoin's growing e-waste problem by Alex de Vries and Christian Stoll concludes that:
Bitcoin's annual e-waste generation adds up to 30.7 metric kilotons as of May 2021. This level is comparable to the small IT equipment waste produced by a country such as the Netherlands.
That's an average of one whole MacBook Air of e-waste per "economically meaningful" transaction.

[Slide 9: Facebook & Google Carbon Footprints]
The reason for this extraordinary waste is that the profitability of mining depends on the energy consumed per hash, and the rapid development of mining ASICs means that they rapidly become uncompetitive. de Vries and Stoll estimate that the average service life is less than 16 months. This mountain of e-waste contains embedded carbon emissions from its manufacture, transport and disposal. These graphs show that for Facebook and Google data centers, capex emissions are at least as great as the opex emissions[1].

Cryptocurrencies assume that society is committed to this waste of energy and hardware forever. Their response is frantic greenwashing, such as claiming that because Bitcoin mining allows an obsolete, uncompetitive coal-burning plant near St. Louis to continue burning coal it is somehow good for the environment[2].

But, they argue, mining can use renewable energy. First, at present it doesn't. For example, Luxxfolio implemented their commitment to 100% renewable energy by buying 15 megawatts of coal-fired power from the Navajo Nation!.

Second, even if it were true that cryptocurrencies ran on renewable power, the idea that it is OK for speculation to waste vast amounts of renewable power assumes that doing so doesn't compete with more socially valuable uses for renewables, or indeed for power in general.

[Slide 10: Energy Return on Investment]
Delannoy et al Fig 2
Right now the world is short of power; one major reason that China banned cryptocurrency mining was that they needed their limited supplies of power to keep factories running and homes warm. Shortage of energy isn't a short-term problem. This graph is from Peak oil and the low-carbon energy transition: A net-energy perspective by Louis Delannoy et al showing that as the easiest deposits are exploited first, the Energy Return On Investment, measuring the fraction of the total energy extracted delivered to consumers, decreases.

[Slide 11: Oil Energy Gross vs. Net]
Delannoy et al Fig 1
Delannoy et al's Figure 1 shows the gross and net oil energy history and projects it to 2050. The gross energy, and thus the carbon emission, peaks around 2035, but because the energy used in extraction (the top yellow band) increases rapidly, the net energy peaks in about 5 years.

[Slide 12: CO2 Emission Trajectories]
This is a problem for two reasons. If society is to survive:
  • Carbon emissions need start decreasing now, not in a decade and a half.
  • Renewables need to be deployed very rapidly.
Deploying renewables consumes energy, which is paid back during their initial operation. Thus during the transition to renewable power it consumes energy, reducing that available for other uses[3]. The world cannot afford to waste a Netherlands' worth of energy on speculation that could instead be deploying renewables.

If cryptocurrency speculation is to continue, it needs to vastly reduce its carbon footprint by eliminating Proof-of-Work. The two major candidates are Proof-of-Space-and-Time and Proof-of-Stake. Unfortunately, as I detail in Alternatives To Proof-of-Work, both lack the simplicity and effectiveness of Proof-of-Work.

Proof-of-Space-and-Time attempts to make participation expensive by wasting storage instead of computation. The highest-profile such effort is Bram Cohen's Chia, funded by Andreesen Horowitz, the "Softbank of crypto". Chia's "space farmers" create and store "plots" consisting of large amounts of otherwise useless data.

[Slide 13: Chia]
The software was ingenious, but the design suffered from naiveté about storage media and markets. When it launched in May, gullible farmers rushed to buy hard disks and SSDs. By July, the capital tied up in farming hardware was around six times the market cap of the Chia coin. Chia's CEO described the result:
"we've kind of destroyed the short-term supply chain"
Disk vendors were forced to explain that Chia farming voided the media's warranty. Just as with GPUs, the used market was flooded with burnt-out storage. Chia's coin initially traded at $1934 before dropping more than 90% — last I looked it was $109. I expect A16Z made money, but everyone else had to deal with the costs. Chia doesn't use much electricity, more to do with failure than with the technology, but does have a major e-waste problem.

[Slide 14: Proof of Stake Sucks]
Bram Cohen's opinion
The costs that Proof-of-Stake imposes to make participation expensive are the risk of loss of and the foregone interest on the "stake", an escrowed amount of the cryptocurrency itself. This has two philosophical problems:
  • It isn't just that the Gini coefficients of cryptocurrencies are extremely high[4], but that Proof-of-Stake makes this a self-reinforcing problem. Because the rewards for mining new blocks, and the fees for including transactions in blocks, flow to the HODL-ers in proportion to their HODL-ings, whatever Gini coefficient the systems starts out with will always increase. Proof-of-Stake isn't effective at decentralization.
  • Cryptocurrency whales are believers in "number go up". The eventual progress of their coin "to the moon!" means that the temporary costs of staking are irrelevant.
There are also a host of severe technical problems. The accomplished Ethereum team have been making a praiseworthy effort to overcome them for more than 7 years and are still more than a year away from being able to migrate off Proof-of-Work. Among the problems is that at intervals Proof-of-Stake blockchains need to achieve consensus on checkpoints, using a different consensus mechanism from that used to add blocks. I discuss 16 of these problems in Alternatives To Proof-of-Work.

[Slide 15:Centralization Risk]
Yulin Cheng wrote:
According to the list of accounts powered up on March. 2, the three exchanges collectively put in over 42 million STEEM Power (SP).

With an overwhelming amount of stake, the Steemit team was then able to unilaterally implement hard fork 22.5 to regain their stake and vote out all top 20 community witnesses – server operators responsible for block production – using account @dev365 as a proxy. In the current list of Steem witnesses, Steemit and TRON’s own witnesses took up the first 20 slots.
Vitalik Buterin pointed out that lack of decentralization was a security risk in 2017, and this was amply borne out last year when Justin Sun conspired with three exchanges, staking their customers coins to take over the Steem Proof-of-Stake blockchain. Pushing back against the economic forces centralizing these systems is extremely difficult.

The last time Ethereum attempted to migrate the mining technology, in 2016 to fix the bug that enabled the DAO disaster, a fraction of the miners refused the upgrade[5]. The great block-size debate showed how resistant Bitcoin is to technical change. Even if a low-carbon alternative to Proof-of-Work were as effective it would likely not be adopted in the face of sunk costs and risk-averse investors.

[Slide 16: Top 2 ETH Pools = 53.9%]
The advantage of permissionless over permissioned blockchains is claimed to be decentralization. How has that worked out in practice?

As has been true for the last seven years, no more than five mining pools control the majority of the Bitcoin mining power and last month two pools controlled the majority of Ethereum mining. Makarov and Schoar write:
Six out of the largest mining pools are registered in China and have strong ties to Bitmain Techonologies, which is the largest producer of Bitcoin mining hardware, The only non-Chinses [sic] pool among the largest pools is SlushPool, which is registered in the Czech Republic.
[Slide 17: Centralized Mining]
Makarov and Schoar write:
Bitcoin mining capacity is highly concentrated and has been for the last five years. The top 10% of miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity. Furthermore, this concentration of mining capacity is counter cyclical and varies with the Bitcoin price. It decreases following sharp increases in the Bitcoin price and increases in periods when the price drops ... the risk of a 51% attack increases in times when the Bitcoin price drops precipitously or following the halving events.
It isn't just the mining pools that are centralized. The top 10% of miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity. This centralization doesn't just increase the system's technical risk, but also its legal risk. The reason is that in almost all cryptocurrencies a transaction wishing to be confirmed is submitted to a public "mempool" of pending transactions. The mining pools choose transactions from there to include in the blocks they attempt to mine. This, as Nicholas Weaver points out, means that mining pools are providing money transmission services under US law:
[Slide 18: 31 CFR § 1010.100]
The term "money transmission services" means the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.
Thus, in the US, they are required to follow the Anti-Money Laundering/Know Your Customer (AML/KYC) rules as enforced by the Financial Crimes Enforcement Network (FinCEN)[6]. The only pool to try following them:
stopped doing this because the larger Bitcoin community objects to the idea of attempting to restrict Bitcoin to legal uses!
Most countries follow FinCEN's lead because the penalty for not doing so can be loss of access to the Western world's banking system.

As Adem Efe Gencer et al pointed out:
a Byzantine quorum system of size 20 could achieve better decentralization than proof-of-work mining at a much lower resource cost.
Thus the only reason for the massive carbon footprint of Proof-of-Work and the complexity and risk of the alternatives is to maintain the illusion of decentralization. Alas, it is unlikely that any alternative defense against Sybil attacks will be widely enough adopted to mitigate Proof-of-Work's carbon emissions.


[Slide 19: Immutability]
Immutability is one of the two things that make the cryptocurrency crime wave so effective. These systems are brittle, make a single momentary mistake and your assets are irretrievable.

Immutability sounds like a great idea when everything is going to plan, but in the real world mistakes are inevitable. Lets take a few recent examples — the $23M fee Bitfinex paid for a $100K transaction, or the $19M oopsie at Indexed Finance, or the $31M oopsie at MonoX, or the $90M oopsie at Compound and the subsequent $67M oopsie, all of which left the perpetrators pleading with the benficiaries to return the loot. And in Compound's case threatening its customers with the ultimate crypto punishment, reporting them to the IRS. $12B in DeFi thefts so far, or about 5% of all the funds[7].

[Slide 20: Trammell Hudson]
Vulnerabilities are equally inevitable, as we see with the $38M, $19M and $130M hacks of Cream Finance this year, last week's $115M hack of BadgerDAO, Sunday's $196M hack of BitMart,and of course the $600M hack of Poly Network. As Trammell Hudson says, "Smart contracts should be considered self-funded bug-bounty platforms".

The centralization of Ethereum's mining pools and exchanges allowed Poly Network to persuade them to blacklist the addresses involved. This made it very difficult for the miscreant to escape with the loot, much of which was returned. But it also vividly demonstrated that in most blockchains it is the mining pools that decide which transactions make it into a block, and are thus executed. The small number of dominant mining pools can effectively prevent addresses from transacting, and can prioritize transactions from favored addresses. They can also allow transactions to avoid the public mempool, to prevent them being front-run by bots. This turned out to be useful when a small group of white hats discovered a vulnerability in a smart contract holding $9.6M.

The key point of Escaping the Dark Forest, Samczsun's account of their night's work, is that, after the group spotted the vulnerability and built a transaction to rescue the funds, they could not put the rescue transaction in the public mempool because it would have been front-run by a bot. They had to find a miner who would put the transaction in a block without it appearing in the mempool. In other words, their transaction needed a dark pool. And they had to trust the cooperative miner not to front-run it.

[Slide 21: Ether Mining Pools 11/02/20]
Ether miners 11/2/20
Ethereum is, fortunately, very far from decentralized, being centralized around a small number of large pools. Thus, the group needed a trusted pool not an individual miner. At the time, the three largest pools mined more than half the blocks between them, so only three calls would have been needed to have a very good chance that the transaction would appear in one of the next few blocks.


Just as economics forces theoretically decentralized blockchain-based systems in practice to be centralized, economics forces theoretically trustless blockchain-based systems in practice to require trusting third parties. As with the equity markets trusted third parties are needed to run "dark pools" to prevent trades being front-run by bots. The lure of profit means that sometimes this trust will be misplaced. For example, Barclays was fined $70M for selling high-frequency traders access to its dark pool.

Although there are informal methods like these of recovering from mistakes, they aren't very effective in general, and hardly effective at all in case of crime. Implementing mutability at the blockchain level requires trust, and trust requires a reliable identity for the locus of trust. Most activity in cryptocurrencies actually uses trusted third parties, exchanges, that are layered above the blockchain itself. These use conventional Web-based identities and are routinely compromised. In most cases immutability means the pilfered funds are not recovered.

But, more fundamentally, the entire cryptocurrency ecosystem depends upon a trusted third party, Tether, which acts as a central bank issuing the "stablecoins" that cryptocurrencies are priced against and traded in[8]. This is despite the fact that Tether is known to be untrustworthy, having consistently lied about its reserves.


[Slide 22: Anonymity]
Makarov and Schoar write[9]:
First, non-KYC entities serve as a gateway for money laundering and other gray activities.
Second, even if KYC entities were restricted to deal exclusively with other KYC entities, preventing inflows of tainted funds would still be nearly impossible, unless one was willing to put severe restrictions on who can transact with whom
Finally, notice that while transacting in cash and storing cash involve substantial costs and operational risks, transacting in cryptocurrencies and storing them are essentially costless (apart from fluctuation in value).
The other main enabler of the cryptocurrency crime spree is the prospect of transactions that aren't merely immutable but are also anonymous. Anonymity for small transactions is important, but for large transactions it provides the infrastructure for major crime. In the physical world cash is anonymous, but it has the valuable property that the cost and difficulty of transacting increase strongly with size. KYC/AML and other regulations leverage this. Cryptocurrencies lack this property. The ease with which cryptocurrency can be transferred between institutions that do, and do not, observe the KYC/AML regulations means that absent robust action by the US, the KYC/AML regime is doomed.

[Slide 23: The Coming Ransomware Storm]
Stephen Diehl writes in The Oncoming Ransomware Storm:
Go to your local bank branch and try to wire transfer $200,000 to an anonymous stranger in Russia and see how that works out. Modern ransomware could not exist without Bitcoin, it has poured gasoline on a fire we may not be able to put out.

When you create a loophole channel (however flawed) for parties to engage in illicit financing of anonymous entities beyond the control of law enforcement, it turns out a lot of shady businesses models that are otherwise prevented move from being impractical and risky to perversely incentivized. Ransomware is now very lucrative to the point where there is a whole secondary market of vendors selling Ransomware as a Service picks and shovels to the criminals.
The most serious crime enabled by anonymity is ransomware, which is regularly crippling essential infrastructure such as oil pipelines and hospital systems, to say nothing of the losses to business large and small. This business is estimated to gross $5.2B/year and is growing rapidly, aided by a network of specialist service providers. This is just the ransom payments, the actual externalities include the much larger costs of recovering from the attacks.

There are cryptocurrencies that provide almost complete anonymity using sophisticated cryptography[10]. For example Monero:
Observers cannot decipher addresses trading monero, transaction amounts, address balances, or transaction histories.
Monero has become the cryptocurrency of choice for major ransomware gangs, who charge 10% extra for payment in Bitcoin, and plan to insist on Monero in future. It is also the coin of choice for crypto-mining malware, as it is also ASIC-resistant.

Bitcoin and similar cryptocurrencies are pseudonymous not anonymous. Anyone can create and use an essentially unlimited number of pseudonyms (addresses), but transactions and balances using them are public. A newly minted pseudonym cannot be deanonymized, but as it becomes enmeshed in the public web of transactions maintaining anonymity takes more operational security than most users can manage.

Users are aware of the risk that their transactions can be traced, so many engage in wash transactions between addresses they control, and use mixers and tumblers to mingle their coins with those of other miscreants. Because it is almost impossible to actually buy legal goods with Bitcoin, at some point a HODL-er needs to use an exchange to obtain fiat currency[11]. This risks having their identity connected into the web of transactions on the blockchain. Makarov and Schoar conclude:
90% of transaction volume on the Bitcoin blockchain is not tied to economically meaningful activities but is the byproduct of the Bitcoin protocol design as well as the preference of many participants for anonymity.
In other words, 90% of Bitcoin's carbon footprint is used in a partially successful attempt to compensate for its deficient anonymity.

Because there are existing alternatives that provide greatly increased anonymity, attempts to mitigate the externalities of pseudonoymous cryptocurrencies are likely to be self-defeating. As the ransomware industry shows, users will migrate to these alternatives, reducing the effectiveness of chain analysis.


The prospects for mitigating each of the four attributes are dismal:
  • Decentralization: although the techniques used to implement decentralization are effective in theory, at scale emergent economic effects render them ineffective. Despite this, decentralization is fundamental to the cryptocurrency ideology, making mitigation of its externalities effectively impossible.
  • Immutability: although mutability is necessary in the real world of mistakes and crime, implementing it in a decentralized system and thereby mitigating its externalities is an unsolved problem.
  • Trustlessness: even if you think this would be a good thing, it is impractical[12].
  • Anonymity: attempts to mitigate its externalities are likely to be self-defeating.
Thus it seems highly unlikely that any effort to mitigate cryptocurrencies' externalities would succeed[13].

[Slide 24: Conclusions]
Thus we can conclude that:
  1. Permissioned blockchains do not need a cryptocurrency to defend against Sybil attacks, and thus do not have significant externalities.
  2. Permissionless blockchains require a cryptocurrency, and thus necessarily impose all the externalities I have described except the carbon footprint.
  3. If successful, permissionless blockchains using Proof-of-Work, or any other way to waste a real resource as a Sybil defense, have unacceptable carbon footprints.
  4. Whatever Sybil defense they use, economics forces successful permissionless blockchains to centralize; there is no justification for wasting resources in a doomed attempt at decentralization.
I've talked for about half an hour, but the answer to the question "Can We Mitigate The Externalities Of Cryptocurrencies?" could have been immediately deduced from Betteridge's Law of Headlines, which states:
Any headline that ends in a question mark can be answered by the word no.
Given this, and the fact that cryptocurrencies are designed to resist harm reduction by regulation, the correct policy response is to follow the Chinese example and make cryptocurrencies illegal.

Thank you for your attention, I'm ready for questions.

Update December 9th: I realized too late that I omitted an important step in the argument. Let me expand upon it here.

Because participation in a permissionless blockchain must be expensive to ensure that the reward for a Sybil attack is less than the cost of mounting it, miners have to be reimbursed for their expensive efforts. There is no central authority capable of collecting funds from users and distributing them to the miners in proportion to their efforts. Thus miners' reimbursement must be generated organically by the blockchain itself. Thus a permissionless blockchain needs a cryptocurrency to be secure.

Because miners' opex and capex costs cannot be paid in the blockchain's cryptocurrency, exchanges are required to enable the rewards for mining to be converted into fiat currency to pay these costs. Someone needs to be on the other side of these sell orders. The only reason to be on the buy side of these orders is the belief that "number go up". Thus the exchanges need to attract speculators in order to perform their function.

Thus a permissionless blockchain requires a cryptocurrency to function, and this cryptocurrency requires speculation to function.

My apologies for leaving this out

Update December 24th: Nicholas Weaver tweeted this:

Update January 1st: The Economist's Holiday Double Issue features The most powerful people in crypto. It profiles Sam Bankman-Fried of FTX, Changpeng Zhao of Binance, Arthur Hayes of BitMEX, and Brian Armstrong of Coinbase, and includes these revealing graphs which demonstrate:
In practice, if you use cryptocurrencies you trust the four of them and their exchanges; they control most of the trading. This once again illustrates the lack of decentralization and trustlessness in cryptocurrencies. The Economist writes:
All four have amassed multi-billion-dollar fortunes, and huge influence, in just a few years. In conventional finance, where money is commonly borrowed, spent or saved, the most powerful intermediaries are bankers, payment firms and asset managers. But private currencies today are mostly used to speculate, which makes exchange bosses, who provide punters with the tools and venues to trade, the kings of a world whose raison d’être, paradoxically, is to do away with mighty middlemen.

End Notes

  1. Ethereum mining adds another 23.7TWh/yr (16.5 to 32 range) for about 6.9MtCO2/yr, according to Kyle McDonald.

    Doubling the carbon footprint to account for embedded emissions would put Bitcoin between Zimbabwe and Thailand. It would put Ethereum between Uruguay and Yemen, but it is likely that this would be an over-estimate, since GPUs are likely to have a somewhat longer economic life.

    Note the hockey-stick on these graphs. I wrote:
    In 2017 Facebook and Google changed their capex footprint disclosure practice, resulting in an increase of 7x for Google and 12x for Facebook. It is safe to assume that neither would have done this had they believed the new practice greatly over-estimated the footprint.
    If Google and Facebook are correctly measuring their capex emissions, and if they are representative of miners' capex emssions, cryptocurrencies' carbon footprints are vastly more than double that from their opex emssions alone.
  2. And lobbying. See, for example, the way the climate aspects of "Build Back Better" were crippled to facilitate the plant that is the sole customer of the company that pays Joe Manchin $500K/year transitioning to burning Manchin's waste coal to mine cryptocurrency.
  3. Sweden's regulators make this point in an open letter to the EU:
    Sweden needs the renewable energy targeted by crypto-asset producers for the climate transition of our essential services, and increased use by miners threatens our ability to meet the Paris Agreement. Energy-intensive mining of crypto-assets should therefore be prohibited. This is the conclusion of the director generals of both the Swedish Financial Supervisory Authority and the Swedish Environmental Protection Agency.
    And the Norwegians agree.
  4. Makarov and Schoar write:
    We show that the balances held at intermediaries have been steadily increasing since 2014. By the end of 2020 it is equal to 5.5 million bitcoins, roughly one-third of Bitcoin in circulation. In contrast, individual investors collectively control 8.5 million bitcoins by the end of 2020. The individual holdings are still highly concentrated: the top 1000 investors control about 3 million BTC and the top 10,000 investors own around 5 million bitcoins.
  5. Five years after Ethereum Classic became the remainder of the vulnerable currency, the result was:
    from the beginning of March to the beginning of May, the value of Ethereum Classic had shot up by over 1,000 percent. It jumped from about $12 a token to over $130.
  6. David Gerard provides a comprehensive overview of the latest "regulatory clarity" on cryptocurrencies from the international and US government agencies:
    • The Financial Action Task Force issued Updated Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers. Gerard writes
      The October 2021 revision is to clarify definitions, give guidance on stablecoins, note the issues of peer-to-peer transactions, and clarify the travel rule, which requires VASPs to collect and pass on information about their customers.

      VASPs include crypto exchanges, crypto transfer services, crypto custody and financial services around crypto asset issuance (e.g., ICOs). VASPs must do full Know-Your-Customer (KYC), just like any other financial institution.
      As regard peer-to-peer transactions, Gerard writes:
      Jurisdictions should assess the local risks from peer-to-peer transactions, and possibly adopt optional provisions, such as restricting direct deposit of cryptos with VASPs (paragraphs 105 and 106) — Germany and Switzerland have already considered such rules.
    • The US Office of Foreign Assets Control's Sanctions Compliance Guidance for the Virtual Currency Industry explains that:
      Members of the virtual currency industry are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.
      In particular, US miners are required to blacklist wallets suspected of being owned by sanctioned entities. Gerard writes:
      Sanctions are strict liability — you can be held liable even if you didn’t know you were dealing with a sanctioned entity. Penalties can be severe, but OFAC recommends voluntary self-disclosure in case of errors, and this can mitigate penalties. You will be expected to correct the root cause of the violations.
    • The US Financial Crimes Enforcement Network issued Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments. Gerard writes:
      Insurers and and “digital forensic and incident response” companies have been getting more directly involved in ransomware payments — even paying out the ransoms. FinCEN expects such companies to: (a) register as money transmitters; (b) stop doing this.

      A lot of ransomware gangs are sanctioned groups or individuals. Payments to them are sanctions violations.
      The Federal Reserve, the FDIC and the OCC have joined the party with a Joint Statement on Crypto-Asset Policy Sprint Initiative and Next Steps. They:
      plan to provide greater clarity on whether certain activities related to crypto-assets conducted by banking organisations are legally permissible, and expectations for safety and soundness, consumer protection, and compliance with existing laws and regulations
  7. In Really stupid “smart contract” bug let hackers steal $31 million in digital coin, Dan Goodin reports that:
    blockchain-analysis company Elliptic said so-called DeFi protocols have lost $12 billion to date due to theft and fraud. Losses in the first roughly 10 months of this year reached $10.5 billion, up from $1.5 billion in 2020.
    That is ~5% of the $237B locked up in DeFi.
  8. But the only significant social benefit of cryptocurrencies is rampant speculation, mostly in an enormous Bitcoin futures market using up to 125x leverage, based on a Bitcoin-Tether market about one-tenth the size, based on a Bitcoin-USD market about one-tenth the size again. The Bitcoin-Tether market is highly concentrated, easily manipulated and rife with pump-and-dump schemes.

    A New Wolf in Town? Pump-and-Dump Manipulation in Cryptocurrency Markets by Anirudh Dhawan and Tālis J. Putniņš finds:
    Combining hand-collected data with audited data from a pump-and-dump aggregator, we identify as many as 355 cases of pump-and-dump manipulation within a period of six months on two cryptocurrency exchanges. Up to 23 million individuals are involved in these manipulations. We estimate that the 355 pumps in our sample are associated with approximately $350 million of trading on the manipulation days, and that manipulators extract profits of approximately $6 million from other participants. In all, 197 distinct cryptocurrencies or “coins” are manipulated, which implies that approximately 15% of all coins in our sample of exchanges are targeted by manipulators at least once in the six-month period. There are, on average, two pumps per day. This rate of manipulation is considerably higher than pump-and-dump manipulation in stock markets in recent decades.
    See also this post on the strange fact that:
    The futures curve for Bitcoin has been permanently upward sloping in Contango pretty much since inception, back in 2017 meaning that the price of the future asset is higher than the spot price of the asset for pretty much 4 years
    The implication that this arbitrage opportunity persistently exists and is not hammered by investors until it closes, is that there is some form of market dislocation or systemic credit risk that cannot be properly quantified or hedged.
    And on Celsius' offer of 17% interest on BTC loans, which clearly indicates a high degree of risk. Note that:
    Yaron Shalem, the chief financial officer of cryptocurrency lending platform Celsius, was one of the seven people arrested in Tel Aviv this month in connection with Israeli crypto mogul Moshe Hogeg
  9. Transaction fees make Makarov and Schoar's claim that "transacting in cryptocurrencies and storing them are essentially costless" false. The demand for transactions is variable, but the supply is fixed. Pending transactions bid their fees in a blind auction for inclusion in a block. The result is that when no-one wants to transact fees are low and when everyone does they spike enormously.

    BTC transaction fees
    The graph shows that as the Bitcoin "price" spiked to $63K in April the frenzy drove the average fee per transaction over $60. User's lack of understanding of transaction fees is illustrated by Jordan Pearson and Jason Koebler's ‘Buy the Constitution’ Aftermath: Everyone Very Mad, Confused, Losing Lots of Money, Fighting, Crying, Etc.:
    The community of crypto investors who tried and failed to buy a copy of the U.S. Constitution last week has descended into chaos as people are realizing today that roughly half of the donors will have the majority of their investment wiped out by cryptocurrency fees.
    Apparently, fees averaged $50/transaction, and the $40M raised paid about $1M in fees. That is 2.5%, very similar to the "extortionate" fees charged by credit card companies that cryptocurrency enthusiasts routinely decry.

    Vitalik Buterin has a proposal that attempts to paper over the fundamental problem of fixed supply and variable demand, as Ruholamin Haqshanas reports in Vitalik Buterin Proposes New EIP to Tackle Ethereum’s Sky-High Gas Fees:
    Vitalik Buterin has put forward a new Ethereum Improvement Proposal (EIP) that aims to tackle the network's gas fee problems by adding a limit on the total transaction calldata, which would, in turn, should reduce transaction gas cost.

    Since Ethereum can only process 15 transactions per second, gas fees tend to spike at times of network congestion. On November 9, the average transaction network fee reached USD 62 per transaction. As of now, Ethereum transactions cost around USD 44,
  10. With the Taproot soft fork, explained in WHY YOU SHOULD CARE ABOUT TAPROOT, THE NEXT MAJOR BITCOIN UPGRADE, Bitcoin is making transactions slightly more difficult to trace, but still not offering the anonymity of Monero:
    The Taproot upgrade improves this logic by introducing Merklelized Abstract Syntax Trees (MAST), a structure that ultimately allows Bitcoin to achieve the goal of only revealing the contract's specific spending condition that was used.

    There are two main possibilities for complex Taproot spending: a consensual, mutually-agreed condition; or a fallback, specific condition. For instance, if a multisignature address owned by multiple people wants to spend some funds programmatically, they could set up one spending condition in which all of them agree to spend the funds or fallback states in case they can't reach a consensus.

    If the condition everyone agrees on is used, Taproot allows it to be turned into a single signature. Therefore, the Bitcoin network wouldn't even know there was a contract being used in the first place, significantly increasing the privacy of all of the owners of the multisignature address.

    However, if a mutual consensus isn't reached and one party spends the funds using any of the fallback methods, Taproot only reveals that specific method. As the introduction of P2SH increased the receiver's privacy by making all outputs look identical — just a hash — Taproot will increase the sender's privacy by restricting the amount of information broadcast to the network.

    Even if you don't use complex wallet functionality like multisignature or Lightning, improving their privacy also improves yours, as it makes chain surveillance more difficult and increases the broader Bitcoin network anonymity set.
  11. Whales can't get the face value of their HODL-ings. Last Friday the price crashed 20% in minutes. David Gerard writes:
    Someone sold 1,500 BTC, and that triggered a cascade of sales of burnt margin-traders’ collateral of another 4,000 BTC. The Tether peg broke too.
    That is 0.03% of the stock of BTC. Gerard writes:
    The real story is that the whales — “large institutional trading firms,” ... want (or need) to realise the face value of their bitcoins, and they can’t, because there just aren’t enough actual dollars in the market. This is the same reason miners are keeping a “stockpile” of unsaleable bitcoins, as I’ve noted previously.

    So the whales are going to Goldman Sachs to ask for a loan backed by their unsaleable bitcoins, even though the collateral can’t possibly cover for the value of the loan even if Bitcoin doesn’t crash.
  12. Here is a list of institutions that a real-world user of cryptocurrencies as they actually exist has to trust:
    • The owners and operators of the dominant mining pools not to collude.
    • The operators of the exchanges not to manipulate the markets or to commit fraud.
    • The core developers of the blockchain software not to write bugs.
    • The developers of your wallet software not to write bugs.
    • The developers of the exchanges not to write bugs.
    And, if your cryptocurrency has Ethereum-like "smart contracts":
    • The developers of your "smart contracts" not to write bugs.
    • The owners of the smart contracts to keep their secret key secret.
    Every one of these has examples where trust was misplaced.
  13. In the medium term, Bitcoin and many other cryptocurrencies face two technological threats that might disrupt them and thus provide partial mitigation:
    • Quantum computing. Quantum attacks on Bitcoin, and how to protect against them by Divesh Aggarwal et al describes two threats they pose in principle:
      • They can out-perform existing ASICs at Proof-of-Work, but it is likely to be many years before this threat is real.
      • They can use Shor's algorithm to break the encryption used for cryptocurrency wallets, allowing massive theft. Aggarwal et al track the likely date for this, currently projecting between 2029 and 2044. When it happens there will be an estimated 4.6 million Bitcoins up for grabs.
    • The halvening. At regular intervals Bitcoin's mining rewards are halved, with the goal that the currency eventually become fee-only. Alas, Raphael Auer shows that a fee-only system is insecure.


David. said...

Told you! ‘Decentralization illusion’: Central bank group urges regulation of DeFi crypto platforms by Ryan Browne reports that:

"The Bank for International Settlements, an umbrella group for central banks, said in a report this week that it’s concerned there’s a “decentralization illusion” in DeFi.
“What we found is that, first, the decentralized aspect tends to be illusive,” Agustín Carstens, general manager of the BIS, told CNBC’s Julianna Tatelbaum Tuesday.

“There are some incentive issues related to the fact that, through this decentralization, at some point you end up with some agents that play an important role, and not necessarily for the best [interests] of users of financial services.”

The central bank group did not mention any specific names related to its concerns."

David. said...

Rupert Goodwins agrees with me - see The dark equation of harm versus good means blockchain’s had its day:

"We can't kill blockchain: it's an invention, an idea, and may we never live in a society that can erase ideas. It may yet be useful, though you'd be better off betting on Freddie Mercury being beatified by the Vatican. In a world where even lasers are regulated, the need to ruthlessly police the harm blockchain can do can no longer be moderated by the what-ofs that never could be.

It's had its chance. Bust blockchain back to the lab"

Unfortunately, as The Economist reports, that isn't going to happen because Crypto lobbying is going ballistic:

"Watchdogs in America and Europe, the home to much crypto-trading activity, by contrast, are only just beginning to sniff around digital assets. And that in turn is prompting crypto firms to try to steer, if not head off altogether, the coming wave of regulation. “All of a sudden”, says Loni Mahanta of the Brookings Institution, a think-tank in Washington, lobbying “is on a rocket ship.”
ased on public disclosures The Economist calculates that crypto firms spent around $5m lobbying the American Senate in the first nine months of 2021. About $2.5m of that was spent between July and September—a quadrupling over the same period last year. Such activities employ the equivalent of 86 full-time staff, up from just one in 2016. Coinbase, a big crypto exchange, doled out $625,000 on lobbyists in the third quarter alone. Block, a crypto-friendly payments firm, has spent more than $1.7m since April 2020. The campaign is also ramping up in Brussels, the EU’s de facto capital, where the industry has deployed the equivalent of 52 full-time lobbyists."

David. said...

Following the Bank for International Settlements, the International Monetary Fund weighs in on the need for "regulatory clarity". Global Crypto Regulation Should be Comprehensive, Consistent, and Coordinated by Tobias Adrian, Dong He, and Aditya Narain doesn't call out the BS:

"While the nearly $2.5 trillion market capitalization indicates significant economic value of the underlying technological innovations such as the blockchain, it might also reflect froth in an environment of stretched valuations."

But it does call out some of the risks:

"identification, monitoring, and management of risks defy regulators and firms. These include, for example, operational and financial integrity risks from crypto asset exchanges and wallets, investor protection, and inadequate reserves and inaccurate disclosure for some stablecoins. Moreover, in emerging markets and developing economies, the advent of crypto can accelerate what we have called “cryptoization”—when these assets replace domestic currency, and circumvent exchange restrictions and capital account management measures.

Such risks underscore why we now need comprehensive international standards that more fully address risks to the financial system from crypto assets, their associated ecosystem, and their related transactions, while allowing for an enabling environment for useful crypto asset products and applications."

But nowhere do they identify any "useful crypto asset products and applications."

David. said...

Immutability and bots are a great combination, as
Daniel Van Boom reports in Bored Ape Yacht Club: Someone accidentally sold a $300,000 NFT for $3,000:

"Here the owner, real name Max or username maxnaut, meant to list his Bored Ape for 75 ether, or around $300,000, but accidentally listed it for 0.75. One hundredth the intended price.

It was bought instantaneously. The buyer paid an extra $34,000 to speed up the transaction, ensuring no one could snap it up before them. The Bored Ape was then promptly listed for $248,000. The transaction appears to have been done by a bot, which can be coded to immediately buy NFTs listed below a certain price on behalf of their owners in order to take advantage of these exact situations."

David. said...

The crime wave continues. Hackers Steal $140 Million From Users of Crypto Gaming Company by Lorenzo Franceschi-Bicchierai reports that:

"In the latest hack targeting cryptocurrency investors, hackers stole around $135 million from users of the blockchain gaming company VulcanForge, according to the company.

The hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, which is VulcanForge's token that can be used across its ecosystem, the company said .... VulcanForge's main business involves creating games such as VulcanVerse, which it describes as an "MMORPG," and a card game called Berserk. Both titles, like pretty much all blockchain games, appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR."

David. said...

Today's major ransomware attack may have exploited Log4Shell, as Dan Gooding reports in As Log4Shell wreaks havoc, payroll service reports ransomware attack:

"As the world is beset by Log4Shell, arguably the most severe vulnerability ever, one of the biggest human resources solutions providers is reporting a ransomware attack that has taken its systems offline, possibly for the next several weeks. So far, the company isn't saying if that critical vulnerability was the means hackers used to breach the systems."

infernal666 comment:

"I cannot even begin to imagine the damage one could do with access to all of the data Kronos has in it's possession."

Impugno comments;

"Oof Kronos down with end of the year payroll runs and bonuses. Glad I’m not doing payroll runs anymore. My heart goes out to those HR folks impacted."

David. said...

I've been enjoying Stephen Diehl's writing, and there is much to like in his Blockchainism. His critique starts:

"Among policy makers and regulators there’s often an implicit perspective on crypto assets and technology known that I like to call the “Gates” perspective, simply because Bill was the first large figure in the software industry to come out publicly with a position that attempts to equivocate a balance between the technology and financial mania. To grossly summarize the position he espoused in several interviews is something like the following

Cryptocurrencies are a ‘greater fool theory’ investment, but the underlying blockchain technology has applications beyond just creating asset bubbles.

Beyond just Gates, this perspective seems to be almost universal amongst a great number of both journalists and politicians who talk about this topic even today. The implicit assumption is that there is too much smoke for there not to be fire somewhere, that the underlying ideas around these distributed databases simply must have an application somewhere, we just haven’t found it yet. And that there simply must exist a paradigm-shifting solution for distributed ledgers applied to some use case that isn’t just creating a bubble bath of artificially scarce dog meme coins."

But note that nowhere in his post does Diehl distinguish between permissionless and permissioned blockchains, or attribute the cryptocurrency ills he correctly describes to the permissionless nature of their underlying blockchains.

David. said...

The Bank of England is the latest to push the need for "regulatory clarity", as Richard Partington reports in Bitcoin could become ‘worthless’, Bank of England warns:

"The deputy governor, Sir Jon Cunliffe, said the Bank had to be ready for risks linked to the rise of the crypto asset following rapid growth in its popularity. “Their price can vary quite considerably and [bitcoins] could theoretically or practically drop to zero,” he told the BBC.
In a separate blogpost published on its website on Tuesday, a member of the Bank’s staff said bitcoin failed to fulfil many of the features required of a currency and that it risked being inherently volatile.
“Simple game theory tells us that a process of backward induction should, really, at some point, induce the smart money to get out. And were that to happen, investors really should be prepared to lose everything. Eventually.”

David. said...

Thomas Claburn's Cryptocurrency 'rug pulls' cheated investors out of $8bn in 2021 – report is based on a blog post from Chainalysis. He writes:

"Chainalysis said scams constituted the largest form of cryptocurrency-based crime, as measured by transaction volume. Cryptocurrency investors – if that's the right term – lost over $7.7bn worth of digital whatever in 2021.

That's up 81 per cent from 2020, but 2020, amid the COVID-19 pandemic, was an unusual year. This year was not quite as bad as 2019, which was close to $10bn worth of scams. But there were more scams overall (3,300 in 2021, up from 2,052 in 2020), albeit with shorter lifespans (~70 days in 2021, compared to ~192 in 2020 and to around ~2,369 in 2013).
Total scam revenues for the year would have remained flat, Chainalysis said, but for the rise in rug pulls, which accounted for 37 per cent ($2.8bn) of all 2021 revenue from cryptocurrency scams, compared to just 1 per cent in 2020."

David. said...

Pete Schroeder reports that U.S. regulators flag climate change, stablecoins as potential systemic risks. The regulator in question is the Financial Stability Oversight Council:

"the body reiterated concerns flagged in November that stablecoins, a fast-growing type of digital asset pegged to traditional currencies, could become a threat if widely adopted.

While that market is currently only worth about $127 billion, its market value has ballooned more than 500% over the past 12 months and may be vulnerable to runs if investors lose confidence in the asset class's reliability, the FSOC said."

David. said...

Ragnhildur Sigurdardottir and Mark Burton's Iceland Cuts Power to Industry, Turns Away New Bitcoin Miners reinforces my point:

"A lack of power in Iceland has caused the island’s main utility, Landsvirkjun, to reduce supplies to some industrial customers, such as aluminum smelters, data centers and fish meal factories, as well as turn away new Bitcoin miners.

Low hydro reservoir levels, a malfunction at a power station and a delay in obtaining power from an external producer led to the reduction, effective immediately, the company said on Tuesday. In addition to fish-feed plants, the reductions apply to large customers on curtailable short-term contracts."

And so does Bitcoin Miners Who Flocked to Kazakhstan Now See ‘Zero Potential’ by Will Mathis and Nariman Gizitdinov:

"Kazakhstan’s Bitcoin-mining boom ended even quicker than it started.

A squeeze in the central Asian nation’s power supply has pushed the government to place big limits on the energy-intensive industry. The rapid reversal has eliminated one of the cheapest places to mine the cryptocurrency just as Bitcoin's rise this year has made the process more profitable."

David. said...

Yet another cryptocurrency externality. Liam Sharp tweets:

"Sadly I'm going to have to completely shut down my entire @DeviantArt gallery as people keep stealing my art and making NFTs. I can't - and shouldn't have to - report each one and make a case, which is consistently ignored. Sad and frustrating."

Deviant Art claims to be "the world's largest online art community".

David. said...

The problem with fiat currency is that you have to trust banks. The problem with cryptocurrencies is that you have to trust exchanges. Which is more trustworthy? Kevin Collier reports that Crypto exchanges keep getting hacked, and there's little anyone can do:

"There have been more than 20 hacks this year where a digital robber stole at least $10 million in digital currencies from a crypto exchange or project. In at least six cases, hackers stole more than $100 million, according to data compiled by NBC News. By comparison, bank robberies netted perpetrators an average of less than $5,000 per heist last year, according to the FBI’s annual crime statistics."

David. said...

Thanks to @DanGillmor for the tweet.

David. said...

Yogita Khatri reports that Centralized crypto exchanges saw over $14 trillion in trading volume this year:

"Centralized crypto exchanges, which hold customers' private keys unlike decentralized exchanges, reported more than $14 trillion in trading volume in the year 2021, according to The Block Research.

That figure is a massive 689% increase compared to 2020 trading volumes, based on data as of December 24.
Binance ... facilitated 67% of total volumes this year, i.e., over $9.5 trillion.
decentralized exchanges saw more than $1 trillion in trading volumes in 2021, representing enormous 858% growth compared to their 2020 trading volumes."

David. said...

The Economist's Is a greener, faster and more decentralised alternative to Bitcoin possible? is a good overview of the subject. Especially since it features a quote from me! But, of course, Betteridge's Law applies as this post demonstrates.

In the dead tree version the headline is "Build block better", which evades Betteridge's Law.

David. said...

The Economist's Holiday Double Issue features The most powerful people in crypto, pointing out once again the lack of decentralization and trustlessness in cryptocurrencies:

"All four have amassed multi-billion-dollar fortunes, and huge influence, in just a few years. In conventional finance, where money is commonly borrowed, spent or saved, the most powerful intermediaries are bankers, payment firms and asset managers. But private currencies today are mostly used to speculate, which makes exchange bosses, who provide punters with the tools and venues to trade, the kings of a world whose raison d’être, paradoxically, is to do away with mighty middlemen."

The four "mighty middlemen" are Sam Bankman-Fried of FTX, Changpeng Zhao of Binance, Arthur Hayes of BitMEX, and Brian Armstrong of Coinbase. In practice, if you use cryptocurrencies you trust them, and they control most of the trading.

David. said...

Dave Troy's awesome, must-read Twitter thread on the "sound money" history behind cryoptocurrencies (unroll) starts with the Protocols of the Elders of Zion and just keeps going. He concludes:

"Anyone blindly promoting cryptocurrencies without understanding the full background of “sound money,” gold, race science, and white supremacy is unwittingly advancing an agenda they don’t comprehend. Pretending it isn’t there won’t make it go away."

David. said...

We're sorry, but money is down "for maintenance". Please try later.

El Salvador's Bitcoin wallet, Chivo, is hosted in AWS' East region, so when it suffered an outage, Chivo stopped working (Google translation):

"The virtual wallet promoted by the government of Nayib Bukele, Chivo Wallet, has again presented maintenance failures this Wednesday, this time, associated with problems in the Amazon Web Service (AWS) platform. Users report through social networks that the message "We are undergoing maintenance" has reappeared on their cell phone screens when they wanted to make a transfer with bitcoins."

David. said...

RT reports that Bitcoin dives after Kazakhstan kills internet:

"Bitcoin has seen a sharp decline as protests continue in Kazakhstan, the world’s second-largest mining hub, where internet was shut down, forcing local miners to switch off their equipment.

The world’s leading cryptocurrency has dropped to $42,786, which marked a daily drop of nearly 8.5%, extending losses recorded during the previous session."

David. said...

Bill Toulas reports on today DeFi rug-pull in Crypto platform ARBIX flagged as a rugpull, transfers $10 million:

"Arbix Finance, an audited and supposedly trustworthy yield farming platform, has been flagged as a 'rugpull,' deleting its site, Twitter, and Telegram channel and transferring $10 million worth of deposited cryptocurrency.

Because decentralized networks are inherently untrustworthy, entities like CertiK attempt to evaluate them through audits that analyze a token's smart contracts for signs of fraud, vulnerabilities, privacy problems, etc.

In Arbix's case, CertiK's conducted an audit on November 19th, 2021, whose findings had initially been a reason for users to trust Arbix Finance.

However, today CertiK tweeted that Arbix is now classified as a rugpull after the token's smart contract was detected minting 10 million ARBIX to addresses under the owner's control and then dumping them for Ethereum."

Audits really solve the rug-pull problem, right?

David. said...

It has been pointed out that mining was using more than half Kazakhstan's electricity generation capacity, leading to massive outages and price spikes, which are likely the cause of the current unrest. Dictators who can't keep the lights on have a short life expectancy.

David. said...

Andy Greenberg notes another externality of cryptocurrencies in North Korean hackers stole nearly $400 million in crypto last year:

"North Korean hackers stole a total of $395 million worth of crypto coins last year across seven intrusions into cryptocurrency exchanges and investment firms, according to blockchain analysis firm Chainalysis. The nine-figure sum represents a nearly $100 million increase over the previous year's thefts by North Korean hacker groups, and it brings their total haul over the past five years to $1.5 billion in cryptocurrency alone—not including the uncounted hundreds of millions more the country has stolen from the traditional financial system. That hoard of stolen cryptocurrency now contributes significantly to the coffers of Kim Jong-un's totalitarian regime as it seeks to fund itself—and its weapons programs—despite the country's heavily sanctioned, isolated, and ailing economy."

David. said...

Laurence Blair makes the point that even mining on renewable electricity competes with more beneficial uses in How one of South America’s biggest dams became a Bitcoin battleground:

"Bitcoin mining “doesn’t contribute to the industrial development of our country,” said Mercedes Canese, a former head of Paraguay’s Viceministry of Mines and Energy. To her, the discounted rate at which Villarrica’s CLYFSA buys energy from ANDE, the state electricity utility, means everyday Paraguayans are unfairly “subsidizing” the company, and by extension local miners — in 2018, that “subsidy” was worth more than $2 million.

The miners “basically don’t add value,” Canese added, pointing to population growth estimates that suggest Paraguay’s energy surplus will run out in around 15 years. Drought linked to climate change is already sapping Itaipú’s output."

David. said...

Daniel Boffey and Jack Butcher report on Panic as Kosovo pulls the plug on its energy-guzzling bitcoin miners:

"From Facebook to Telegram, new posts in the region’s online crypto groups became dominated by dismayed Kosovans attempting to sell off their mining equipment – often at knockdown prices.

“There’s a lot of panic and they’re selling it or trying to move it to neighbouring countries,” said cryptoKapo, a crypto investor and administrator of some of the region’s largest online crypto communities.

The frenetic social media action follows an end-of-year announcement by Kosovo’s government of an immediate, albeit temporary, ban on all crypto mining activity as part of emergency measures to ease a crippling energy crisis."

No wonder mining is popular in Kosovo:

"Kosovo has the cheapest energy prices in Europe due in part to more than 90% of the domestic energy production coming from burning the country’s rich reserves of lignite, a low-grade coal, and fuel bills being subsidised by the government.

The largest-scale crypto mining is thought to be taking place in the north of the country, where the Serb-majority population refuse to recognise Kosovo as an independent state and have consequently not paid for electricity for more than two decades."

David. said...

Matt Ranger's An Anatomy of Bitcoin Price Manipulation is a detailed enough account of the July 26, 2021 Bitcoin short squeeze to name names:

"So the “market manipulation” in this event is done in two steps:

1. Spoofed orders that are quickly cancelled when opposing orders try to arbitrage them. This causes some “momentum ignition”. These seem to be done in a ladder-like sequence.

2. Turning off market-making bots at a critical juncture to ensure the thinnest possible liquidity environment for forced liquidations to happen in.

In this case, short sellers are liquidated and forced to close positions (placing buy orders). In the thin and chaotic futures order book that was created, this maximally increases the trading price, thus cascading liquidations."


"Whoever has done this is a well capitalized, sophisticated algorithmic trading firm. They have been doing this sort of stuff for a long time. The orders leading into the liquidation event are precisely coordinated by algorithms that take a long time to develop and fine-tune."

David. said...

The Russian central bank is joining China's and others, as Anna Baydakova and Eliza Gkritsi report in Bank of Russia Calls for Full Ban on Crypto:

"The report says cryptocurrencies are volatile and widely used in illegal activities such as fraud. By offering an outlet for people to take their money out of the national economy, they risk undermining it and making the regulator's job of maintaining optimal monetary policies harder, the report said.

The bank, therefore, said Russia needs new laws and regulations to effectively ban crypto-related activities. The bank is not suggesting banning ownership of crypto by private citizens, Danilova said."

David. said...

Corin Faife reports a fine example of trustlessness in CEO confirms hundreds of accounts were hacked, hedges on other details:

"The CEO of cryptocurrency exchange, Kris Marszalek, has finally confirmed that hundreds of user accounts were indeed compromised by hackers and had funds stolen as a result, though details of the exact method of breach remain unclear.
Marszalek followed up by tweeting that “no customer funds were lost” — a statement some commentators interpreted as meaning that the exchange would take the financial hit rather than passing it on to customers.

Shortly afterward, security company PeckShield posted a tweet claiming that, in reality,’s losses amounted to around $15 million in ETH and were being sent to Tornado Cash to be “washed.”"

David. said...

Giorgi Lomsadze reports on Georgia’s mountainous cryptocurrency problem:

"Just ahead of the new year, residents of Georgia’s remote mountain region of Svaneti gathered in a church to make a solemn oath upon an icon of St. George: that they would not mine cryptocurrency.

“It is unfortunate that we had to resort to this extreme measure, but we have been left with no other option,” one local told RFE/RL following the ceremony. It was a desperate attempt to deal with what has become an intractable problem: chronic energy shortages in Svaneti due to unscrupulous use of power-hungry computers mining cryptocurrency.

A few days earlier, the electricity utility company Energo Pro warned that the situation was “untenable.” Overuse had led to a spate of accidents on transmission lines that feed power to Svaneti, forcing the companies to send crews via helicopter to the high-altitude region, in harsh winter conditions, to fix them."

The area has free electricity, so obviously:

"Svaneti’s cryptocurrency frenzy peaked in 2019, when the power company and police were forced to go door to door to disconnect consumers who had gotten involved in cryptocurrency mining. Energo Pro said it then took offline about five million laris [$1.6 million] worth of mining hardware.

But miners were undeterred, and last year the region’s electricity consumption returned to 2019 levels, the company said. The regional capital of Mestia and nearby towns consume almost four times more power than the seven megawatt hours they are expected to."

David. said...

Crypto, NFTs Are Rife With ‘Mountains’ of Fraud, IRS Says by Allyson Versprille states the obvious:

"IRS criminal investigators see cryptocurrencies and nonfungible tokens as ripe for fraud, including money laundering, market manipulation and tax evasion -- and even celebrities could get caught up in the agency’s probes.
IRS investigators seized $3.5 billion worth of cryptocurrencies tied to financial crimes during fiscal year 2021, a figure that accounted for 93% of all the assets seized by the division in that time frame. IRS CI ended the year with 80 cases in its inventory that it was still actively working where the primary violation was tied to crypto, Korner said.

Law enforcement agencies are worried about a range of criminal activities. They worry when they see people paying millions of dollars for assets, like NFTs, that don’t seem to have that kind of inherent value, Korner said. Bad actors can use that to their advantage to launder money from criminal enterprises, such as drug trafficking, he said.

NFTs and crypto, in general, are ripe for market manipulation, according to Korner, with high-profile investors having the ability to sway asset prices with a single Tweet."

David. said...

Catalin Cimpanu reports Cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021:

"Cybercriminal gangs laundered an estimated $8.6 billion worth of cryptocurrency last year, in 2021, a 30% rise from the previous year, according to a Chainalysis report published today.

The company said it arrived at the number by tracking transactions linked to cybercriminal activity across different cryptocurrency blockchains.

This included tracking addresses linked to activity such as darknet market sales, online scams, cryptocurrency platform hacks, and ransomware attacks.

“Overall, cybercriminals have laundered over $33 billion worth of cryptocurrency since 2017, with most of the total over time moving to centralized exchanges. For comparison, the UN Office of Drugs and Crime estimates that between $800 billion and $2 trillion of fiat currency is laundered each year — as much as 5% of global GDP,” Chainalysis said."

David. said...

Texas Governor Abbott Turns to Bitcoin Miners to Bolster the Grid and His Re-Election by Michael Smith contains this gem (my emphasis):

"The idea is that the miners’ computer arrays would demand so much electricity that someone would come along to build more power plants, something Texas badly needs. If the grid starts to go wobbly, as it did when winter storm Uri froze up power plants in February 2021, miners could quickly shut down to conserve energy for homes and businesses. At least two Bitcoin miners have already volunteered to do just that.

There’s no guarantee anyone will build more generation or switch off just because they’re asked. There’s even a chance the idea could backfire and put more strain on the grid overall."

Given the relative time lag for setting up mining against building new power stations, it isn't exactly "a chance".

David. said...

There is a problem with "The idea is that the miners’ computer arrays would demand so much electricity that someone would come along to build more power plants".

What would motivate the someone to build power plants in Texas is higher prices for electricity so that the someone could make a return on their investment. What would demotivate mining in Texas is higher prices for electricity, which would decrease the return on miners' investment.

David. said...

Charlie Osborne's Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams reports that:

"Researchers say that hackers are abusing misconfigurations in smart contracts to launch token rug pulls.
Check Point Research (CPR) said that scammers are now turning their attention to smart contracts, with misconfigurations utilized to launch new crypto tokens -- before an inevitable "rug pull" takes place.

Rug pulls occur when crypto or virtual asset project developers manipulate a token's perceived worth and then abandon the project -- taking investor funds with them.

A recent example is the SQUID token, which saw the token reach $2,850 in value at its peak. Once the developers' rug pulled and prevented traders from selling, the coin crashed by over 99.99%, rendering it basically worthless while netting the developers millions of dollars."

David. said...

Today's good news for Bitcoin is reported by Steven Musil in Blockchain platform Wormhole says it's retrieved the $324M stolen by hackers:

"Hackers stole more than $324 million in cryptocurrency from Wormhole, the developers behind the popular blockchain bridge confirmed Wednesday.

The platform provides a connection that allows for the transfer of cryptocurrency between different decentralized-finance blockchain networks. Wormhole said in a series of tweets Wednesday afternoon that thieves made off with 120,000 wETH, or wrapped ethereum, worth nearly $324 million at current exchange rates. The platform's network was also taken offline for maintenance.

This is one of the largest crypto thefts of all time and the second-largest theft from a DeFi service, blockchain analysis firm Elliptic said in a statement.
"The exploit appears to have allowed the attacker to mint 120,000 wrapped ETH on the Solana blockchain, 93,750 ETH of which was then transferred to the Ethereum blockchain," Elliptic said in a blog post.
Certus One, the developers of Wormhole, offered the hacker a $10 million "bug bounty" for the exploit details and return of the cryptocurrency, according to a message shared by Elliptic's Tom Robinson.

Note that Musil wrote:

"DeFi is any financial tool that uses blockchain technology to circumvent middleman institutions."

I wonder what the definition of "middleman" is that excludes Wormhole?

David. said...

"Your money is being upgraded, please try again next month". David Gerard reports:

"The Eastern Caribbean Central Bank DCash CBDC pilot has been out of commission since 14 January. This turned out to be due to an expired certificate in Hyperledger. The fix: upgrade Hyperledger, which they’re currently trying to do. The future of legal tender!"

David. said...

Centralization wins! The Federal Reserve and MIT's Project Hamilton CBDC research project has evaluated two architectures:

"The first architecture processes transactions through an ordering server which organizes fully validated transactions into batches, or blocks, and materializes an ordered transaction history. This architecture durably completed over 99% of transactions in under two seconds, and the majority of transactions in under 0.7 seconds. However, the ordering server resulted in a bottleneck which led to peak throughput of approximately 170,000 transactions per second. Our second architecture processes transactions in parallel on multiple computers and does not rely on a single ordering server to prevent double spends. This results in superior scalability but does not materialize an ordered history for all transactions. This second architecture demonstrated throughput of 1.7 million transactions per second with 99% of transactions durably completing in under a second, and the majority of transactions completing in under half a second. It also appears to scale linearly with the addition of more servers. In order to provide resilience, each architecture can tolerate the loss of two datacenter locations (for example, due to natural disasters or loss of network connectivity) while seamlessly continuing to process transactions and without losing any data."