Thursday, November 10, 2022

Matt Levine's "The Crypto Story": Part 2

The first part of my discussion of Matt Levine's The Crypto Story covered the first two of its four chapters:
  1. Ledgers, Bitcoin, Blockchain, in which he lays out the basics of Bitcoin's technology.
  2. What Does It Mean?, in which he discusses generalizations of Bitcoin, such as Ethereum.
  3. The Crypto Financial System, in which he discusses financial technologies such as exchanges, stablecoins and DeFi.
  4. Trust, Money, Community, in which he discusses the social and societal impacts.
Below the fold, I go on to look at the last two chapters. They are shorter than the first two, and my expertise is less in these areas, so there is less to write.

The Crypto Financial System

Again, Levine explains why as a financial journalist, he is interested:
The crypto system is, philosophically, one of permissionless innovation. The workings of the major blockchains are public and open-source; if you want to build a derivatives exchange or margin-lending protocol or whatever in Ethereum, you just do it. You don’t need to set up a meeting with Vitalik Buterin to get his approval. You don’t need to negotiate access and fees with the Ethereum Corp.; there is no Ethereum Corp. Anyone can try anything and see if it works.

If you’re a smart young person coming from traditional finance, this feels liberating. If you’re used to spending months negotiating credit agreements with prime brokers and setting up direct access to trade on a stock exchange, the idea that you can just do stuff in crypto, with no preliminaries, is amazing. Obviously it’s a bit alarming as well: Some of those long, slow processes in traditional finance are there to prevent money laundering or fraud or ill-considered risk-taking. But, empirically, a lot of them aren’t really preventing any of those things, or aren’t doing so in an optimal way. A lot of them are just How It’s Always Been Done. Nothing in crypto is How It’s Always Been Done; it’s all too new.
He starts by discussing what it means to "hold crypto", both the risks of "your keys, your coins" such as the loss of the private key for your wallet, and those of the "not your keys, not your coins" approach of trusting an exchange. He notes one of the issues with doing so:
There are some obvious downsides. One big one: It’s like a bank! If you got into Bitcoin because you don’t trust banks and you want to be in control of your own money, it’s somewhat weird, philosophically, to just go and trust a crypto exchange to keep your money for you.
But the alternative is to be a bank, with total responsibility for the security of your own funds. This is hard, as Nicholas Weaver discovered:
If security experts can't safely keep cryptocurrencies on an Internet-connected computer, nobody can. If Bitcoin is the "Internet of money," what does it say that it cannot be safely stored on an Internet connected computer?
If you use an exchange, your legal position is unclear, but is likely to be as an unsecured creditor. Adam Levitin takes 77 pages to examine this question in Not Your Keys, Not Your Coins: Unpriced Credit Risk in Cryptocurrency:
Cryptocurrencies are designed to address a problem of transactional credit risk—the possibility of “double spending.” The lesson here is the credit risk can arise not just from active transacting in cryptocurrency, but also from passive holding of cryptocurrency. Because this passive holding risk turns on technical details of bankruptcy and commercial law, it is unlikely to be understood, much less priced, by most market participants. The result is a moral hazard in which exchanges are incentivized to engage in even riskier behavior because they capture all of the rewards, while the costs are externalized on their customers
This uncertainty is especially true of Binance, the even more dominant exchange since buying FTX, as Levitin explains in Binance's Custodial Arrangements: Whose Keys? Whose Coins?:'s Terms of Uses disclose absolutely nothing about its custodial arrangement for crypto holdings. From the documents on's website, it is impossible to determine the legal relationship between and its customers and hence the type of counterparty risk they have from dealing with the exchange. That's scary.
Levine also explains why financial institutions typically don't want to hold cryptocurrencies, but would rather use the futures markets to create derivatives that track them. Not holding them means not having to explain how you are mitigating the risks to your regulators.

I like his explanation of stablecoins:
One thing that would be cool is if crypto could keep track of who has dollars. Then you could get the benefits of crypto (decentralization, smart contracts, skirting the law) along with the benefits of dollars (your bank account isn’t incredibly volatile, you can buy a sandwich). A stablecoin is a crypto token that’s supposed to always be worth $1.51 If you have a stablecoin, then you have $1 on the blockchain. You hope.
No discussion of stablecoins is complete without Tether:
One of the longest-running and funniest controversies in crypto is about where Tether, the biggest stablecoin, keeps its money. Tether is replete with colorful characters (the Mighty Ducks guy, etc.), and they go around boasting about how transparent they are without actually saying where the money is. They also go around promising to publish an audit but never do it. They probably have the money, more or less, but they seem to be going out of their way to seem untrustworthy. Still, people trust them.
Two different types of people trust Tether enough to use it:
  • Speculators trust Tether because they have to in order to play the game; it is in effect what the bets are denominated in.
  • Traders, especially in East Asian countries, trust Tether because by avoiding their national regulations they can transact in ways that they otherwise couldn't, or would be uneconomic. Datafinnovation explains this in USDT-on-TRON, FTX & WTF Is Really Happening.
Levine makes an interesting argument about "wrapping" actual assets in tokens:
Stablecoins are “wrapped” dollars, dollars that live on the blockchain.
it’s a way for the crypto financial system to ingest the traditional financial system. Have a financial asset? Put it in a box and issue tokens about it. Now it’s a crypto asset. If the crypto financial system is good—if the computer programs, payment rails, and institutional structures of crypto have competitive advantages against the programs, rails, and structures of traditional finance—then some people will prefer to trade their stocks or bonds or other financial assets in the crypto system.
Levine describes algorithmic stablecoins and the mechanism behind the Terra/luna collapse using a fictious pair, Dollarcoin (Terra) and Sharecoin (Luna):
People start to want dollars rather than Dollarcoins, so some of them sell Dollarcoins for dollars on the open market. This pushes the price of Dollarcoin slightly below $1, perhaps to 99¢. Other people get nervous, so they go to the smart contract —which is supposed to keep the price of a Dollarcoin at $1—and trade Dollarcoins in for $1 worth of Sharecoins. Then they sell those Sharecoins, which pushes down the price of Sharecoin, which makes more people nervous. They trade even more Dollarcoins for Sharecoins and sell those. This pushes the price of Sharecoin lower, which creates more nervousness, which leads to more redemptions at lower Sharecoin prices and even more Sharecoin supply flooding the market. This is a well-known phenomenon in traditional finance (it happens when companies issue debt and commit to paying it back with stock), and it has the technical name “death spiral.”
I discussed this vulnerability of algorithmic stablecoins in Metastablecoins. Metastability is a concept in physics, describing a system like the one in the graphic which can have two energy states, a higher one separated from a lower one by an energy barrier. Algorithmic stablecoins depend on arbitrage to maintain their value; the "death spiral" happens when the arbitrageurs lack enough firepower to prevent the value transiting the arbitrage barrier. As we see with Terra/Luna and earlier failures, calling them "stablecoins" is inaccurate, they should be called metastablecoins.

Further, a point that Levine misses is that even fully backed stablecoins are metastable because they are subject to "bank runs". Back in May after USDT briefly traded down to 95.11 cents, Bryce Elder focused on Tether's restrictions on redemptions in Barclays to tether: the test is yet to come:
Tether’s closed-shop redemption mechanism means it cannot be viewed like a money-market fund. Processing delays can happen without explanation, there’s a 0.1 per cent conversion fee, and the facility is only available to verified customers cashing out at least $100,000.
This means that although in theory holders of USDT can redeem them for dollars from Tether's backing as Levine describes, in practice most of them can't. They can only sell their USDT for USD on an exchange, putting downward pressure on the USDT price. Barclays writes:
We think that willingness to absorb losses, even though USDT is fully collateralized and has an overnight liquidity buffer that exceeds most prime funds, suggests the token might be prone pre-emptive runs. Holders with immediate liquidity demands have an incentive (or first-mover advantage) to rush to sell in the secondary market before the supply of tokens from other liquidity-seekers picks up. The fear that USDT might not be able to maintain the peg may drive runs regardless of its actual capacity to support redemptions based on the liquidity of its collateral.
Thus even the biggest fully backed stablecoin is actually metastable.

Levine then turns to explaining DeFi, in particular with a very clear explanation of how automated market makers (AMM) work, which grew out of Vitalik Buterin's suggestion for how to solve the problem that the way market makers work in TradFi requires vastly faster and cheaper computation than Ethereum can deliver:
The mechanism would be a smart contract that holds A tokens of type T1, and B tokens of type T2, and maintains the invariant that A * B = k for some constant k (in the version where people can invest, k can change, but only during investment/withdrawal transactions, NOT trades). Anyone can buy or sell by selecting a new point on the xy=k curve, and supplying the missing A tokens and in exchange receiving the extra B tokens (or vice versa). The “marginal price” is simply the implicit derivative of the curve xy=k, or y/x.
Levine's explanation is far less cryptic; you should read it.

DeFi isn't just providing liquidity between tokens, it also involves lending. Secured loans, such as margin loans, can be implemented effectively as "smart contracts", but unsecured loans not so much:
An unsecured loan is essentially about trust. It’s about the lender trusting that she’ll be repaid not out of a pool of collateral but out of the borrower’s future income. She has to trust that the borrower will have future income and that he will pay.

Relatedly, an unsecured loan requires identity. You need to know who’s borrowing the money, what their payment history looks like, what their income is. ... If you borrow money against crypto collateral, all your lender needs to know is that the collateral is on the blockchain. If you borrow money against your future income, your lender needs to know who you are.
And so we come back to the oracle problem. Any time a "smart contract" such as an unsecured lending protocol needs to interact with the real world, it runs into the potential for "Garbage In, Garbage Out" (GiGo). Wikipedia notes that:
The underlying principle was noted by the inventor of the first programmable computing device design:
On two occasions I have been asked, "Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" ... I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
— Charles Babbage, Passages from the Life of a Philosopher
There is much more in this chapter, touching on flash loans, Miners Extractable Value, and the way the Terra/Luna fiasco mirrors the 2008 financial crisis but without the contagion into the real economy. But, again, it is hard to find anything there to disagree with.

Trust, Money, Community

This chapter contains three short stories. The first is about how the way people use a system designed to eliminate the need for trust involves trusting much less trustworthy entities:
Crypto, in its origins, was about abandoning the system of social trust that’s been built up over centuries and replacing it with cryptographic proof. And then it got going and rebuilt systems of trust all over again. What a nice vote of confidence in the idea of trust.
The reason for this is that using the "trustless" system directly is so difficult and risky that only experts can do it safely. So if the system is to gain wide usage it can only be through layers that disquise the difficulties and risks. And these layers necessarily require trust. Moxie Marlinspike wrote about a great example of this in My first impressions of web3:
As it happens, companies have emerged that sell API access to an ethereum node they run as a service, along with providing analytics, enhanced APIs they’ve built on top of the default ethereum APIs, and access to historical transactions. Which sounds… familiar. At this point, there are basically two companies. Almost all dApps use either Infura or Alchemy in order to interact with the blockchain. In fact, even when you connect a wallet like MetaMask to a dApp, and the dApp interacts with the blockchain via your wallet, MetaMask is just making calls to Infura!

These client APIs are not using anything to verify blockchain state or the authenticity of responses. The results aren’t even signed. An app like Autonomous Art says “hey what’s the output of this view function on this smart contract,” Alchemy or Infura responds with a JSON blob that says “this is the output,” and the app renders it.

This was surprising to me. So much work, energy, and time has gone into creating a trustless distributed consensus mechanism, but virtually all clients that wish to access it do so by simply trusting the outputs from these two companies without any further verification.
Trust is such a great optimization that people can't believe systems wouldn't use it. This isn't just about computer systems. In 2019's The Web Is A Low-Trust Society I wrote:
Back in 1992 Robert Putnam et al published Making democracy work: civic traditions in modern Italy, contrasting the social structures of Northern and Southern Italy. For historical reasons, the North has a high-trust structure whereas the South has a low-trust structure. The low-trust environment in the South had led to the rise of the Mafia and persistent poor economic performance. Subsequent effects include the rise of Silvio Berlusconi.
But, on the issue of trust as an optimization, see Cory Doctorow's Delegating trust is really, really, really hard (infosec edition), a topic I've written about before.

The second contrasts the view of money as a social construct with the idea that cryptocurrencies are objective facts:
Your Bitcoin are yours immutably; they’re controlled only by your private key, and no government or bank can take them away from you. But the history of crypto since Satoshi has undermined this view. If you got your Bitcoin illegitimately, the government can trace them and stop you from spending them. There are still gatekeepers—crypto exchanges and fiat off-ramps and banks—that decide what you can do with your money. Crypto might be immutable and “censorship-resistant,” but its interactions with the real world are not.
"Code is law" but the people behind the code know what that saying is good for. In Deconstructing ‘Decentralization’: Exploring the Core Claim of Crypto Systems Prof. Angela Walch gets to the heart of what the claim that a system is "decentralized" actually means:
the common meaning of ‘decentralized’ as applied to blockchain systems functions as a veil that covers over and prevents many from seeing the actions of key actors within the system. Hence, Hinman’s (and others’) inability to see the small groups of people who wield concentrated power in operating the blockchain protocol. In essence, if it’s decentralized, well, no particular people are doing things of consequence.

Going further, if one believes that no particular people are doing things of consequence, and power is diffuse, then there is effectively no human agency within the system to hold accountable for anything.
In other words, it is a means for the system's insiders to evade responsibility for their actions.

The third is about the value of communities, such as the ones that surround cryptocurrencies:
A key lesson of crypto is: A bunch of people can get together online and make their community have economic value, and then capture that value for themselves. If you explain the mechanism for that, it sounds even worse. “Well, see, there’s this token of membership in the community, and it’s up 400% this week. Also the tokens are JPEGs of monkeys.”

But look, pretty soon, what are we going to sell to each other? Online communities are valuable. There’s money to be made.
In an era when Elon Musk is driving Twitter off a cliff, laying off half its staff, and Mark Zuckerberg is reacting to Meta's stock dropping 70% this year by laying off 11,000 workers, I'd treat Levine's comment skeptically.

Finally, Levine makes the case for cryptocurrencies:
A problem, and an advantage, of crypto is that it financializes everything. “What if reading your favorite book made you an investor in its stock.” Feh, it’s a story that only a venture capitalist could love. On the other hand, it’s a story that venture capitalists love. A minimalist case for crypto is:
“It’s an efficient way to get venture capitalists to put money into software projects.”
Again, I urge you to read the entire magnum opus. It is well worth your time. And, for a much shorter take on many of these issues, go read the Bank of England's John Lewis' Old problems with new assets: some of crypto’s challenges look strangely familiar, which concludes with:
New assets don’t always mean new problems or new solutions. Ironically, despite being promoted as alternatives to traditional finance, the crypto ecosystem faces many of the same problems. Some challenges relate to the underlying currencies – ideally you want a currency with stable value whose quantity can be changed to supply liquidity. But unbacked cryptocurrencies like bitcoin or ethereum which are the cornerstones of the system have the opposite properties: unstable value and a quantity that can’t be easily changed.

Other challenges relate to the system as a whole. Typically those are asymmetric: in upswings no-one wants to get out, loans get repaid, there are no margin calls, liquidity is abundant and collateral prices are rising. It’s only in downswings these issues materialise, often at the same time. And crucially, the crypto ecosystem currently lacks many of the guard rails developed over time in the regular system (capital buffers, liquidity requirements, stress tests, lender of last resort, resolution frameworks etc) to deal with them. As such, I think it is much more vulnerable when those problems emerge.

1 comment:

David. said...

Sal Bayat's response to Matt Levine is worth reading:

"The thing that bothers me the most is that Matt gets it. He understands what the economy and financial system should be, he knows the difference between real wealth and simulated value, but there’s some invisible force stopping him from taking the final logical step.
But there’s no realization that crypto is a weaponization of the forces in our economy that extract value without providing meaningful utility. The truth is that society is impoverished when we allow monopoly rents to be extracted by the already fabulously wealthy. Rampant economic inequality destroys aggregate societal wealth."