Tuesday, November 29, 2022

The Stablecoin Saga Continued

In The Stablecoin Saga I discussed the first of Datafinnovation's two series on (meta)stablecoins, about the mystery of where the backing for coins like USDT is. Now, below the fold, it is time to look at their second series, mostly about tracing the flows of stablecoins using data from their blockchains.
Source
They start with Applied Fraud Detection: Benford’s Law & Stablecoins (October 4th):
Benford’s Law describes how the first (and 2nd, 3rd, etc) digits of naturally occuring numbers should be distributed. Below we will go a little bit deeper but the key point is that this “law” is used to detect frauds quite often and such evidence is even admissible in court sometimes.

Very roughly: if you pick a random number x and count how many numbers between 0 and x start with 1 or 2 or 3 etc and plot the distribution you expect to see something like [this]:
There are reasons why some financial datasets don't have this property, because they aren't random. For example:
But lots of people purchase 100 shares of stock, or invest 10k or do other pure-financial things in round amounts. It is also plausible to think someone might transfer 9,999 rather than 10k of some currency. Yes, this is a thing.
They show that gross per-wallet flows of stablecoins are not random:
So rather than looking at individual payment amounts let’s look at the gross flows through wallets. These numbers look and feel like the population, tax and website counts plotted above.

What do we find? Weirdness! This is the 3rd digit which should be near-ruler-flat:
Source
And they are not random in odd and interesting ways that differ between stablecoins:
All of these stables are weird. For first digits things are a bit more complex
Source
The expected distribution is in light blue. Some of these fit and some do not. USDP, for example, fits the 1st digit well but is way off for the 3rd. USDT is arguably the best-behaved dataset for the 3rd digit but then it is colossally off for the 1st digit.
They conclude:
These numbers do not look like finance and they do not look like physics. As a lot of finance is modelled as physics this pairing is not shocking!

But maybe we can find new “laws of physics” for stablecoins. It makes no sense to treat these flows like economically active money running through an economy. Deriving a “velocity of money” from these flows will not mean anything like what it does in the traditional world. Even certain weird transactions like creating one stablecoin with another are meaningless from a system-wide funding perspective but might not be entirely noise.
This observation leads into the next few posts. First, Intro to Stablecoin Mechanics (October 13th):
Let’s go through how a stablecoin works. Not the whole “what backs this thing?” question. The “boring” mechanics of operating a stablecoin. Spoiler alert: it is not boring. Here we de-anonymize a large wallet and put a person’s name, with specific dates, next to public records corresponding to large USD bank transfers. At least they are supposed to correspond to such transfers.
Source
We are going to dig into to the TrueUSD (TUSD) because it is particularly interesting. And it shows how much information is there just waiting to be read.

You’re probably thinking TUSD is tiny. The market cap is about $380mm right now. But there’s been about $8.9B of minting and $8.5B of burning to-date. So far in October it’s done $400mm in on-chain volume across 5,355 trades. YTD is $22.7B and 111k trades. Annualized that’s about the GDP of Iceland or Cambodia so, yeah, it’s not zero.
The operator of TUSD mints tokens when its bank account receives dollars (or possibly its wallet receives other stablecoins — see below). When the tokens are redeemed, the tokens are burned by sending them to the 0 address and the dollars are transferred from its bank account to the requester's bank account.

Source
But how redemptions are implemented is actually a bit more complicated. The tokens are transferred to one of a set of not-quite-zero addresses:
If you go look into these addresses you see they are some sort of operational holding wallets.
...
The address on the other side of those burns has got to be the real owner. So what’s going on? Recall stablecoin redemption is linked to a bank transfer. Each holding wallet likely corresponds to a bank account with some control process watching the balance. Send your tokens here. Then we credit you the real USD. Then we burn your tokens. Or something like that.
So the wallet that sent the tokens to the not-quite-zero address belongs to the requester of the redemption and the not-quite-zero address corresponds to the bank at which they have an account.

Thanks to etherscan it is possible in many cases to deanonymize the sender wallet:
One burning address is 0x00000000000000000000000000000000000020d8. This address intermediates between a wallet labelled “Justin Sun” on etherscan and the 0x0 address. Here is the entire history:
Source
That is just shy of half a billion in real dollars right there.
QED. This doesn't deanonymize the bank account connected to the not-quite-zero wallet, but it would provide investigators clues they could use to do so.

Next is Stablecoin Mechanics 2: Tether-Celsius (October 16th):
Canonically a stablecoin is only issued in return for fiat currency. Everyone knows that rule is not followed 100% of the time in crypto. Here we are going to look, in depth, at not-for-fiat transactions between Tether and Celsius. There are also direct transfers but those are boring.

tl;dr: We found the Tether-Celsius loans, Tether’s equity investment into Celsius, and can therefore prove a lot about both defects in the Celsius business model and questionable conduct by Tether.
They report on using their techniques to identify a wallet used for transactions between Tether and Celsius including:
  1. A flow of USDT from Tether to Celsius matching in timing and amount Tether's publicly disclosed $10M equity investment in Celsius. They point out that:
    Those USDT come out of the treasury and go to Celsius. There is no way those were backed by USD because it’s a f’ing equity investment and equity investments do not feed back USD on day 1 they feed back equity. This means Tether was dropping irrefutable evidence in real time — on-chain with a corresponding press release!— about their reserve composition over 2 years ago.
    This backs up a quote from Celsius CEO Alex Mashinsky:
    If you give them enough collateral, liquid collateral, bitcoin, ethereum and so on . . . they will mint tether against it
    So at least some USDT was then backed by cryptocurrencies.
  2. A flow of USDT from Tether to Celsius (though not possible reverse flows) showing that:
    From 12 August through 2 Dec 2021 Celsius borrowed — gross not net — over $1.5 billion from Tether. We do not yet know exactly what happened. But it is pretty evident a lot of Celsius’s crypto deposits went into Tether for no yield at all.

    This is eerily reminiscent of the stETH debacle where Celsius’ ETH got stuck and they had no way, mechanically, to pay yield or process withdrawals. These BTC were trapped inside Tether, earning Celsius nothing, and they were loosing money every day they promised yield to their own clients.
    The suggestion is that, in order to pay customers the promised return, inflows of cryptocurrency were not put to productive use but were used as collateral for loans of USDT from Tether. The USDT was then paid to customers:
    We see borrowing from Tether escalate in the 3rd quarter of 2021. If they were unable to find a yield-earning use for 10k-20k BTC in the 3rd and 4th quarters of 2021 during that bull market it should have been obvious internally the business was already doomed.
    It was already obvious that Celsius was in trouble in late 2021. For example. their CFO was arrested, they were offering obviously unsustainable 17% interest rates, and states such as New Jersy were telling them to stop. Celsius paused withdrawals in June 2022 and filed Chapter 11 in July.:w
Datafinnovation's main point is:
There is unparalleled transparency in crypto, it’s just not being used properly. Celsius is a great example because the signals it reveals are not tradable now that Celsius is gone. But there is so much more signal out there.
Stablecoin Mechanics 3: Circle of Life (October 19th) looks into "wierd" circular transfers of Circle's USDC stablecoin:
So there are 40 transfers of 500k each into the wallet, and 1 transfer for 20mm out. Ready for some excitement? This graph includes 10 of those inflows, the 1 outflow, and shows an interesting circle:
Source
0x55fe, orange in the lower-left with lots of connections, is the USDC treasury. 0x28c5b, the blue lower-left wallet, is known to Circle as they issue directly. It’s also — and this was found by Matt Ranger —probably Alameda Research as it matches this article.
$5M of the $20M goes around the circle in the image. To find the other $15M they zoom out:
Source
The first plot is the circle at the center-right. Weird huh, all those batches of intermediary addresses.
...
Most of those long lines in the big plot are transfers of exactly 500k and somehow feed back where we started. Again to employ a common phrase: probably nothing.

All this action took place between October 2018 and early January 2019.
Last in the series tracing stablecoin flows is 3AC’s Final Transfers? (October 21st) in which they look at what Three Arrows Capital was doing just before they collapsed:
3AC sent about $100 million to BitMEX in early November 2021. This flow and surrounding wallets are pretty exceptional:
  • $70 million disappears into BitMEX
  • Transfer patterns match known 3AC wallets
  • Large flows with known 3AC wallets
  • Final transfer is 1AM SGT on Friday 17th June
We know they traded on BitMEX from public reports.
...
Last transfer 1AM Singapore on Friday June 17th. This WSJ piece came out that day and they are quoted as speaking “on Friday.”

So these look very much like 3AC’s final on-chain skidmarks.
Combined, these posts demonstrate that Datafinnovation has tools that use on-chain data to provide significant visibility into stablecoin flows.

Their final October post was different. The Compliance-Innovation Trade-off (October 31st) is another item for the list I am maintaining in Impossibilities. The TL;DR is:
DeFi cannot be permissionless, allow arbitrary innovation and comply with any meaningful regulations. You can only choose two of those properties. If you accept a limited form of innovation you can have two-and-a-half of them.
They present a generalization of the impossibility proof technique they have used in their previous results. They start from Gödel's incompleteness theorems via the halting problem and Kleene's Recursive predicates and quantifiers which showed that:
all systems that can express arithmetic contain the halting problem and offer the degree of computational power we call Turing-complete today.
to Rice's theorem which shows:
you cannot write a program that checks if another program has any particular non-trivial property.
They observe that:
the most powerful sort of computer we can have that doesn’t experience the halting problem and therefore Rice’s extension is known as a linear bounded automaton (LBA).
They argue thus:
  1. We want to mechanize finance
  2. Finance needs arithmetic
  3. Godel tells us if we can do arithmetic we need to choose if our system is inconsistent or incomplete
  4. We need certainty over whether a given payment was made and around account balances, so we cannot pick inconsistency and therefore choose incompleteness
  5. Kleene tells us our system has the halting problem and all that comes with it
  6. We can then copy Savage’s proof for Rice’s theorem and adopt that result
Thus the properties of the finance system cannot be checked automatically. The code can be reviewed, but if it calls external functions nothing can be proven. Even if it doesn't, unless either it is immutable, or if any changes are implemented using an LBA, nothing can be proven.

They conclude:
Permissionless systems that offer changeability >LBA cannot credibly comply with any regulations.

Permissioned systems can — to the extent we trust whoever set up the system and does the permissioning going forward.
One final unrelated note on stablecoins comes from JP Koning's Stablecoins, meet 3% interest rates (October 13th):
The global rise in interest rates is finally beginning to percolate into the stablecoin sector. One of the effects of this rise is that centralized stablecoins like USD Coin and Gemini Dollar, which by default pay 0% to holders, are introducing backdoor routes for paying interest to large customers. ...

In the case of USD Coin, Coinbase refers to interest as a "reward." Gemini calls it a "marketing incentive." But less face it: they're really just interest payments.
Koning explains why this is happening:
Stablecoin issuers are offering interest to select customers because of the inexorable pressure of competition. After hovering near 0% for much of the last decade (see chart above), interest rates have ramped up to 3% in just a few months. Issuers hold assets to back the stablecoins that they've put into circulation, and now these previously barren assets are yielding 3%. That means a literal payday for these issuers. In the first quarter of 2022, for instance, Circle (the issuer of USD Coin) collected $19 million in interest income after making just $7 million the quarter before. In the second quarter of 2022, interest income jumped to $81 million. I suspect the third quarter tally will come in well above $150 million.

However, if they don't share at least some of this juicy reward, issuers risk having their customers flee to alternatives that do offer interest, like Treasury bills or corporate deposit accounts. And then the amount of stablecoins in circulation will shrink, eating into issuers' revenues.
Koning goes on to suggest how a DAO, such as MakerDAO, could aggregate many smaller stablecoin holders to negotiate interest payments from the issuers. But, just as Coinbase and Gemini have to disguise their payments as something other than interest, such a DAO would likely be rated as a security for regulatory purposes. And, as Ignacio de Gregorio points out, DAOs and MakerDAO specifically have other problems including an lack of decentralization.

3 comments:

Warren Strange said...

The description of Benford's law on that Medium article doesn't seem to match the Wikipedia entry.

If I'm reading the Wikipedia definition correctly, truly random numbers do NOT follow Benford's law. I.e. the digits are uniformly distributed. Per wikipedia:

"If the digits were distributed uniformly, they would each occur about 11.1% of the time."

It's only "natural data" or real-life phenomena that show Benford's distribution.


David. said...

Datafinnovation's article does not say random numbers obey the law. It says:

"Very roughly: if you pick a random number x and count how many numbers between 0 and x start with 1 or 2 or 3 etc and plot the distribution"

Lets take the (too small) random range from 1 to 1234. The first digit 1 occurs 111+234=345 times, the other digits occur 111 times. As the random range expands to span many orders of magnitude, the distribution approximates Benford's Law "very roughly".

Warren Strange said...

I think that works because of the (too small) 1..1234 example, right?

If we extend the example to say 1..99999999, the "pick a random x" doesnt observe the law.

I'm not disagreeing with the gist of the article (I think there is something going on there..). I just think Wikipedia provides a better explanation:

"...is an observation that in many real-life sets of numerical data, the leading digit is likely to be small"