Thursday, April 27, 2023

Crypto: My Part In Its Downfall

I was asked to talk about cryptocurrencies to the 49th Asilomar Microcomputer Workshop. I decided that my talk would take the form of a chronology, so I based the title on a book by the late, great comic Spike Milligan. It became Crypto: My Part In Its Downfall1.

Below the fold is the text, with links to the sources.

Before the recent "crypto winter", the words you heard about cryptocurrencies were "innovative", "potential" and "decentralized". This story is about my part in showing that they are all false. I should stress that I hold no long or short positions in cryptocurrencies, their derivatives or related companies. Unlike most people discussing them, I am not "talking my book". As usual the text of my talk with links to the sources will go up on my blog after the session. I plan to leave about 10 minutes for discussion, so please hold questions.

The story starts twenty-eight years ago next month when Vicky Reich was part of the team that pioneered the transition of academic journals from paper to the Web by putting the Journal of Biological Chemistry on-line.

Then a quarter-century ago Vicky and I were hiking in Joseph Grant State Park when she explained to me how uncomfortable librarians were at being forced to switch from owning a copy of the journals to which they subscribed, to renting access to the publisher's copy.

I came up with an idea as to how they could own a copy; libraries would run a transparent Web cache, a digital version of the stacks. They would pre-load it with their subscription journals using a Web crawler, and simply never flush the cache. A couple of months later hiking Big Basin I came up with my one great acronym; LOCKSS for Lots Of Copies Keep Stuff Safe.

Although the basic idea was simple, the details were complicated:
  • Even back then libraries were under severe budget pressure, so the hardware and staff costs had to be very low.
  • Despite that, the system had to be extremely reliable to compete with the longevity of paper.
  • The journals were owned by the most rapacious copyright holders on the planet. If there were a central organization running the caches, it would get instantly sued out of existence.
  • Despite that, the system had to resist attacks aimed at altering or leaking content. Even long before the foes of "cancel culture" focused on banning books from libraries, organized groups were using razor blades to remove articles on, for example, abortion from journals in the stacks.
My idea was for the caches to form a peer-to-peer network in which they would, in effect, vote on the hash of the journal issues and, if a cache lost the vote, repair its copy from another cache with which it had agreed in the past. There would be no central organization for the publishers to sue, just a network among their customers, who they would be less eager to sue.

The key question in these peer-to-peer systems is "who gets to vote?" In permissioned systems some centralized authority registers voters. In permissionless, decentralized systems voters register themselves. It is possible for a bad guy to commit election fraud by registering enough fake voters to win any vote they choose. The only viable defense against these Sybil attacks is to impose a poll tax to make voting expensive, more expensive than the profit from successful fraud.

Although the prototype Web cache, Web crawler, hash voting and repair systems all worked well, my first two attempts at an inter-cache protocol that resisted Sybil attacks didn't. It wasn't until I worked with Petros Maniatis, TJ Giuli and Mema Roussopolous, brilliant students of Prof. Mary Baker at Stanford CS, that we figured out how to do it.

The key was a technique called Proof-of-Work, published more than a decade earlier by Cynthia Dwork and Moni Naor. By requiring that each vote be accompanied by an amount of provably performed but otherwise useless computation, we made voting expensive and thus deterred the Sybil attacker. We published the resulting design in 2003's Preserving peer replicas by rate-limited sampled voting, and won a Best Paper award.

A couple of years later the system was in production at libraries worldwide, and we were learning a lot about the operation of peer-to-peer networks at (modest) scale.

Fast forward three years and Satoshi Nakamoto published the Bitcoin protocol. It was another in the long history of attempts to build a digital currency, this time being based on a permissionless, decentralized peer-to-peer network using Proof-of-Work as a Sybil defense.

In effect Nakamoto used a Proof-of-Work poll tax to make voting on the content of the next block in the chain expensive. The work needed was to guess a nonce that resulted in the hash of the block having a set number of leading zeros. This was expensive in computation, so he repaid the cost by inflating the currency with a block reward for the winner of the guessing competition, some newly created Bitcoin.
I am oversimplifying. The Proof-of-Work mechanism selects a node to verify a block, and the nodes achieve consensus on the block via the Longest Chain Rule, the only component of the Bitcoin protocol that was really new with Nakamoto. But in the big picture this performs the same function as voting in a permissioned system using Byzantine Fault Tolerance, and the analogy helps my exposition.
A little while later I found out about it and, as someone who had launched a permissionless, decentralized peer-to-peer network using Proof-of-Work some years earlier, doubted that it would succeed despite its evident cleverness. Based on our experience with LOCKSS, my reasons included:
  • We had discovered that, to be an effective Sybil defense, the cost imposed by Proof-of-Work had to be vastly higher than the cost of the functions it was defending. A digital currency that was very expensive to run didn't seem like a great idea. A decade later Eric Budish would put this insight on a firm theoretical foundation in The Economic Limits Of Bitcoin And The Blockchain, showing that to be safe the value of the transactions in a block should not exceed the value of the block reward2.
  • The goal of Proof-of-Work in both Bitcoin and LOCKSS was to avoid the need for peers to trust each other. But this didn't mean that the system was perceived as, or was actually, free of trust. In practice peers had to at least trust the core developers of the protocol. Recent DARPA-sponsored research shows many other parties needing to be trusted3.
Effective Sybil defense made LOCKSS nodes too expensive for library budgets, and librarians understood that even after paying that cost they were trusting the team at Stanford, so even if they could afford it, paying the cost made no sense. By 2008 the LOCKSS system was a permissioned network protected by encryption, not by Proof-of-Work. So I made the mistake of not paying much attention to Bitcoin.

Pretty soon after Bitcoin's launch it became clear that the need to wait an hour for finality, and the large proportion of transactions that simply failed, meant you couldn't really pay for anything legal with it. In 2021 Amir Kafshdar Goharshady published Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain.

In particular, you couldn't pay the hardware, power, cooling and staff time needed to pay the poll tax in Bitcoin. You had to pay in what the Bitcoin cognoscenti sneeringly called "fiat", actual dollars. To convert the block rewards into actual dollars you needed exchanges that would set a "price" for a Bitcoin in dollars. The exchange would let you sell your Bitcoin and credit you with "dollars" in your account. But you can't run a cryptocurrency exchange by FedEx-ing stacks of $100 bills to and fro so, crucially, the exchange needs banking services to transfer dollars from your exchange account to your bank account so you can actually pay your bills and buy the Lamborghini. Thus, in practice, Nakamoto's goal of avoiding trust in banks was a failure4.

Thus only 21 months after Bitcoin launched, Mt. Gox became the first significant Bitcoin exchange. As with exchanges in the real world, the quoted "price" represented what a greater fool would pay, because they believed that an even greater fool would pay an even greater "price" in the future. In Bitcoin's case, the greater fools didn't even have the reassurance of "analysts' estimates" of future earnings, because you didn't need an analyst to know that the future earnings were zero.

So as well as continuing to trust banks, cryptocurrency users ended up trusting exchanges that were much less trustworthy. Mt. Gox, for example, was coded in PHP and run initially by one guy, who then sold it to a convicted fraudster.

Once people tried centralized exchanges, they realized the user experience was far better than transacting directly on the blockchain, so exchanges rapidly became popular. In June 2011 Mt. Gox pioneered one of the major features of the cryptocurrency exchange user experience, getting robbed. About 25,000 BTC vanished from nearly 500 accounts.

Nakamoto's scheme motivated early adoption by rapidly inflating the currency with large block rewards, then exponentially decreasing them, so he could claim the currency was non-inflationary (eventually). The result was that early adopters accumulated large numbers of Bitcoin, and the Gini coefficients of cryptocurrencies became extreme.

If you are one of these early adopter "whales" your ability to buy Lamborghinis depends upon "number go up" because if it doesn't you will get a Greater Fool Supply-Chain Crisis and the number will go down. Because the Gini coefficients are so high, cryptocurrency markets are thinly traded, on occasion a sale of just 150 bitcoin resulted in a 10 per cent drop in the "price". Thus whales have the means, motive and opportunity to manipulate the "price".

And, boy, do they ever. In Making Sure "Number Go Up" I survey research showing the prevalence of wash trading, pump-and-dump schemes, and the un-backed printing of stablecoins. The SEC has steadfastly refused to approve a Bitcoin ETF because the market is completely manipulated. So every time you hear me say "price" you need to imagine it has quotes around it.

By Georg Wiora
A whale wanting to pump has to have dollars in their account at an exchange, a whale dumping will accumulate dollars in their account. Getting them in or out or even moving them to another exchange required that the exchange(s) have banking, which a lot of the time they didn't. Tether was the first major (meta)stablecoin, a centralized cryptographic token purportedly representing a dollar in a very sketchy bank in the Bahamas5. Traders who didn't trust the banks somehow managed to trust Tether, despite later revelations that there were only 74 cents for each Tether in the sketchy bank.

It wasn't until 2013 that a paper by Ittay Eyal and Emin Gun Sirer caught my attention. Entitled Majority is not Enough: Bitcoin Mining is Vulnerable, it described the "selfish mining" attack on Bitcoin, which I related to one of the attacks against LOCKSS. That started me thinking about Bitcoin and what we had learned about peer-to-peer systems.

By February 2014, despite the earlier thefts and many other legal problems, and with Bitcoin already down about 40% on the year, Mt. Gox was handling 70% of all Bitcoin trades. It was so much easier and more effective than the Bitcoin blockchain, and like fiat exchanges benefited greatly from network effects. At which point it declared bankruptcy, having lost at least 750,000 Bitcoin then "worth" about $377M.

That fall, as Vicky and I were on vacation in Mendocino, I figured out something fundamental about cryptocurrencies, and wrote Economies of Scale in Peer-to-Peer Networks. This was that, because voting in these systems had to be expensive, voters needed to earn a profit by voting. Because technologies have strong economies of scale, the bigger the voter, the higher the profit margin. So these systems would end up centralized.

I wasn't being prophetic. Four months earlier the mining pool had controlled over 51% of Bitcoin mining power for an extended period. My insight wasn't that this would happen, but rather that it was made inevitable by the economics of technology. In 2018 Arnosti and Weinberg, and in 2019 Yulin Kwon et al put my insight on firm theoretical foundations.

What are "mining pools"? They are a symptom of another force driving centralization. Nakamoto's vision was of a large number of roughly equal nodes voting — "one CPU one vote". Suppose there were 100 of them. The system is designed to generate a new block every 10 minutes. Thus on average a node will receive a block reward about once every 17 hours.

But currently there are about 25M ASICs voting, so each would expect a reward about once every 475 years. The economic life of these ASICs is around 18 months, so only about one in 300 will ever get a reward.

The idea of one node per ASIC makes no sense. To get a reward once a day now requires about 175,000 ASICs, 99.7% of which will be trashed without ever earning anything. Now you see why cryptocurrency mining companies are going bankrupt one after another, and where Bitcoin's massive e-waste problem comes from.

2 pools control BTC

A mining pool is a way to aggregate huge numbers of ASICs into a single node and thereby gain rewards more frequently. ASIC owners pay the pool a fee that trades their chance for a big reward at infrequent random intervals (gambling) for a share in the pool's more frequent, more predictable flow of rewards (investing). The system inevitably centralizes around a few large pools6.

In January 2015 Bitcoin completed its first 75% drop in "price" over a year.

The Bitcoin blockchain was constrained in its ability to separate suckers from their money because it only implemented transactions. Thus Ethereum, a Turing-complete blockchain whose "smart contracts" allowed far more creative techniques became popular. Over time it became evident that deploying immutable software had risks, so "smart contracts" that were "decentralized in name only" also became "immutable in name only" or "upgradeable".

In June 2016 "The DAO", the first major smart contract, after accumulating 14% of all the ETH in circulation and ignoring repeated warnings, suffered a reentrancy bug which allowed the theft of about $50M. The theft was reversed by a hard fork, demonstrating the limits of purported decentralization.

In August 2016 the BitFinex exchange, which had taken over from Mt. Gox as the largest Bitcoin exchange, was robbed of almost 130K Bitcoin, then "worth" about $72M, second only to the Mt. Gox theft. Two months earlier Bitfinex had settled with the CFTC for $75K for multiple violations. In February 2022, the DoJ seized most of the loot, then "worth" about $3.6B, and charged Ilya Lichtenstein and Heather Morgan with the theft.

In December 2018 Bitcoin completed its second 75% drop in "price" in a year.
whatever consensus mechanism they use, permissionless blockchains are not sustainable for very fundamental economic reasons. These include the need for speculative inflows and mining pools, security linear in cost, economies of scale, and fixed supply vs. variable demand. Proof-of-work blockchains are also environmentally unsustainable.
Blockchain: What's Not To Like?

Already in 2014 the digital preservation world had been infected with the blockchain hype, which led to a stream of skeptical posts on my blog and eventually an invitation from Cliff Lynch to present at CNI. I put quite a lot of work into Blockchain: What's Not To Like?, and I reprised it at the April 2019 Asilomar Microcomputer Workshop, and in July 2019 for the Dept. of Defense. The basic idea was that permissionless blockchains weren't a good idea because economies of scale meant they weren't decentralized, and they weren't sustainable being dependent upon speculation and a vast carbon footprint.

And, of course, basing long-term preservation on something that can often lose 75% of its value in a year is a bit of a risk.

In January 2019 Quadriga CX, the biggest exchange in Canada filed for bankruptcy missing C$188M amid suspicions that its CEO faked his death7.

In April the New York Attorney General sued Bitfinex over an $850M hole in their reserves8.

In May Binance lost 7000 BTC to a heist and suspended withdrawals for a week.

By this time it was already possible for Wall St. firms to make serious money making leveraged bets on cryptocurrencies' extreme volatility. Decentralized Finance (DeFi) sprang up for less well-resourced holders who simply wanted interest on their coins. It was described as peer-to-peer lending via "smart contracts". This sounds like the lender and the borrower were equals, but in practice the lenders' coins were borrowed by the big trading firms to fuel their trades, another example of the deceptive nature of "decentralized".

In April 2020 the dForce DeFi protocol lost $25M to a reentrancy bug similar to The DAO's in June 2016.

It is now October 2021 and John Markoff invites me to talk virtually about cryptocurrencies to the TTI/Vanguard Institutional Investor conference. Without thinking I said yes. Then I checked their website for the programs of previous conferences, and got totally intimidated by the caliber of their speakers. I spent the next two months frantically drafting and re-drafting the talk that was eventually entitled Can We Mitigate Cryptocurrencies' Externalities?.

That month the CFTC settled with Tether and Bitfinex for $42.5M for false claims about Tether's backing, and violating their 2016 settlement.

BTC 11 Nov 21
It is the 11th day of the 11th month and all is well. The Bitcoin chart looks like this, and us crypto-skeptics are "having fun staying poor". But this is the day something changed and the upfall became a downfall.

Despite being a big contrast to the other cryptocurrency talk, Can We Mitigate Cryptocurrencies' Externalities? was well received. The whole conference was very impressive, and I got to tell Kim Stanley Robinson how wrong he was about cryptocurrency in The Ministry for the Future!

Things had returned to normal when, on the afternoon of February 8th, Dennis Allison e-mailed me saying the speaker for the next day's EE380 seminar had canceled, and could I step in? I agreed to, and hastily expanded and updated the TTI/Vanguard talk. Thanks to Dave Farber, Cory Doctorow and other reviews, the blog post with the text has garnered 482K, and the YouTube video 12K views.

The talk starts by listing the externalities that cryptocurrencies impose on the rest of us:
Bitcoin is notorious for consuming as much electricity as the Netherlands, but there are around 10,000 other cryptocurrencies, most using similar infrastructure and thus also in aggregate consuming unsustainable amounts of electricity. Bitcoin alone generates as much e-waste as the Netherlands, cryptocurrencies suffer an epidemic of pump-and-dump schemes and wash trading, they enable a $5.2B/year ransomware industry, they have disrupted supply chains for GPUs, hard disks, SSDs and other chips, they have made it impossible for web services to offer free tiers, and they are responsible for a massive crime wave including fraud, theft, tax evasion, funding of rogue states such as North Korea, drug smuggling, and even as documented by Jameson Lopp's list of physical attacks, armed robbery, kidnapping, torture and murder.

Much to my surprise, I was one of a group of "experts" invited to a May meeting of the White House Round Table on Digital Assets, part of the policy development process sparked by the President's Executive Order on Ensuring Responsible Development of Digital Assets. In summary, my message was:
  • Permissioned blockchains are overtly centralized, and permissionless blockchains are actually centralized.
  • The entire purpose of permissionless blockchains is to evade regulation by diffusing responsibility. In Prof. Angela Walch's words:
    the common meaning of ‘decentralized’ as applied to blockchain systems functions as a veil that covers over and prevents many from seeing the actions of key actors within the system.
  • Regulators should pay no attention to the claim of "decentralization" and focus on the actual loci of centralization in both permissioned and permissionless systems. Regulators cannot let smearing operations out over many allegedly but not actually independent nodes render regulation futile.
  • The goal of regulation should be to isolate cryptocurrencies from fiat by clamping down on exchanges such as Binance and Coinbase, and (meta)stablecoins such as Tether.
I was subsequently invited to participate in a July meeting of the Financial Stability Oversight Council and a February meeting of the International Organization of Securities Commissions DeFi working group. My message remained the same.

Why choose these three as priority targets?

Binance is the dominant cryptocurrrency exchange in both the spot market, where it handles two of every three trades, and the much larger derivatives market. It has been laser-focused on avoiding regulation, claiming not to be headquartered anywhere. Investigations by Angus Berwick and Tom Wilson at Reuters and others have revealed among other things money laundering, sanctions evasion, that supposedly independent is a false-front, unbacked (meta)stablecoins, retrospective re-writing of their blockchain, and a 5-year-long DoJ investigation.

Coinbase is much smaller that Binance but its importance is that it is the largest exchange that is a US public company and holds an SEC broker-dealer license. But I documented in The Exchange You Can Trust and Dominoes its many problems9.

Tether (USDT) dominates the (meta)stablecoin marked with an alleged "market cap" about $79B. It has never been audited, and has been described as being "practically quilted out of red flags". The nearest competitor is Circle, whose USDC has a "market cap" around $33B, but has been credibly audited.

At the start of May Bitcoin had been about $40K, down a mere 41% in six months but on the 9th the downfall accelerated as the Terra/Luna algorithmic metastablecoin system crashed and Bitcoin dropped another 25%.

This drop in "price" evaporated the claimed profit margin of many Bitcoin miners. I say "claimed" because as I discussed in Generally Accepted Accounting Principles, based on work by Paul Butler, these profits were based on the standard 5-year straight-line depreciation of their mining rigs. But the rigs had an economic life of about 18 months:
this excess depreciation means that the company's real cost for creating income is much higher than they report, and thus their real profit as a continuing business is much less than they report, because they are not putting aside the money they will need to replace obsolete hardware.

In June the bankruptcies started. As the Bitcoin "price" dropped from $31K on June 7 to $18K on June 16 the Bicoin hash rate dropped 39% from 266EH/s to 163EH/s, showing that the miners were in real trouble. Estimates at the time were that most miners' break-even point was around $30K. Among the struggling miners was Marathon:
the company that in its 2021 fiscal year paid its management $164M on sales of $150.5M. It is now losing $10K on every Bitcoin it mines.
Their 2022 results show a net loss of $150M.

As the downfall continued, several things became obvious. First, that the entire ecosystem of exchanges and traders was based on fraud. Silicon Valley Bank failed because many of its assets, long-dated bonds, had lost a proportion of their value when they needed to sell them. But the bulk of the assets of exchanges such as Celsius, FTX and Binance were ther own private tokens, CEL, FTT and BNB. And when they needed to sell them the tokens were worth nothing.

Here's how private tokens work. An exchange mints a billion of them, then sells 100 of them to a straw buyer for $1,000. Now the exchange is "worth" $10B. And if, as Celsius and FTX did, they use the customer dollars coming in to buy up any tokens the public want to sell, they can keep the illusion going. Remember, cryptocurrency markets are completely manipulated. But when someone, Ian Allison in the case of FTX, points out the illusion, there are no buyers.

Second, that the level of financial incompetence in the cryptocurrency ecosystem was staggering. To take just one example, four days after Three Arrows Capital collapsed, it turned out that 3/4 of Voyager Digital's assets were uncollateralized loans to the failed company.

Third, that the cryptocurrency ecosystem was very vulnerable to contagion because it was tightly connected. Voyager and 3AC were an example, as were Genesis and the Winklevoss twins' Gemini - the twins had to rescue it with a $100M personal loan10.

Fourth, that the level of technical incompetence was staggering. For example, FTX's liquidators found "private keys to over $100 million in Ethereum assets stored in plain text and without encryption on an FTX Group server" and "FTX generally didn't use multisigs. When they did, they stored all of the keys together in one place, thus defeating the purpose.".

The benefit of the downfall was that it freed regulators from massive lobbying efforts by the crypto-sphere ($80M from SBF alone). What have they been doing with their new-found freedom?
  1. The SEC and the New York Attorney General have been using settlements and lawsuits to establish that pretty much all cryptocurrrencies and tokens, except Bitcoin, are securities and thus regulated by the SEC, not the hitherto crypto-friendly CFTC. This now especially includes Ethereum, because staking clearly satisfies the Howey Test.
  2. The Federal Reserve and other banking regulators issued a joint statement putting US banks on notice that dealing with cryptocurrency companies risks their banking license. Note that the two main crypto-friendly banks both collapsed in a single weekend.
  3. The regulators are increasing their efforts to ensure that banks and their cryptocurrency customers have proper KYC/AML processes in place.
  4. The SEC has continued to refuse all requests for a spot Bitcoin ETF. They have many objections, but the most important is that the Bitcoin market is heavily manipulated11.

    This is obvious in the recent rise in Bitcoin's "price" back to levels where miners can profit. Liquidity has dried up, making manipulation much easier, and people are buying Bitcoin on exchanges such as Binance that lose banking and transferring them to Coinbase to cash out12.

And the regulators are focused on at least some of the priority targets:
  • The CFTC sued Binance and its CEO Changpeng Zhao for violating rules on derivatives trading. Binance handles around 3 of every 4 derivative trades. The complaint shows that the DoJ's 5-year-long investigation has detailed access to Binance's internal communications, and that major Wall St. firms have been evading the law to trade on Binance.
  • The SEC sent Coinbase a Wells notice, signalling an impending lawsuit. This likely relates to their staking service; in February the SEC settled with the smaller Kraken exchange on the basis that their staking service was an unregistered security.
  • The SEC sued Justin Sun of TRON and the Huboi exchange for wash trading unregistered securities, and eight "influencers" for touting them.
  • But so far no action on Tether.
To sum up, permissionless blockchain technology is clever, but the economics of applying it to the real world are stupid for the reasons I published nearly 9 years ago.. Centralization in the information ecosystem is a very serious problem, but it is driven by economics, not technology. So attempting to solve it with technology with inherent economies of scale is futile. Trying to get decentralization with permissionless blockchains comes with enormous costs (25M ASICs to produce results that wouldn't stress a Raspberry Pi), and even after paying them you don't get decentralization.

Thanks to (in alphabetical order): Hilary Allen, Dennis Allison, Mary Baker, Amy Castor, Mark Cummings, David Gerard, TJ Giuli, Izabella Kaminska, Mike Keller, Fais Khan, Mike Lesk, Tom Lipkis, Cliff Lynch, Petros Maniatis, John Markoff, Jon Reiter, Mema Roussopolous, Mark Seiden, Jen Snow, Angela Walch, Don Waters, Molly White.
I should stress that, like Spike Milligan's, my part in the saga was a minor one. Thanks are due to many people, from my point of view especially to those on this slide.


  1. This post's title was inspired by Spike Milligan's Adolf Hitler: My Part in His Downfall, the first volume of his memoir of WWII. I apologize for the implicit Godwin's law violation; I think cryptocurrencies are bad, but not that bad.
  2. The Bitcoin network currently transacts about 100K BTC/day, or an average of nearly 700 BTC/block, so the network exceeds Budish's safety criterion by more than two orders of magnitude. See Sybil Defense.
  3. The report from Trail of Bits is entitled Are Blockchains Decentralized?. Among their findings are:
    • Every widely used blockchain has a privileged set of entities that can modify the semantics of the blockchain to potentially change past transactions.
    • The number of entities sufficient to disrupt a blockchain is relatively low: four for Bitcoin, two for Ethereum, and less than a dozen for most PoS networks.
    • The vast majority of Bitcoin nodes appear to not participate in mining and node operators face no explicit penalty for dishonesty.
  4. Bitcoin has failed to achieve any of Nakamoto's goals:
    What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers.
    In practice, Bitcoin is not a usable "payment system" because:
    • Its value is extremely volatile.
    • The supply of transactions is fixed and very small, but the demand for transactions is variable, leading to massive fee spikes at busy times.
    • Fees are too high for everyday transactions to be economic.
    • Transactions take too long, requiring an hour for finality.
    • Transacting on the Bitcoin blockchain requires impractical levels of operational security.
    Bitcoin is simply a speculative asset, which is not at all what Nakamoto intended.

    In practice Bitcoin users need to trust the core developers, the operators of the major mining pools, the exchanges, and the banks those exchanges use. This is a lot more trust than simply using banks directly. In practice, irreversible transactions are a major cause of crime. And, in practice, "routine escrow mechanisms" require trusting third parties (see Amir Kafshdar Goharshady's Irrationality, Extortion, or Trusted Third-parties: Why it is Impossible to Buy and Sell Physical Goods Securely on the Blockchain).

    Nakamoto wrote:
    The incentive can also be funded with transaction fees. If the output value of a transaction is less than its input value, the difference is a transaction fee that is added to the incentive value of the block containing the transaction. Once a predetermined number of coins have entered circulation, the incentive can transition entirely to transaction fees and be completely inflation free.
    Alas, Raphael Auer shows that a fee-only system is insecure. Even Nakamoto understood this:
    The incentive may help encourage nodes to stay honest. If a greedy attacker is able to assemble more CPU power than all the honest nodes, he would have to choose between using it to defraud people by stealing back his payments, or using it to generate new coins. He ought to find it more profitable to play by the rules, such rules that favour him with more new coins than everyone else combined, than to undermine the system and the validity of his own wealth.
    Nakamoto was very concerned with privacy:
    The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone.
    As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.
    In practice, the advice to use a new key-pair for each transaction is impractical, a business opportunity for companies such as Chainalysis.
  5. There are two kinds of "stablecoins", both of which are actually metastable:
    • Algorithmic stablecoins, the canonical example of which is Terra/luna. They are stable as long as the arbitrageurs have enough resource, but when selling pressure gets to be more than the arbitrageurs can handle, the coin will go to approximately zero.
    • Backed stablecoins, which are like banks in that their "deposits" are much shorter-term than their assets. So, just like Silicon Valley Bank, they are subject to bank runs, but unlike SVB they don't have an FDIC or a Federal Reserve to bail them out so will go to approximately zero.
  6. Nakamoto wrote:
    The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.
    Cooperation among an anonymous group protected Bitcoin during failures of decentralization by Alyssa Blackburn et al traces the early history of Bitcoin's centralization. On 13th June 2014 GHash controlled 51% of the Bitcoin mining power. The miners understood that this looked bad, so they split into a few large pools. But there is nothing to stop these pools coordinating their activities. As Vitalik Buterin wrote:
    can we really say that the uncoordinated choice model is realistic when 90% of the Bitcoin network’s mining power is well-coordinated enough to show up together at the same conference?
    and Makarov and Schoar wrote:
    Six out of the largest mining pools are registered in China and have strong ties to Bitmain Technologies, which is the largest producer of Bitcoin mining hardware
    Stakes 1/19/23
    For almost the entire history of Bitcoin no more than 5 pools have controlled 51% of the Bitcoin mining power. For almost the entire history of Ethereum's use of Proof-of-Work even fewer pools, often only two, have controlled 51% of the mining power. The switch to Proof-of-Stake has not changed this. And note that Proof-of-Stake conforms to Mark 4:25:
    For he that hath, to him shall be given: and he that hath not, from him shall be taken even that which he hath.
    and thus ensures that the Gini coefficient of ETH will continue to increase.
  7. Here is the Ontario Securities Commission report on Quadriga CX. David Gerard summarizes:
    The upshot is what you expected — Quadriga was a massive scam all the way down, and Gerald Cotten was running it like a Ponzi scheme, paying out withdrawals only with deposits, to fund his lifestyle. Cotten also traded on the platform, front-running his customers. He blew another CAD$28 million of cryptos trading on other exchanges.
    The OSC bends over backwards to say “not all crypto exchanges” — though I remind you all of the Bitwise report to the SEC [PDF] about how 95% of reported exchange volume was obviously fake, because the numbers weren’t statistically plausible.
  8. The story of Tether's $850M is complicated. Between 2014 and 2018, as a way to work around not having access to banking, Bitfinex used Crypto Capital as a front. Then the authorities in Poland seized Crypto Capital's accounts for money laundering, leaving an $850M hole in Bitfinex' accounts. Then Bitfinex used Tether's reserves, which were allegedly backing the stablecoin, to plug the hole in its accounts, which meant that USDT was no longer backed by a dollar in a bank. In 2021 Tether and Bitfinex settled with the CFTC for their false claims about this. Later that year the DoJ sent letters warning Tether and its executives that they were under investigation for the crime of lying to banks. In 2022 Reginald Fowler pled guilty to five counts including bank fraud for setting up bank accounts for Crypto Capital:
    A former minority owner of the National Football League’s Minnesota Vikings should spend seven years behind bars and forfeit more than $740 million after admitting he helped cryptocurrency exchanges avoid money-laundering rules, prosecutors told a federal judge in New York.
    Bitfinex allege that Fowler converted $385M of the money to his personal uses, although skepticism is warranted.
  9. The list of Coinbase's problems from The Exchange You Can Trust:
    • Trying To Sell Unregistered Securities
    • Fiasco In India
    • Misleading Customers About Their Funds And Keys
    • "Losing Money Running A Casino"
    • NFT Marketplace Fiasco
    • Tolerating Insider Trading
    • Actually Selling Unregistered Securities
    • Forcing Arbitration On Customers
    Dominoes adds to the list:
    • Coinbase bonds trading at 50c on the dollar.
    • Coinbase laid off at least 1160 staff in 2022.
    • Coinbase stock ended 2022 89.3% down from their high.
    • Coinbase lost $1.1B in Q2 and $545M in Q3 2022.
    • Coinbase suffered massive withdrawals. $248 million in customer stablecoins was withdrawn from Coinbase just on July 15 — half the stablecoin holdings as of that day.
    And now Coinbase has an SEC Wells notice. This is made worse by two facts. First, that the SEC already settled with the smaller Kraken exchange on the basis that their staking service was an unregistered security. Second, that the SEC sued the Bittrex exchange, and has internal Bittrex communications showing that:
    Bittrex regularly asked issuers to remove “problematic statements” from their marketing materials—statements indicating that the asset was marketed as a security—as a prerequisite for making the issuers’ crypto assets available for trading on the Bittrex Platform. Bittrex unofficially dubbed this practice the “problematic statement cleanup.”
    Some at least of the "cleaned up" assets trade also on Coinbase. Coinbase appears to be relocating to Bermuda, in anticipation of being excluded from the US for money laundering.
  10. Genesis is part of Barry Silbert's Digital Currency Group. Genesis loaned 3AC $2.36B, so when 3AC went bankrupt Genesis was in trouble. So DCG made Genesis a non-callable loan of $1.1B at 1%! Then FTX went bankrupt and Genesis suspended withdrawals. Gemini had at least $700M of its customers' funds loaned to Genesis, so they were in trouble too. These loans were from Gemini's Earn program, which promised 8% returns, so is clearly a security. Gemini and Genesis are fighting, and the SEC has sued both of them for selling unregistered securities.
  11. The SEC's reasons for forbidding Bitcoin ETFs include:
    • “wash” trading,
    • persons with a dominant position in bitcoin manipulating bitcoin pricing,
    • hacking of the bitcoin network and trading platforms,
    • malicious control of the bitcoin network,
    • trading based on material, non-public information, including the dissemination of false and misleading information,
    • manipulative activity involving the purported “stablecoin” Tether (“USDT”),
    • fraud and manipulation at bitcoin trading platforms.
  12. Source
    Vildana Hajric's A Closer Look at Bitcoin’s Rally Suggests the Depth of Demand Is Deceptive shows that there is very little liquidity in the BTC-USD pair, all the trading that has driven BTC back around $30K is in BTC-USDT and other metastablecoins, especially those pairs for which Binance offered zero-fee trades:
    But isolating just the Bitcoin-dollar trade pair — which trades on exchanges like Coinbase and Gemini — shows volume was the lowest since 2020, the researcher said. During that time, regulators cracked down on the industry with a number of lawsuits and actions.

    The Bitcoin-dollar pair measure may be a better way of representing what volumes actually looked like without zero-fee trading during the first three months of the year and shows a “starkly different trend,” according to Kaiko’s Clara Medalie, who published research on the topic alongside with Conor Ryder, research analyst at the firm.
    Retail activity has dropped off across the globe, with global exchange traffic down 25% since the summer, according to new research from K33 and EY Norway. Their findings say that from June to August 2022, crypto exchanges clocked 630 million visits. Last quarter, that number fell to 475 million. In addition, crypto-related websites have seen plummeting traffic when compared with last summer.

    Noelle Acheson, author of the Crypto Is Macro Now newsletter, said that while activity is climbing in crypto derivatives, the same is not yet true for the so-called spot, or cash market.
    I wrote about the lack of retail money coming into cryptocurrencies last November in Greater Fool Supply-Chain Crisis, and Hajric's post supports my argument. The spot market has been pumped back to levels the miners can live with and the much bigger derivative market doesn't care; all they are interested in is the huge volatility.

    Last Decemeber I modeled the cryptocurrency ecosystem as a black box and wrote:
    A rough estimate of the total amount of fiat currency that could be extracted from the black box can be made by taking the "attestations" of the major stablecoins at face value and summing them; there are unlikely to be large stores of fiat in the box that haven't been converted to stablecoins. This gets us $66.2B (USDT) + $44.2B (USDC) + $17.4B (BUSD) + $0.7B (USDD) = $128.5B, against a current total "market cap" of cryptocurrencies at around $800B.
    In other words, estimates of cryptocurrencies' "market cap" should be deflated by a factor of about 6 to get the amount of "real money" they represent.


David. said...

Molly White's "Rogue developers" make off with $1.82 million from Merlin illustrates the need to trust the developers (see Note 3):

"The brand new Merlin DEX had only just launched on the zkSync Ethereum layer-2, with a public token sale beginning on April 25. The following day, they suddenly asked users to revoke permissions to the project, saying they believed there was an exploit. They later wrote: "it is with deepest regret that we have to notify you of a major fault in the structural integrity and controls of the Merlin Platform. In the early hours of this morning the several members of the Back-End Team drained all of our Contracts."
Some didn't seem to buy the story that the theft was carried out by a few rogue developers, accusing the entire Merlin project team of rug-pulling."

And note that:

"The Merlin DEX had been audited by the CertiK security firm"

Dragan Espenschied said...

A magnum opus!

Myche said...

Excellent Essay!

Have you seen this documentary?

It goes into details on how and why blockchain fails at what it claims.

David. said...

Evidence for the "crypto crackdown" is accumulating as "regulatory clarity" emerges.

1) Is the Federal Government Trying to Kill Off Crypto? The industry sure thinks so — even as the White House denies it. by Jen Wieczner:

"In the crypto industry, the experience of Protego and that of many others like it has led to an almost universal conviction that financial regulators are purposefully trying to put them out of business — not by barring them explicitly but rather through the recent appearance of a web of policies, both written and unwritten, that together make it unfeasible or impossible for crypto firms to operate in the U.S."

2) Coinbase Is Facing an ‘Existential Risk’ as SEC Reins In Crypto by Yueqi Yang, Olga Kharif and Allyson Versprille:

"J. Austin Campbell, an adjunct assistant professor at Columbia Business School, said the industry at large has adopted a tougher stance toward regulators at the SEC because the threat to the foundations of their businesses is giving them little incentive to cooperate. “So we’re gonna go the other path and fight,” he said, in characterizing their views, “because we have nothing to lose.”

Coinbase has indicated that it plans to do just that. It’s maintaining that the tokens that are traded on its platform aren’t securities and told the SEC in response to the notice that it would be a “well-resourced adversary that will necessarily be motivated to exhaust all avenues.” A spokesperson for the SEC declined to comment."

Of course, the real "existential threat" to Coinbase is that, as Olga Kharif and Yueqi Yang report in Coinbase Q1 2023 Revenue Beats Estimates As Markets Rebound, it is unable to make a profit:

"Coinbase Global Inc. posted a narrower loss and a smaller-than-estimated revenue decline, as the biggest US digital-asset trading platform saw first-quarter results stabilize somewhat during a rebound in cryptocurrency prices.

The loss narrowed to about $79 million, from $430 million, in the year-earlier period. It was the fifth consecutive quarterly loss. Revenue fell by about 34% to $772.5 million, though it increased from the fourth quarter, when token prices tumbled amid a series of industry scandals and bankruptcies."

3) New York AG Proposes Landmark Crypto Law, Citing ‘Dysfunction’ by Erik Larson:

"New York Attorney General Letitia James proposed a state law to tighten rules over cryptocurrency companies in her latest swing at an industry she claims is suffering from “rampant fraud and dysfunction.”

Under her proposal, New York would require independent public audits of crypto exchanges and bar people from owning both brokerages and tokens to prevent conflicts of interest.
The measures, which first need to be adopted by state lawmakers, also would require crypto platforms to reimburse customers who are victims of fraud and strengthen the authority of the New York State Department of Financial Services to regulate digital assets, according to the statement."

David. said...

But wait, there's more! Binance Faces US Probe of Possible Russian Sanctions Violations by Chris Strohm reports that:

"The Justice Department is investigating whether Binance Holdings Ltd. was used illegally to let Russians skirt US sanctions and move money through the world’s biggest cryptocurrency exchange, according to people familiar with the matter.

The inquiry by the Justice Department’s national security division is looking at whether Binance or company officials ran afoul of sanctions related to Russia’s invasion of Ukraine, according to five people familiar with the matter who asked not to be named discussing a confidential investigation.
Binance has been in discussions with the Justice Department to resolve previous complaints that the exchange was used to evade sanctions against Iran prior to strong compliance controls being put into place, according to another person familiar with the matter.
Binance is already wrestling with multiple criminal and regulatory investigations. One of the most significant actions by the US to crack down on the cryptocurrency industry came in March when Washington’s derivatives regulator alleged that Binance broke its rules for years.

The Internal Revenue Service, as well as federal prosecutors, have been examining Binance’s compliance with anti-money laundering obligations, Bloomberg News has reported. The Securities and Exchange Commission has been scrutinizing whether the exchange has supported the trading of unregistered securities."

David. said...

The DAME Tax: Making Cryptominers Pay for Costs They Impose on Others on the White House blog is about a provision in their proposed 2024 budget to address:

"the economic and environmental costs of current practices for mining crypto assets (cryptomining, for short). After a phase-in period, firms would face a tax equal to 30 percent of the cost of the electricity they use in cryptomining."

David. said...

More evidence that derivatives dominate spot cryptocurrency markets in Vildana Hajric's Bitcoin Perpetuals Seen Becoming an Even Bigger Driver of Prices:

"Bitcoin perpetual futures, one of the most popular derivatives contracts in crypto markets, are increasingly driving the largest digital token’s price.

That’s according to Conor Ryder, research analyst at Kaiko, who points out that the Bitcoin perpetuals-to-spot-volume ratio is at its highest in nearly two years. Perps, as they’re sometimes known in industry parlance, don’t expire and have been hugely popular with traders as the derivatives market is a place where a lot of speculation can occur, according to the researcher.

“It’s a question of price discovery i.e. where the true price of an asset is actually determined. That is historically correlated with volumes, so wherever the majority of volumes are, the more influence that has on price,” Ryder said. “Perps have a larger share of volumes compared to spot, and the theory is that more and more price discovery is happening in perp markets, with long/short pressure having more of an influence on prices.”

David. said...

More evidence of the lack of greater fools in Scott Chipolina's Traders grow wary of ‘unloved’ bitcoin rally:

"Cryptocurrency trading activity has dwindled even as bitcoin enjoys its longest winning streak in more than two years, in a sign that many investors are increasingly reluctant to buy into the rebound after a string of collapses and scandals in 2022.
However, the price of bitcoin has since been stuck in a rut for more than a month, trading in a narrow range around $28,000. That pause has been accompanied by thinning volumes, with small trades increasingly able to move market prices.
But that sentiment has been undermined by a host of signals coming from crypto markets. Analysts point out that the rally in cryptocurrency prices was already built on a thinly traded market.

The degree to which a market can absorb large orders without major changes to the price of bitcoin has declined since the start of the year, according to data provider CCData.
In January it would have required the purchase of more than 1,400 bitcoins, roughly equivalent to $23mn at the time, to move the price of the token by more than 1 per cent of its prevailing market value, CCData said.

Towards the end of last month it would have taken only 462 bitcoins, worth about $13mn, to move market prices by 1 per cent, the lowest point of market depth for the bitcoin-tether trading pair since May 2022, when the industry plunged into crisis."

The graph in the story looks like "good" news for Bitcoin.

David. said...

Now that's a tax bill! Tracy Wang reports that U.S. Internal Revenue Service Files Claims Worth $44 Billion Against FTX Bankruptcy:

"The United States Internal Revenue Service (IRS) has filed claims worth nearly $44 billion against the estate of bankrupt crypto exchange FTX and its affiliated entities.

According to bankruptcy filings dated April 27 and 28, the IRS put forth 45 claims against FTX companies, which include West Realm Shires (the legal entity of FTX.US), Ledger Holdings (the parent company of LedgerX and LedgerPrime) and Blockfolio, among others.

The largest of the claims includes a $20.4 billion and a $7.9 billion claim against Alameda Research LLC and two claims totaling $9.5 billion against Alameda Research Holdings Inc."

David. said...

More evidence for the greater fool supply chain crisis in Vildana Hajric and Katherine Greifeld's Once-High-Flying Crypto Funds Are Hardly Drawing Any Investor Attention:

"The cryptoverse has seen what seems like a lifetime of ups and downs already this year, yet activity in products linked to the industry have been nearly nonexistent, with analysts saying that investors have abandoned the sector without plans to come back anytime soon.

Nearly $172 million exited from global exchange-traded products tracking everything from Bitcoin to Cardano in the first six months of 2023 amid an industry wide rally, following outflows of just $37 million in 2022. That compares to record cash inflows of nearly $10 billion in 2021 and $6.7 billion in 2020, Bloomberg data show."

David. said...

Excellent overviews of the SEC's lawsuits against Binance and Coinbase from Molly White here and here and here, and from David Gerard and Amy Castor here and here (part 1 - more to come).

David. said...

Part 2 of Amy Castor and David Gerard's reporting on the SEC vs. Binance is here.

David. said...

Annie Lowrey's Is Crypto Dead? is a well-linked survey of the battlefield:

"Even before the SEC announcements, crypto was in trouble. Dozens of firms had failed, millions of individual investors had plunged into the red or cashed out, and billions of dollars of institutional investment had moved on. Beset by long-standing problems of its own invention, the industry now faces not just a regulatory crisis but an existential one too: Is crypto down, or is it dead?"

David. said...

Today's Bloomberg headlines are good news for Bitcoin:

1) Ex-Celsius CEO Mashinsky Charged in Latest DOJ Crypto Case.

2) Celsius Investors Claim Crypto Market Maker Aided ‘Wash Trading’.

3) Large Investors Led 2022 Runs on Crypto Platforms, Study Finds.

4) CFTC Investigators Conclude Crypto Lender Celsius, Ex-CEO Broke Rules.

5) Coinbase CEO Starts Poll on Whether BofA Is Closing Accounts Transacting With Crypto Exchange.

David. said...

Matt Levine tries really hard to understand Judge Torres' ruling in Ripple Is a Security and It Isn’t. It wouldn't be meaningful to excerpt it - you have to go read the whole thing to understand how this ruling, if upheld, would mean that the SEC can't regulate stocks sold on exchanges.

David. said...

Matt Levine continues to shred Judge Torres ruling:

"In Ripple, Judge Torres found that Ripple went around making public statements promising to build a business to make XRP more valuable, and she found that those statements were enough to make Ripple’s XRP sales securities offerings, if you could prove that the buyers read them, as the institutional buyers did. But since you can’t prove that about anonymous buyers on the exchange, on exchange-sales can never be securities offerings. Ripple could have put ads on the subway and on television and on Twitter saying “buy XRP and we will use your money to build an ecosystem and make you rich,” and then sold XRP on exchanges, and it would not, in the logic of this opinion, be a securities offering, because no buyer of XRP on the exchange could be sure they were buying it from Ripple, and no court could be sure that the buyers had seen the ads. I just don’t think that can be the way securities law works?"

Levine's hypothetical example of the things the ruling implies is devastating.

David. said...

I just finished reading Ben McKenzie and Jacob Silverman's Easy Money. It is a very readable history of the shenanigans that is full of vignettes, some very sad and some hilarious. Among the latter are the accounts of interviewing Alex Mashinsky and Sam Bankman-Fried, and dinner with some alleged CIA agents. Strongly recommended.

You can tell it is good by contrasting the negative Amazon reviews with the positive ones.

David. said...

Last month Chung Ying Ho reported that Sputtering Bitcoin’s Spot Trading Volumes Sink to a 30-Month Low:

"A metric tracking how much Bitcoin is being bought and sold has slid to a 30-month low as the largest digital asset holds below $30,000.

The seven-day average of Bitcoin spot trading volume on July 22 was the least since around the start of 2021 amid subdued price swings, K33 Research said."

The lower the trading volume, the easier it is to manipulate the market. So today Suvashree Ghosh reports that Bitcoin Calm Shatters With Sudden Tumble, Mass Liquidations:

"A period of unusual calm in crypto markets ended abruptly this week as the notion of higher-for-longer interest rates sparked a selloff in risk assets like Bitcoin, leading to mass liquidations of bullish bets.

The rout pushed Bitcoin from near $29,000 to as low as $25,314 in a 24-hour span. More than $1 billion of positions were unwound in the selloff, according to Coinglass data."

David. said...

Man the pumps! Teresa Xie and Muyao Shen report that Bitcoin Drops Below $25,000 for the First Time in Three Months.

David. said...

I'm shocked, shocked to find wash trading going on! Olga Kharif reports that Wash Trading Is Rampant on Decentralized Crypto Exchanges:

"Token price manipulation is rampant on Ethereum-based decentralized exchanges, where so-called wash trading amounted to at least $2 billion worth of crytocurrencies since September 2020, according to a study by researcher Solidus Labs.
Solidus found that liquidity providers manipulated prices and volumes of more than 20,000 tokens since September 2020, according to the study, examining wash trading on three decentralized exchanges (dexes), where users can trade directly with each other.

In aggregate, liquidity providers executed wash trades in 67% of about 30,000 liquidity pools on decentralized exchanges in Solidus’s sample, with wash trading constituting 13% of the pools’ total trading volumes, according to the report."

David. said...

Olga Kharif reports that Crypto Delistings From Exchanges Are Already Running at a Record Pace This Year:

"At least 3,445 tokens or trading pairs have been delisted or inactive for so long that they’ll likely be dropped in the wake of the turmoil in the cryptocurrency market over the past few years, according to data compiled by Kaiko. That’s already 15% higher than for all of 2022, and double the amount the prior year, the researcher found.
Trading volume on most exchanges has plummeted in the past year, even as the number of coins has continued to multiply, with more than 1.8 million tokens listed on centralized and decentralized exchanges, which let users trade with each other directly. As liquidity drained from the crypto market after a series of scandals and bankruptcies such as FTX, many exchanges moved to consolidate it among trading pairs that are more popular with users."