HDR Global Trading Limited 向麻省理工学院的数字货币计划(MIT DCI)提供捐助,以支持加密货币研究

我们非常高兴地宣布 ,HDR Global Trading Limited 将对麻省理工学院数字货币计划提供捐助,这是一项研究全球加密货币生态系统的开发和改进的计划。

HDR Global Trading 首席技术官兼 BitMEX 交易平台联合创始人 Sam Reed 宣布了这一赞助:


HDR Global Trading 是全球最大的加密货币交易平台 – BitMEX 的所有者和经营者。 HDR Global Trading 很荣幸能够支持这样一项使比特币更强大,提升比特币的稳定性,扩展性和隐私性的研究工程。

值得一提的是,HDR一向热衷于为如 Wladimir van der Laan 和 Cory Fields 的比特币核心开发者的工作提供支持和帮助。他们在比特币协议的不同部分中扮演着至关重要的角色。



BitMEX (www.bitmex.com)

HDR Global Trading Limited Donates to the Massachusetts Institute of Technology’s Digital Currency Initiative (MIT DCI) In Support of Cryptocurrency Research

We are delighted to announce HDR Global Trading Limited’s support of the MIT Digital Currency Initiative, which conducts research into the development and betterment of the global cryptocurrency ecosystem.

Sam Reed, CTO of HDR Global Trading and co-founder of the BitMEX trading platform, announced the sponsorship:

Our company has always been energized by the potential of cryptocurrency. Our donation into research and development is about ensuring that the network is more robust. A stronger Bitcoin network will be beneficial to all, and we are very excited to be able to aid in its progress.

HDR Global Trading owns and operates BitMEX, the world’s largest cryptocurrency trading platform by volume. HDR Global Trading is proud to support Bitcoin research and engineering that will make Bitcoin stronger, improving Bitcoin’s robustness, scalability and privacy.

In particular, HDR is keen to help support the work of Bitcoin Core developers Wladimir van der Laan and Cory Fields. Their roles have important implications on different parts of the Bitcoin protocol.

The donation is provided unconditionally and without restrictions.

The Bitcoin Cash Hardfork – Three Interrelated Incidents

Abstract: The 15 May 2019 Bitcoin Cash hardfork appears to have suffered from three significant interrelated problems. A weakness exploited by an “attack transaction”, which caused miners to produce empty blocks. The uncertainty surrounding the empty blocks may have caused concern among some miners, who may have tried to mine on the original non-hardfork chain, causing a consensus chainsplit. There appears to have been a plan by developers and miners to recover funds accidentally sent to SegWit addresses and the above weakness may have scuppered this plan. This failure may have resulted in a deliberate and coordinated 2 block chain re-organisation. Based on our calculations, around 3,392 BCH may have been successfully double spent in an orchestrated transaction reversal. However, the only victim with respect to these double spent coins could have been the original “thief”.

Illustration of the Bitcoin Cash network splits on 15 May 2019

(Source: BitMEX Research)
(Notes: Graphical illustration of the split)

The three Bitcoin Cash issues

Bitcoin Cash’s May 2019 hard fork upgrade was plagued by three significant issues, two of which may have been indirectly caused by a bug which resulted in empty blocks. The below image shows the potential relationships between these three incidents.

The relationships between the three issues faced by Bitcoin Cash during the hardfork upgrade

(Source: BitMEX Research)

The empty block problem

Bitcoin ABC, an important software implementation for Bitcoin Cash, appears to have had a bug, where the validity conditions for transactions to enter the memory pool may have been less onerous than the consensus validity conditions. This is the opposite to how Bitcoin (and presumably Bitcoin Cash) are expected to operate, consensus validity rules are supposed to be looser than memory pool ones. This is actually quite an important characteristic, since it prevents a malicious spender from creating a transaction which satisfies the conditions to be relayed across the network and get into a merchants memory pools, but fails the conditions necessary to get into valid blocks. This would make 0-confirmation double spend attacks relatively easy to pull off, without one needing to hope their original payment doesn’t make it into the blockchain. In these circumstances, an attacker can be reasonably certain that the maliciously constructed transaction never makes it into the blockchain.

An attacker appears to have spotted this bug in Bitcoin Cash ABC and then exploited it, just after the hardfork, perhaps in an attempt to cause chaos and confusion. This attack could have been executed at any time. The attacker merely had to broadcast transactions which met the mempool validity conditions but failed the consensus checks. When miners then attempted to produce blocks with these transactions, they failed. Rather than not making any blocks at all, as a fail safe, miners appear to have made empty blocks, at least in most of the cases.

Bitcoin Cash – Number of transactions per block – orange line is the hardfork

(Source: BitMEX Research)

The asymmetric chainspilt

At the height of the uncertainty surrounding the empty blocks, our pre-hardfork Bitcoin ABC 0.18.2 node received a new block, 582,680. At the time, many were concerned about the empty blocks and it is possible that some miners may have reverted back to a pre-hardfork client, thinking that the longer chain was in trouble and may revert back to before the hardfork. However, this is merely speculation on our part and the empty block bug may have had nothing to do with the chainsplit, which could have just been caused by a miner who was too slow to upgrade.

Bitcoin Cash consensus chainsplit

(Source: BitMEX Research)

The chainsplit did highlight an issue to us with respect to the structure of the hardfork. We tested whether our post hardfork client, ABC 0.19.0, would consider the non-hardfork side of the split as valid. In order for the break to be “clean”, each side of the split should consider the other as invalid.

In order to test the validity of the shorter pre-hardfork chain, from the perspective of the Bitcoin ABC 0.19.0 node, we had to invalidate the first hardfork block since the split. We then observed to see whether the node would follow the chainsplit or remain stuck at the hardfork point. To our surprise, as the below screenshot indicates, the node followed the other side of the split. Therefore the split was not clean, it was asymmetric, potentially providing further opportunities for attackers.

Screenshot of the command line from our Bitcoin ABC 0.19.0 node

(Source: BitMEX Research)

The coordinated two block re-organisation

A few blocks after the hardfork, on the hardfork side of the split, there was a block chain re-organisation of length 2. At the time, we thought this was caused by normal block propagation issues and did not think much of it. For example, Bitcoin SV experienced a re-organisation a few weeks prior to this, of 6 blocks in the length. When Bitcoin SV re-organised, all transactions in the orphaned chain eventually made it into the main winning chain (except the Coinbase transactions), based on our analysis. However, in this Bitcoin Cash re-organisation, we discovered that this what not the case.

The orphaned block, 582,698, contained 137 transactions (including the Coinbase), only 111 of which made it into the winning chain. Therefore a successful 2 block double spend appears to have occurred with respect to 25 transactions. The output value of these 25 transactions summed up to over 3,300 BCH, as the below table indicates.

List of transactions in the orphaned block (582,698) which did not make it into the main chain

Transaction ID

Output total (BCH)


Coinbase (not counted)





















































(Source: BitMEX Research)

As the above table shows, the total output value of these 25 double spent transactions is 3,391.7 BCH, an economically significant sum. Therefore, one may conclude that the re-organisation was an orchestrated event, rather than it having occurred by accident. If it occurred by accident, it is possible there would be no mismatch between the transactions on each side of the split. However, assuming coordination and a deliberate re-org is speculation on our part.

We have provided two examples of outputs which were double spent below:

Example of one of the double spent UTXOs – “0014”

(Source: BitMEX Research)

The above table illustrates what happened to a 5 BCH output during the re-organisation. The 5 BCH was first sent to address qzyj4lzdjjq0unuka59776tv4e6up23uhyk4tr2anm in block 582,698. This chain was orphaned and the same output was eventually sent to a different address, qq4whmrz4xm6ey6sgsj4umvptrpfkmd2rvk36dw97y, 7 block later.

Second example of one of the double spent UTXOs – “0020”

(Source: BitMEX Research)

What happened to the above outputs shares characteristics with almost all the funds in the 25 double spent transactions. Most of the outputs appear to have been double spent around block 582,705 on the main chain, around 7 blocks after the orphaned block.

The SigScript, used to redeem the transaction inputs, starts with “0020” or “0014”, highlighted in the above examples. These may relate to Segregated Witness. According to the specification in Segregated Witness, “0014” is pushed in P2WPKH (Pay to witness public key hash) and “0020” is pushed in P2WSH (Pay to witness script hash). Therefore the redemption of these inputs may have something to do with Segregated Witness, a Bitcoin upgrade, only part of which was adopted on Bitcoin Cash.

Indeed, based on our analysis, every single input in the 25 transactions in the orphaned block 582,698 was redeemed with a Sigscript starting “0014” or “0020”. Therefore it is possible that nobody lost funds related to this chain re-organisation, other than the “attacker” or “thief” who redeemed these SegWit outputs, which may have accidentally been sent to these outputs in the first place.

As part of the Bitcoin Cash May 2019 hardfork, there was a change to allow coins which were accidentally sent to a SegWit address, to be recovered. Therefore, this may have occurred in the incident.

Allow Segwit recovery

In the last upgrade, coins accidentally sent to Segwit P2SH addresses were made unspendable by the CLEANSTACK rule. This upgrade will make an exemption for these coins and return them to the previous situation, where they are spendable. This means that once the P2SH redeem script pre-image is revealed (for example by spending coins from the corresponding BTC address), any miner can take the coins.

(Source: https://github.com/bitcoincashorg/bitcoincash.org/blob/master/spec/2019-05-15-upgrade.md)

It is possible that this 2 block re-organisation is unrelated to the empty block bug. However, the split appears to have occurred just one block after the resolution of the bug, therefore it may be related. Perhaps the “honest” miners were attempting to coordinate the spend of these outputs directly after the split, perhaps to return them to the original owners and the empty block bug messed up their timing, allowing the attacker to benefit and sweep the funds.

On the other hand, the attack is quite complex, therefore the attacker is likely to have a high degree of sophistication and needed to engage in extensive planning. Therefore, it is also possible this attack may have been effective even without the empty block bug.


There are many lessons to learn from the events surrounding the Bitcoin Cash hardfork upgrade. A hardfork appears to provide an opportunity for malicious actors to attack and create uncertainty and therefore careful planning and coordination of a hardfork is important. On the other hand, this empty block bug, which may be the root cause of the other 2 incidents, could have occurred at any time and trying to prevent bugs like this is critical whether one is attempting to harfork or not.

Another key lesson from these events is the need for transparency. During the incidents it was difficult to know what developers were planning, the nature of the bugs, or which chain the miners were supporting. Open communication in public channels about these issues could have been more helpful. In particular, many were unaware of an apparent plan developers and miners had to coordinate and recover lost funds sent to SegWit addresses. It may have been helpful if this plan was debated and discussed in the community more beforehand, as well as during the apparent deliberate and coordinated re-organisation. Assuming of course if there was time to disclose the latter. It may also be helpful if those involved disclose the details about these events after the fact.

The largest concern from all of this, in our view, is the deliberate and coordinated re-organisation. From one side of the argument, the funds were stolen, therefore the actions were justified in returning the funds to their “rightful owners”, even if it caused some short term disruption. However, the cash like transaction finality is seen by many, or perhaps by some, as the only unique characteristic of these blockchain systems. The ability to reverse transactions, and in this case economically significant transactions, undermines the whole premise of the system. Such behavior can remove incentives to appropriately secure funds and set a precedent or change expectations, making further reversals more likely.

For all those in the Bitcoin community who dislike Bitcoin Cash, this could be seen as an opportunity to laugh at the coin. However, although Bitcoin Cash has a much lower hashrate than Bitcoin, making this reversal easier, the success of this economically significant orchestrated transaction reversal on Bitcoin Cash is not positive news for Bitcoin in our view. In some ways, these incidents contribute to setting a dangerous precedent. It shows that it may be possible in Bitcoin. Alternatively, this could just illustrate the risks Bitcoin Cash faces while being the minority chain.

比特币现金 SV – 6 区块链裂

摘要: 2019 年 4 月 18 日,BitMEX 研究团队的比特币现金 SV 节点曾经历了 2 次区块重组。 先是一次 3 区块重组,接著是 6 区块重组。 在此简报中,我们给出了此次临时链裂的相关数据和图表。 此次链裂似乎是由太长而难以传播的大型区块,而非与共识相关的问题所导致的。 我们的分析显示,没有双重支出与此次分裂有关。

链裂图解 – 2019 年 4 月 18 日

资料来源: BitMEX 研究

注: 上图显示有两个有效的竞争链,并且在区块 578,639 处发生了非共识分裂。 我们的节点跟随左边的链直到 578,642 区块为止,然后跳到右边。 大约一个小时后,跳回到左边。 左边的链延续,而右边的链最终被抛弃。 


主链(6 个区块内)
重叠(6 个区块内) 

资料来源: BitMEX 研究团队 

根据我们对交易的分析,来自分叉链(右边)的所有 TXID 最终都会回到主链中,但生成交易明显是例外。 所以,我们认为没有发生于与此次意外相关的双重支付。

分裂相关区块的时间戳 – 2019 年 4 月 18 日

本地时间 区块时间戳 高度 哈希值 大小 (MB) Log2 计算
11:39:47 11:39:19 578,638 000000000000000001ccdb82b9fa923323a8d605e615047ac6c7040584eb2419 3.1 87.803278
12:04:51 12:04:37 578,639 0000000000000000090a43754c9c3ffb3627a929a97f3a7c37f3dee94e1fc98f 8.6 87.803280
12:28:01 12:20:36 578,640 00000000000000000211d3b3414c5cb3e795e3784da599bcbb17e6929f58cc09 52.2 87.803282
12:43:42 12:29:39 578,641 0000000000000000050c01ee216586175d15b683f26adcfdd9dd0be4b1742e9e 42.1 87.803285
12:59:27 12:51:40 578,642 00000000000000000a7a25cea40cb57f5fce3b492030273b6f8a52f99f4bf2a8 76.2 87.803287
13:05:18 12:32:39 578,640 000000000000000007ad01e93696a2f93a31c35ab014d6c43597fd4fd6ba9590 35.5 87.803282
13:05:18 12:33:16 578,641 0000000000000000033ed7d3b1a818d82483ade2ee8c31304888932b7729f692 0.1 87.803285
13:05:18 12:41:38 578,642 00000000000000000ae4a0d81d4c219139c22ba1a8a42d72b960d63a9e157914 1.0 87.803287
13:05:19 12:56:37 578,643 00000000000000000590821ac2eb1d3c0e4e7edab586c16d5072ec0c77a980dc 0.8 87.803289
13:19:36 13:14:22 578,644 0000000000000000001ae8668e9ab473f8862dc081f7ac65e6df9ded635d338e 128.0 87.803291
13:21:56 13:18:07 578,645 0000000000000000049efe9a6e674370461c78845b98c4d045fe9cd5cb9ea634 107.2 87.803293
14:12:54 13:15:36 578,643 0000000000000000016b62ec5523a1afe25672abd91fe67602ea69ee2a2b871f 23.8 87.803289
14:12:55 13:43:35 578,644 000000000000000003e9d9be8a7b9fc64ef1d3494d1b0f4c11845882643a6439 1.3 87.803291
14:12:55 14:01:34 578,645 0000000000000000052be8613e79b33a9959535551217d7fdacc2d0c1db1e672 0.0 87.803293
14:12:55 14:06:35 578,646 00000000000000000475ab103a92eb6cb1c3c666cd9af7b070e09b3a35a15d66 0.0 87.803296
14:27:09 14:24:37 578,647 0000000000000000062bade37849ade3e3c4dfa9289d7f5f6d203ae188e94e4f 77.0 87.803298

资料来源: BitMEX 研究团队 


  • 区块时间戳
  • 本地时间时间戳
  • 区块哈希值 
  • 区块大小
  • 每个区块累计总工作量证明(PoW)


我们提供本信息和分析的主要目的不是出于对比特币现金 SV 的兴趣,而是希望开发系统来分析和探测比特币网络上的此类事件。 我们的网站https://forkmonitor.info 目前正在开发系统,以帮助检测由区块传播不良或与共识相关的问题导致的链裂。 比特币现金 SV 的此次事件对我们来说是一次非常不错的实践。

至于比特币现金 SV,区块在重组期间的规模极为庞大。 在分叉链上,最后两个区块分别为 128MB 和 107MB。 在主链上,很多区块超过 50MB。  因此,在我们看来,大型区块可能是重组的根本原因,因为矿工无法在不同链上找到其他区块之前足够快地传播和验证这些大型区块。

至于这对比特币现金 SV 的影响,我们不作评论。我们会把这个问题留给他人。


BitMEX (www.bitmex.com)

Schnorr 签名和 Taproot 软分叉提案

摘要:我们归纳和提供了近期比特币软分叉升级提案的来龙去脉,该提案包括一个新的数字签名算法(Schnorr),以及一个名为 Taproot 的添加了扩展比特币智能合约容量新功能的补充更新。升级的结构可确保它们同时提升可扩展性和隐私性。除增加了复杂程度外,该提案没有明显缺陷,其中最具争议的方面可能是缺少其他预期的功能。我们的结论是,虽然很多人会热衷于升级,并渴望看到它推出,但重要的是耐心。



2019 年 5 月 6 日,比特币协议开发人员 Pieter Wuille 向比特币开发者邮件群发名单发布了一个名为 “Taproot” 软分叉提案。如果该提案被接受,它可能会补充 2018 年 7 月 Pieter 发布的 Schnorr signature 软分叉升级。这些提案的好处与可扩充性(效能)和私密性有关。可扩充性和私密性现在看起来有一定的相关性而且不可分割。在去除有关业务的细节,确保减少交易处理(提升可扩充性)的同时,他们减少了披露的信息,因此可能无法与不同类型的交易区分,从而提高了私密性。

Schnorr 签名

Schnorr 签名算法由 Claus Schnorr 于 1991 年申请获得专利,并且在 2008 年到期。虽然据称 Schnorr 算法更强大,是它的变体,但数字签名算法(DSA)方案的采用更广泛,因为这一算法的专利在全球范围内免费使用。不过 Schnorr 博士本人一直认为 DSA 应该是在他的专利范围内。 

因使用广泛,所以当比特币在 2009 年推出时,DSA 的变体椭圆曲线数字签名算法(ECDSA)被用于其数字签名算法。但最初的 Schnorr 签名算法比 DSA 更简单和有效,减少了繁重的保安假设。经过比特币 10 年的使用,越发明显的是这些效率的优势会变得重要。因此,比特币转移至 Schnorr 签名算法似乎是合理的。

Schnorr 签名的主要好处是,多重签名交易在链上显示为正常的单一签名交易。使用 Schnorr 签名,多个签名者可以生成联合公钥,然后用一个签名共同签名,而不是在区块链上分别发布所有公钥和每个签名。这是一项重要的可扩展性和私密性改进。这意味着 Schnorr 签名会大量的节省空间和验证时间,随著传统多重签名交易的签名者的增加,比较优势将会越来越明显。

Schnorr 签名空间节省估计值

我们试图计算这种 Schnorr 多重签名(multisig)的集合特性可以带来的潜在比特币网络容量的增加。不过,由于涉及大量假设,下面 13.1% 的容量增加数值应视为非常近似的估计值。

基于 UTXO 计算的节省估计值

通过 UTXO 计数来估计的当前多重签名使用率 5.9%
假设 100% 采用 Schnorr 的有效网络容量增长 13.1%

(资料来源:BitMEX 研究团队计算和估值、p2sh.info)

(注:估计值忽略了 Schnorr 签名规模较小的影响,且只包括了加入公钥和签名的好处。通过使用与多重签名使用率相关的 p2sh.info 并对每个多重签名类型应用节省倍数(范围从 50% 到 85% )来估计容量增加。通过假设 UTXO 使用比例是区块链使用的典型值并对较大的多重签名交易应用较高权重来估计网络范围容量增加。未使用的 P2SH 输出根据未使用输出的比例被分配到多重签名类型。该数值应仅被视为非常近似的估计值。数据截至 2019 年 5 月 7 日)


  • 多重签名技术的经济使用情况远比仅考虑 UTXO 计数更为普遍。大约 21.5% 的比特币存储在多重签名钱包中,远远高于 UTXO 计数采用的 5.9%。
  • 如下图所示,多重签名采用率正在快速增长。与此同时,像闪电网络这样的新系统需要采用多重签名,而 Schnorr 签名使得多重签名系统更加强大,采用率可能会增加

按 P2SH 地址类型存储的比特币——图表显示了多重签名技术的强劲增长


因此,根据我们的基本计算,虽然根据网络的当前使用情况,即使 100% 采用 Schnorr 也只会带来 13.1% 的网络容量增长,但长期来看,潜在的空间节省和网络容量增长可能是远高于此。

默克尔抽象语法树 (MAST)

MAST 是比特币协议开发人员 Johnson Lau 博士 2016 年的一个想法。Lau 博士过去曾在 2002 年 2 月为 BitMEX 研究团队撰写题为 The art of making softforks: Protection by policy rule (软分叉的艺术:政策规则的保护)的文章。MAST 的想法是,除了时间锁定条件之外,交易还可能包含多个支出条件,例如 2 之 2 的多重签名条件。为了避免将所有这些条件和脚本放入区块链中,可以在默克尔树内部构建支出脚本,这样只有在使用它们时才需要显示它们,以及必要的默克尔分支哈希。

MAST 支出条件的图解说明

(资料来源: BitMEX 研究团队)(注:该图表试图说明假设 MAST 与 Schnorr 一起使用的交易结构。在上述结构中,如果 Bob 和 Alice 均签名,资金可以以合作方式赎回,或者在时间锁之后以不合作方式赎回。上述是为了说明打开和关闭闪电网络通道时可能需要的结构类型)

基于上述设计,可以假设只需要显示一种支出条件。例如,要花费输出,所有签名者需要做的是提供一个 Schnorr 多重签名和默克尔树右侧顶部的哈希(哈希(1和2))。因此,尽管存在默克尔树,但在大多数情况下,一切都按计划进行,只需要一个签名和 32 字节哈希。更简明地说,为了验证脚本,您需要通过显示其他分支哈希来证明这是默克尔树的一部分。

不过,这种结构的缺点是即使在正常的最佳情况下,当提供默克尔树左上角的单匙和脚本时,仍然需要用完 32 个字节的数据,向区块链公布另一个哈希(上图中的哈希(1和2))。 这一不足也会降低隐私,因为第三方总能确定是否存在更复杂的支出条件,因为默克尔树的顶部分支始终是可见的。


据我们所知,Taproot 想法的起源来自于比特币开发者 Gregory Maxwell 于 2018 年 1 月发出的一封电子邮件。Taproot 的结构除在默克尔树的顶部外,类似于 MAST。就 Taproot 而言,在合作或正常情景中,可以选择仅公布单个公钥和单个签名,而无需公布默克尔树存在的证据。下面图表说明了 Taproot 交易结构。

Taproot 支出条件的图解说明

(资料来源: BitMEX 研究团队)

(注:该图表试图说明与上述 MAST 图表相同的支出标准)


Taproot 与原始 MAST 结构相比的好处很明显,在合作的情况下,区块链或脚本本身不再需要包含额外的 32 字节哈希,从而提高效率。除此之外,交易看起来 “正常” ,只是一次拥有公钥和签名的付款,其他支出条件的存在不需要显示。这对于对外部第三方观察者来说是一个巨大的隐私好处,例如当打开闪电通道或者甚至进行合作闪电通道关闭时,交易看起来就像是常规的比特币支出。该交易可以被构建成使得仅在不合作的闪电通道关闭时,才需要显示默克尔树的存在。越多不同类型的交易看起来一样,隐私就越好,因为第三方可能不太能够确定正在发生哪种类型的交易和产生资金流。一些比特币开发者的长期目标可能是确保无论发生什么类型的交易,至少在所谓的合作情况下,所有交易看起来都一样。


减少区块链所需签名数量的潜在可扩展性好处巨大,因此这个概念往往会激动人心。Schnorr 签名确实能够在多重签名交易中集合签名,这对比特币来说应该是一个重大的好处。 不过,包含这一点以及其他与签名集合相关想法的存在,导致人们对潜在好处有一些不切实际的期望,至少在此升级提议方面是这样。据我们所知,对于这个特定的升级提议,唯一的集合好处是以在多重签名方案中加入签名的形式,而不是多重输入或多个交易。


多重签名交易中将公钥和签名相结合——作为 Schnorr 的一部分包含在内

(资料来源: BitMEX 研究团队)





BitMEX (www.bitmex.com)

Initial Exchange Offerings

Abstract: In this piece we present data on a relatively new phenomenon, Initial Exchange Offerings (IEOs). The ICO market is down around 97% in Q1 2019 (YoY), based on the amount of capital raised. In this relatively challenging climate to raise funds, some projects have changed the “C” in ICO to an “E”, perhaps in an attempt to assist with raising capital. At least for now, to some extent, this appears to be working, with almost $40m having been raised so far this year. However, we remain sceptical about the prospects for long term investors.


We consider an Initial Exchange Offering (IEO) as the issuance and sale of a token based on public-private key cryptography, where participation in the issuance occurs exclusively through one trading platform or exchange. This piece provides a basic overview of the largest IEOs and tracks various IEO token metrics, including investment performance.

ICO market

First we briefly look at the ICO market. As the following chart indicates, the market has dried up following a massive boom in 2017 & 2018.

Funds raised by ICOs – US$M

Source: BitMEX Research, icodata.io
Notes: Data as at 25 April 2019

As the below chart illustrates, the investment returns of the 2018 ICOs has been poor, many of the projects are down around 80% from the ICO price, if the coin even trades at all. Peak to trough, project token prices typically declined much further than this.

Top ten ICOs by funds raised in 2018 – Investment performance data

ICO Name
Funds raised – US$m
Return based on average ICO price
Coin not listed
Coin not listed
Coin not listed
Returned capital to investors
Unikoin Gold

Source: BitMEX Research, tokendata.io
Notes: Data as at 25 April 2019

Changing a “C” into an “E” – The IEO market

Perhaps in an attempt to address some of the concerns about the poor investment returns and the lower levels of enthusiasm for ICOs, IEOs appear to have gained in popularity. Below is a list of the major IEOs and the main exchange platforms involved.

List of IEO token sales

CoinIEO DateIEO issue amount vs total coin supplyReturn vs first exchange trade priceReturn vs IEO price
US$m raised in IEO
Binance Total
Huobi Total
Dos Network11/04/201914.2%(55.1%)74.2%

Source: BitMEX Research, IEO Launchpad websites, Coinmarketcap
Notes: Data as at 25 April 2019

The number of IEOs taking place has intensified in recent months, as the model is proving somewhat successful. Smaller exchange platforms are attempting to replicate the model, as the long list of IEOs below illustrates.

Other IEOs with limited data available

Coin IEO Date Platform
Coin Analyst07/07/2018Exmarkets
SID Token15/11/2018Exmarkets
Spin Protocol19/03/2019Probit
Windhan Energy21/03/2019Exmarkets
KIZUNA GLOBAL TOKEN25/03/2019Coineal
Bit Agro05/04/2019Exmarkets
Link by BlockMason09/04/2019BW
GTEX Gaming Platform12/04/2019Coineal
Airsave Travel01/05/2019Exmarkets

Source: BitMEX Research, IEO Launchpad websites

With respect to all but one of the tokens, investors have earned strong positive returns based on the IEO price. However, after the tokens begin trading, the investment returns have typically been poor. This is illustrated by the below chart, which rebases the token price to the IEO issuance price.

IEO Investment performance since launch (IEOs in 2019)

Source: BitMEX Research, IEO Launchpad websites, Coinmarketcap
Notes: Data as at 25 April 2019

US$38.9m has been raised so far by IEOs in 2019 (up to 25th April). Binance has been the most prolific IEO platform by a considerable margin.

Top exchange platforms by IEO funds raised – US$m

Source: BitMEX Research, IEO Launchpad websites, Coinmarketcap
Notes: Data as at 25 April 2019

The proceeds from IEOs can be relatively small, however on average only 4.4% of the total token supply is made available in the sale. Therefore, there are opportunities for project teams to make considerable profits from selling coins they granted to themselves. The 2019 IEOs were priced at a level which implies a total market capitalisation of US$907.7m, based on the disclosed total token supply.

Top exchange platforms by IEO token market capitalisation at IEO price – US$m

Source: BitMEX Research, IEO Launchpad websites, Coinmarketcap
Notes: Data as at 25 April 2019


While exchanges, traders & subscribers may have done very well from IEOs thus far, we are less confident on the outlook for long term investors. However, this is simply a high level analysis – we have not looked into any of the individual projects in detail.


Any views expressed on BitMEX Research reports are the personal views of the authors. BitMEX (or any affiliated entity) has not been involved in producing this report and the views contained in the report may differ from the views or opinions of BitMEX.

The information and data herein have been obtained from sources we believe to be reliable. Such information has not been verified and we make no representation or warranty as to its accuracy, completeness or correctness. Any opinions or estimates herein reflect the judgment of the authors of the report at the date of this communication and are subject to change at any time without notice. BitMEX will not be liable whatsoever for any direct or consequential loss arising from the use of this publication/communication or its contents.

If we have made any errors in relation to particular projects, we apologise and are happy to correct the data as soon as possible.

The Schnorr Signature & Taproot Softfork Proposal

Abstract: We summarise and provide context for a recent Bitcoin softfork upgrade proposal, which includes a new digital signature scheme (Schnorr), as well as a complementary upgrade called Taproot, which adds new capabilities that extend Bitcoin’s smart contracting capability. The upgrades are structured to ensure that they simultaneously improve both scalability and privacy. Other than increased complexity, there are no significant downsides to the proposal, and the most controversial aspect of it is likely to be the lack of other anticipated features. We conclude that although many will be enthusiastic about the upgrade and keen to see it rolled out, patience will be important.

(Source: Pexels)


On 6th May 2019, Bitcoin protocol developer Pieter Wuille posted a softfork upgrade proposal to the Bitcoin developer mailing list, called “Taproot”. If this proposal is accepted, it is likely to complement the Schnorr signature softfork upgrade, which Pieter posted in July 2018. The benefits of these proposals are related to both scalability (efficiency) and privacy. Scalability and privacy enhancements now appear somewhat interrelated and inseparable. Removing details about transactions, ensures both that transactions are smaller (improving scalability) and that they reveal less information and are therefore potentially indistinguishable from transactions of different types, thereby improving privacy.

Schnorr Signatures

The Schnorr signature scheme was patented in 1991 by Claus Schnorr and the patent expired in 2008. Although the Schnorr scheme is said to be stronger, a variant of it, the Digital Signature Algorithm (DSA) scheme was more widely adopted, as the patent for this scheme was made available worldwide royalty free. However, Dr Schnorr himself always maintained that DSA should be covered under his patent.

When Bitcoin was launched, in 2009, it therefore used a variant of DSA, Elliptic Curve Digital Signature Algorithm (ECDSA) for its digital signature scheme, due to its widespread adoption. However, the original Schnorr signature scheme was always more simple and efficient than DSA, with less burdensome security assumptions. After 10 years of experience of Bitcoin usage, it is becoming more apparent that these efficiency advantages could be important. Therefore it seems sensible that Bitcoin should migrate over to the Schnorr signature scheme.

The main benefit with Schnorr signatures, is that multi-signature transactions appear onchain as a normal single signature transaction. Using Schnorr signatures, multiple signers can produce a joint public key and then jointly sign with one signature, rather than publishing each public key and each signature separately on the blockchain. This is a significant scalability and privacy enhancement. This implies that Schnorr signatures result in significant space savings and savings to verification times, with the comparative benefits getting larger as the number of signatories on a traditional multi-signature transaction increase.

Schnorr signature space saving estimates

We have tried to calculate the potential Bitcoin network capacity increase this aggregation feature of Schnorr multisig can provide. However, due to the large number of assumptions involved, our 13.1% capacity increase figure below should be considered as a very approximate estimate.

Savings estimates based on UTXO count

Estimated current multi-signature usage by UTXO count
Effective network capacity increase assuming 100% Schnorr adoption

(Source: BitMEX Research calculations and estimates, p2sh.info)

(Notes: The estimates ignore the impact of Schnorr’s smaller signature size and only include the benefits of joining the public keys and signatures. The capacity increase was estimated by using p2sh.info related to multi-signature usage and applying a savings multiple to each multi-signature type (ranging from 50% to 85%). A network wide capacity increase was estimated by assuming the UTXO usage proportion was typical of blockchain usage and applying a higher weight to larger multi-signature transactions. Unspent P2SH outputs were allocated to multi-signature types in proportion to the spent outputs. This figure should only be considered as a very approximate estimate. Data as at 07 May 2019 )

The above estimated capacity increase can be considered as small, however one should consider the following:

  • Economic usage of multi-signature technology is far more prevalent than by merely looking at the UTXO count. Around 21.5% of all Bitcoin is stored in multi-signature wallets, a far higher figure than the 5.9% adoption by UTXO count
  • Multi-signature adoption is growing rapidly, as the below chart indicates. While at the same time new systems like the lightning network require multi-signature adoption and with Schnorr signature making multi-signature systems more powerful, adoption is likely to increase

Bitcoin stored by P2SH address type – chart shows strong growth of multi-signature technology

(Source: p2sh.info)

Therefore, although based on the current usage of the network, according to our basic calculation, even 100% Schnorr adoption only results in a 13.1% network capacity increase, in the long term the potential space savings and network capacity gains are likely to be far higher than this.

Merkelized Abstract Syntax Tree (MAST)

MAST was an idea worked on by Bitcoin protocol developer Dr Johnson Lau in 2016. Dr Lau has written for BitMEX Research in the past, in his February 2018 piece entitled The art of making softforks: Protection by policy rule. The MAST idea is that transactions can contain multiple spending conditions, for example a 2 of 2 multi-signature condition, in addition to a time lock condition. In order to avoid putting all these conditions and scripts into the blockchain, the spending scripts can be structured inside a Merkle tree, such that they only need to be revealed if they are used, along with the necessary Merkle branch hashes.

Graphical illustration of MAST spending conditions

(Source: BitMEX Research)
(Notes: The diagram is trying to illustrate a transaction structure assuming MAST was used in conjunction with Schnorr. In the above construction funds can be redeemed the cooperative way if both Bob and Alice sign, or in an uncooperative way after a timelock. The above is supposed to illustrate the type of structure which could be required when opening and closing lightning network channels)

Based on the above design, it can be assumed that only one spending condition will need to be revealed. For example, to spend the output, all the signers need to do is provide one Schnorr multi-signature and the hash at the top of the right hand side of the Merkle tree (Hash (1 & 2)). Therefore despite the existence of a Merkle tree, in the majority of cases, where everything goes as planned, only a single signature and 32-byte hash is required. More concisely, in order to verify a script, you need to prove that it is part of the Merkle tree by revealing other branch hashes.

However, the disadvantage of this structure is that even in normal optimal circumstances, when the single key and script on the top left of the Merkle tree is provided, one still needs to publish another hash to the blockchain (Hash (1 & 2) in the above diagram), using up 32 bytes of data. This weakness also reduces privacy, since third parties can always determine if more complex spending conditions exist, as the top branch of the Merkle tree is always visible.


As far as we can tell, the origins of the Taproot idea are from an email from Bitcoin developer Gregory Maxwell in January 2018. Taproot is similar in construction to MAST, except at the top of the Merkle tree. In the case of Taproot, in the cooperative or normal scenario, there is an option for only a single public key and single signature to be published, without the need to publish evidence of the existence of a Merkle tree. An illustration of the Taproot transaction structure is provided below.

Graphical illustration of Taproot spending conditions

(Source: BitMEX Research)

(Notes: The diagram attempts to illustrate the same spending criteria as the MAST diagram above)

The tweaked public key on the left (or address) can be calculated from the original public key and the Merkel root hash. In the event of a normal or cooperative payment, on redemption, the original public key is not required to be onchain and the existence of the Merkle tree is not revealed, all that needs to be published is a single signature. In the event of a lack of cooperation or abnormal redemption, the original public key is revealed along with information about the Merkle tree.

The benefits of Taproot compared to the original MAST structure are clear, in the cooperative case, one is no longer required to include an extra 32-byte hash in the blockchain or the script itself, improving efficiency. In addition to this, the transactions looks “normal”, just a payment with a public key and signature, the existence of the other spending conditions do not need to be revealed. This is a large privacy benefit, for example when opening a lightning channel or even doing a cooperative lightning channel closure, to an external third party observer, the transaction would look exactly like a regular spend of Bitcoin. The transaction could be structured such that only in an uncooperative lightning channel closure would the existence of the Merkle tree need to be revealed. The more different types of transactions look the same, the better it is for privacy, as third parties may be less able to determine which types of transactions are occurring and establish the flow of funds. A long term objective from some of the Bitcoin developers may be to ensure that, no matter what type of transaction is occurring, at least in the so-called cooperative cases, all transactions look the same.

The confusion over Signature aggregation

The potential scalability benefits of reducing the number of signatures needed on the blockchain are large and therefore the concept tends to generate a lot of excitement. Schnorr signatures do provide the capability to aggregate signatures in multi-signature transactions, which should be a significant benefit to Bitcoin. However, the inclusion of this and the existence of other signature aggregation related ideas, has lead to some unrealistic expectations about the potential benefits, at least with respect to this upgrade proposal. As far as we can tell, for this particular upgrade proposal, the only aggregation benefits are in the form of joining signatures in multi-signature schemes, not for multiple inputs or multiple transactions.

Summary table of signature aggregation ideas

Included in softfork proposal
Combined public key and signatures in multi-signature transactions – Included as part of Schnorr
Joint signature for multiple inputs in a transaction
Joint signature for multiple inputs in multiple transactions (Grin coin has some capabilities in this area, using Mimblewimble)

(Source: BitMEX Research)


In our view, the benefits associated with this softfork are not likely to be controversial. This softfork appears to be a win-win-win for capability, scalability and privacy. The largest area of contention is likely to be the absence of the inclusion of other ideas or arguments over why to do it this particular way.

That being said, many are likely to be excited about the potential benefits of these upgrades and keen to see these activated on the network as fast as possible. However, when it comes to Bitcoin, and in particular changes to consensus rules, the need for patience cannot be overstated.

闪电网络(第 2 部分)— 路由费经济学

摘要:BitMEX 研究团队对闪电网络路由费的市场动态以及为闪电节点运行者提供流动性的财务激励进行了研究。我们发现了通道流动性提供者的闪电路由费和投资回报之间的相互关系和平衡,这是网络面临的一个主要挑战,而不是路由问题的计算机科学方面。我们总结,如果闪电网络扩展(至少在理论上)、更大范围金融市场的环境(例如利率变化和投资者气氛)有机会影响闪电网络费的市场。但是,无论现时的经济环境如何,我们认为从长期来看,竞争将是价格的主要推动因素。进入市场的低壁垒,可能意味着平衡点将有利于用户和低手续费,而不是流动性提供者的投资回报。



我们首次写关于闪电网络的文章是在 2018 年 1 月,当时主要是理论性的。现在,随着闪电网络从抽象的概念转入试验,我们认为是时候再次进行审视了。本报告的主要重点是从金融和投资角度分析闪电网络,尤其是闪电网络提供者的收费和激励。  我们不会对技术的其它方面进行研究。


闪电网络的批评者通常指出路由是个主要问题,通常被称为 “一个尚未解决的计算机科学问题”。总的来说,我们并不完全同意对路由问题的这种定性,并且不认为路由的计算机科学将会是一个主要挑战,在从不同通道中找到路径进行支付可能相对简单直接,并且跟其它 P2P 网络相似,比如比特币。






手续费类型 说明 惯例
基础费 每次通过通道为一笔支付提供路由收取的固定手续费 以 Satoshi 的千分之几表示。

例如,基础费 1,000 是指每笔交易需要 1 Satoshi。

费率 根据支付的价值按百分比收取手续费   以转账的 Satoshi 的百万分之几表示。

例如,费率 1,000 是指 1,000/1,000,000,即通过该通道转账价值的 0.1%。相当于万分之 10。




  说明 创建
入站容量 入站流动性,是指节点的支付通道内可以用来接收入站支付的资金。




* 当另外一个网络参与者利用该节点开放一个支付通道时

* 当节点运行者通过现有通道进行一笔支付时

出站容量 出站流动性,是指节点的支付通道内可以用来进行出站支付的资金。




* 当节点运行者利用其它网络节点开放一个支付通道时

* 当节点运行者通过现有通道接收一笔支付时

* 当通过节点为支付提供路由并且收到手续费时




要成为一个成功的路由节点比想象的要难。截至编写本文时,根据 1ml.com 的数据,目前有 7,615 个公共闪电节点。但是,在管理节点、重新平衡通道和以合适的方式设定手续费方面,其中只有几百个节点在提供流动性方面做得不错。


  • 调整费率和基础费,监测调整的影响,以及针对最优收入最大化设置进行校准
  • 分析网络并且寻找有较高支付需求、连接不佳的闪电节点,例如新的商户
  • 分析手续费市场,不仅仅是针对整体网络,还有正在瞄准的高需求低容量路径
  • 持续监测和再平衡自己的通道,以确保有充足的双向流动性
  • 针对最新的通道状态实施定制的备份解决方案,以便在节点计算机崩溃时为资金提供保护


为了让闪电手续费市场有效运行,节点运行者可能需要根据竞争格局调整手续费,这可能以算法为基础或者是一个手动过程,目标是手续费收入最大化。为了模拟最终可能形成的标准做法,BitMEX 研究团队对此进行了试验,在为期三个月的时间内对我们其中一个节点的费率进行了修改,具体情况如下文所述。


BitMEX 研究团队决定进行一次基础试验,以测试和评估手续费市场的状态,尽管闪电网络目前仍处于新生状态。我们搭建了一个闪电节点,并且定期修改费率,试图判断哪些费率将会使手续费收入最大化,正如随着闪电网络规模化节点运行者最终预期将会采取的做法那样。

我们采用下文的散布图对我们通过一个节点进行的基础非科学分析进行了说明。它似乎显示目前费率确实对闪电节点的手续费收入存在影响。当费率从 0 一直提高至大约万分之 0.1 个时,每日手续费收入呈现出快速加速的现象。一旦手续费提升至此费率上方,平均每日手续费收入呈现出逐渐下滑的趋势。因此,根据本次试验,似乎收入最大化的费率大约是万分之 0.1 ,与其它支付系统相比较,该费率无疑是非常低的。不过,当然这只是一个中继段的手续费,一笔支付可能有多个中继段。与此同时,目前闪电手续费市场几乎不存在,实际上 BitMEX 研究团队可能已经是通过改变手续费对经济收入最大化的行为进行了有意义的试验的为数不多的闪电节点之一。一旦该网络规模化并且其他参与者也尝试最大化收入,手续费市场的情况可能会很不同。因此本次操作只能视为是一次说明性试验,而不是对闪电手续费市场进行的具体揭示。


(资料来源:BitMEX 研究团队


* 从 2018 年 12 月 31 日至 2019 年 3 月 24 日的每日数据

* 数据来自一个闪电节点

* 整个期间的基础费为 0

* 投资回报数据不包括链上比特币交易手续费,当包括手续费影响时,除最优费率外所有组别都将显示负的投资回报

* 数据包括工作日和周末,一般来说闪电网络流量在周末要低很多

* 费率每天在 UTC 时间 21:00 左右变更。每天降低费率,在经过几天下调后跳升至费率区间顶部,然后开始下一个费率下调周期。这样操作是因为有些钱包(例如移动钱包)不是每次尝试通过节点为支付提供路径时都会查询费率,因此在上调费率时,很多支付都会失败。例如,当开放从一个移动钱包到闪电节点的一个通道,然后上调费率并且立即尝试进行支付时,该支付通常会失败,因为钱包尝试按照之前很低的手续费进行支付。我们认为,为了让闪电网络手续费市场有效运行,节点运行者可能需要定期变更手续费,因此钱包可能需要更频繁地查询费率。

 * 手动进行通道再平衡,每两周一次。每次花费时间大约30分钟

* 闪电节点运行的是 LND,软件每两周连接主机更新一次

* 大约 30% 的通道(按价值)是用 Autopilot 开放,其余 70% 是手动开放

* 投资回报的计算是采用网络每天的出站通道容量,根据每日手续费收入对投资回报进行年化处理,然后根据特定区间内某个费率的所有天数计算一个简单的平均值

* 数据只是基于一个节点以及该节点特定的通道集,其它节点运行者的体验可能会有很大不同

* 我们曾尝试用我们的公共节点进行此试验,但是手续费收入过于分散,一些网络参与者定期支付明显高于公布的费率的手续费金额,使得数据不可靠

* 遗憾的是我们两个轴都需要采用对数刻度。在费率方面,我们不确定收取什么样的费率,甚至设定哪个数量级,因此我们尝试了很大范围的手续费率,从 0.0001% 到 0.5% ,并且对数刻度比较合适。与此同时,每日手续费收入波动很大,范围从 0 Satoshis 一直到超过 3,000 Satoshis 。因此对数刻度似乎最为合适。随着网络的发展并且变得更加可靠,以及手续费市场消息的更加流通,线性刻度可能会变得更加合适。)



试验中实现的最高年化投资回报是 2.75% ,而最高手续费组别投资回报大约是1%。对于理论上应属于相对低风险的投资论而言,这似乎是一个具有合理吸引力的回报,至少实时备份闪电通道的能力得到了实施。现有的比特币投资者可能会被这些回报吸引并且为闪电网络提供流动性,或者,美元本位的投资者也可能买入比特币,利用杠杆对冲比特币价格风险,然后尝试赚取闪电网络手续费收入。


(资料来源:BitMEX 研究团队



在目前的低收益环境下 1% 的投资收益率可能看起来具有吸引力,但闪电网络最初可能很难吸引合适的商业流动性提供者。此领域的投资者一般都寻求高风险高回报的投资,为闪电流动性提供者提供的这种相对低风险低回报似乎是处于另外一个极端。因此可能需要一个新的投资者类别,即与这种情况相匹配的投资者类别。



  1. 美联储基础利率为 1.0%。
  2. 闪电节点运行者对于他们的出站余额一般赚取 1.5% 的年化投资收益率。
  3. 由于强大的经济环境和通胀压力,美联储公开市场委员会将利率从 1% 上调至 3% 。
  4. 由于投资回报更具吸引力,闪电网络节点运行者从闪电网络撤回资金,并且买入政府债券。
  5. 由于闪电网络中的流动性减少,用户进行支付需要支付更高的手续费,并且闪电网络变得更加昂贵。





  • 宏观金融市场环境——利率越高,可能意味着闪电网络无风险回报率就越高
  • 对闪电网络交易的需求——需求增加或者资金流动速度加快,应该会提升闪电网络无风险回报率


专业对冲基金和风险资本投资者是否将会像他们在2018年中对待权益证明(PoS)系统的 “抵押即服务”(staking as a service)商业模式那样,对成为闪电网络流动性提供者拥有同样的热情,依然有待观察。虽然闪电网络流动性提供者的投资回报看起来还没有吸引力,但由于该网络正处于它的形成阶段,我们确实看到了这种商业模式中的潜在优点。




BitMEX (www.bitmex.com)

Bitcoin Cash SV – 6 block chainsplit

Abstract: On 18th April 2019, the BitMEX Research Bitcoin Cash SV node experienced 2 block re-organisations. First a 3 block re-organisation, followed by a 6 block re-organisation. In this brief piece, we provide data and graphics related to the temporary chainsplit. The chainsplit appears to be caused by large blocks which took too long to propagate, rather than consensus related issues. Our analysis shows there were no double spends related to the split.

Chainsplit diagram – 18 April 2019

Source: BitMEX Research
Notes: The above image indicates there were two valid competing chains and a non-consensus split occurred at block 578,639. Our node followed the chain on the left until block 578,642, then it jumped over to the right. About an hour later, it jumped back over to the left hand side. The chain on the left continued, while the chain on the right was eventually abandoned.

Chainsplit transaction data

Number of transactions
Main chain (within 6 blocks)
Fork chain
Overlap (within 6 blocks)
Eventual double spends

Source: BitMEX Research

Based on our analysis of the transactions, all the TXIDs from the forked chain (on the right), eventually made it back into the main chain, with the obvious exception of the coinbase transactions. Therefore, it is our belief that no double spends occurred in relation to this incident.

Timestamps of the blocks related to the split – 18 April 2019

Local ClockBlock TimestampHeightHashSize (MB)Log2 Work
11:39:4711:39:19578,638 000000000000000001ccdb82b9fa923323a8d605e615047ac6c7040584eb24193.187.803278
12:04:5112:04:37578,639 0000000000000000090a43754c9c3ffb3627a929a97f3a7c37f3dee94e1fc98f8.687.803280
12:28:0112:20:36578,640 00000000000000000211d3b3414c5cb3e795e3784da599bcbb17e6929f58cc0952.287.803282
12:43:4212:29:39578,641 0000000000000000050c01ee216586175d15b683f26adcfdd9dd0be4b1742e9e42.187.803285
12:59:2712:51:40578,642 00000000000000000a7a25cea40cb57f5fce3b492030273b6f8a52f99f4bf2a876.287.803287
13:05:1812:32:39578,640 000000000000000007ad01e93696a2f93a31c35ab014d6c43597fd4fd6ba959035.587.803282
13:05:1812:33:16578,641 0000000000000000033ed7d3b1a818d82483ade2ee8c31304888932b7729f6920.187.803285
13:05:1812:41:38578,642 00000000000000000ae4a0d81d4c219139c22ba1a8a42d72b960d63a9e1579141.087.803287
13:05:1912:56:37578,643 00000000000000000590821ac2eb1d3c0e4e7edab586c16d5072ec0c77a980dc0.887.803289
13:19:3613:14:22578,644 0000000000000000001ae8668e9ab473f8862dc081f7ac65e6df9ded635d338e128.087.803291
13:21:5613:18:07578,645 0000000000000000049efe9a6e674370461c78845b98c4d045fe9cd5cb9ea634107.287.803293
14:12:5413:15:36578,643 0000000000000000016b62ec5523a1afe25672abd91fe67602ea69ee2a2b871f23.887.803289
14:12:5513:43:35578,644 000000000000000003e9d9be8a7b9fc64ef1d3494d1b0f4c11845882643a64391.387.803291
14:12:5514:01:34578,645 0000000000000000052be8613e79b33a9959535551217d7fdacc2d0c1db1e6720.087.803293
14:12:5514:06:35578,646 00000000000000000475ab103a92eb6cb1c3c666cd9af7b070e09b3a35a15d660.087.803296
14:27:0914:24:37578,647 0000000000000000062bade37849ade3e3c4dfa9289d7f5f6d203ae188e94e4f77.087.803298

Source: BitMEX Research

If one is interested, we have provided the above table which discloses all the relevant details of the blocks related to the chainsplit, including:

  • The block timestamps
  • The local clock timestamps
  • The block hashes
  • The block sizes
  • The total accumulated PoW up to each block

With the above details one can follow what occurred in relation to the chainsplit and create a timeline.

Our primary motivation for providing this information and analysis is not driven by an interest in Bitcoin Cash SV, but instead a desire to develop systems to analyse and detect these type of events on the Bitcoin network. Systems are being developed on our website, https://forkmonitor.info, to help detect chainsplits, caused either by poor block propagation or consensus related issues. This event on Bitcoin Cash SV is good practice for us.

As for Bitcoin Cash SV, the block sizes were particularly large during the period of the re-organisations. On the forked chain, the last two blocks were 128MB and 107MB respectively. On the main chain many of the blocks were over 50MB. Therefore, in our view, it is likely the large sizes of the blocks were the root cause of the re-organisations, as miners couldn’t propagate and verify these large blocks fast enough, before other blocks on different chains were found.

As for the implications this has on Bitcoin Cash SV, we have no comment. We will leave that to others.

The Lightning Network (Part 2) – Routing Fee Economics

Abstract: BitMEX Research examines the market dynamics of Lightning network routing fees and the financial incentives for Lightning node operators to provide liquidity. We identify the interrelationship and balance between Lightning routing fees and investment returns for channel liquidity providers, as a major challenge for the network, rather than the computer science aspects of the routing problem. We conclude that if the Lightning network scales, at least in theory, conditions in wider financial markets, such as changing interest rates and investor sentiment may impact the market for Lightning network fees. However, regardless of the prevailing economic conditions, we are of the view that in the long term, competition will be the key driver of prices. Low barriers to entry into the market could mean the balance favours users and low fees, rather than investment returns for liquidity providers.

(Lightning strikes the city of Singapore) (Pexels)

Please click here to download a PDF version of this report


We first wrote about the Lightning network back in January 2018, when it was mostly theoretical. Today, as the Lightning network transitions from abstract to experimental, we felt it was time to take another look. The primary focus of this report is to analyse the Lightning network from a financial and investment perspective, notably with respect to fees and the incentives for Lightning network providers.  We will not examine other aspects of the technology.

The routing problem

Critics of the Lightning network often point to routing as a major problem, typically making claims like its “an unsolved problem in computer science”. In general, we do not really agree with this characterization of the routing problem and do not see the computer science of routing to be a major challenge, finding paths between channels to make payments may be relatively straightforward and similar to other P2P networks, such as Bitcoin.

However, what we do think its a major challenge is the interaction or balance between the financial and economic aspects of liquidity provision and payment routing. Lightning network node operators need to be incentivised by routing fees to provide sufficient liquidity, such that payments can be made smoothly. Liquidity needs to be allocated specifically to the channels where there is demand and identifying these channels may be challenging, especially when new merchants enter the network. This balance between ensuring the network has low fees for users, while also ensuring fees are high enough to incentivise liquidity providers, is likely to be a significant issue. As we explain further in this article, the magnitude of this problem and the fee rates at which the market clears, may depend on economic conditions.

Lightning fee market dynamics

For onchain Bitcoin transactions, users (or their wallets) specify the fee for each transaction when making a payment and then miners attempt to produce blocks by selecting higher fee transactions per unit block weight, in order to maximise fee revenue. In contrast, Lightning currently appears to work the other way around, routing node operators set the fee and then users select a path for their payment, selecting channels in order to minimise fees. With Lightning, suppliers initially set fees rather than users. Lightning may therefore offer a superior fee architecture, as suppliers are providing a specialised service and it is more suitable that suppliers compete with each other over fee rates, rather than ordinary users, where the priority should be on simplicity.

In Lightning there are two types of routing fees node operators must specify, a base fee and a fee rate.

Two types of Lightning network fees

Fee type Description Convention
Base fee A fixed fee charged each time a payment is routed through the channelThis is expressed in thousandths of a Satoshi.

For example a base fee of 1,000 is 1 satoshi per transaction.
Fee rateA percentage fee charged on the value of the payment  This is expressed in millionths of a Satoshi transferred.

For example a fee rate of 1,000 is, 1,000/1,000,000, which is 0.1% of the value transferred through the channel. Equivalent to 10bps.

Investment capital

In order to provide liquidity for routing payments and to earn fee income, Lightning node operators need to lock up capital (Bitcoin) inside payment channels.

Two types of channel capacity

Description Creation
Inbound capacityInbound liquidity, are funds inside the node’s payment channels which can be used to receive incoming payments.

These funds are owned by other participants in the Lightning network.

If the payment channels are closed, these funds will not return to the node operator.
An inbound balance is created in one of two ways:

* When another network participant opens a payment channel with the node

* When the node operator makes a payment via an existing channel
Outbound capacityOutbound liquidity, are funds inside the node’s payment channels which can be used to make outbound payments.

These funds are owned by the node operator and part of their investment capital. The node operator may consider the opportunity costs of other investments, while considering the total outbound balance.

If the payment channels are closed, these funds will return to the node operator.
An outbound balance is created in one of three ways:

* When the node operator opens a payment channel with another network node

* When the node operator receives a payment via an existing channel

* When payments are routed through the node and fees are received

Graphical illustration of a channel’s inbound and outbound capacity

(Source: Bitcoin Lightning Wallet)
(Note: The orange balance is the inbound capacity, while the blue balance is the outbound capacity)

The operation of the Lightning fee market

Becoming a successful routing node is harder than one may think. At the time of writing, according to 1ml.com, there are 7,615 public Lightning nodes. However, it is likely that only a few hundred of these nodes are doing a good job providing liquidity, by managing the node, rebalancing channels and setting fees in an appropriate manner.

Node operators may need to:

  • Adjust both fee rates and the base fee, monitor the impact of the adjustments and calibrate for the optimal income maximising settings
  • Analyse the network and look for poorly connected Lightning nodes with high payment demand, such as a new merchant
  • Analyse the fee market, not just for the network as a whole, but the high demand low capacity routes you are targeting
  • Constantly monitor and rebalance ones’ channels, to ensure there is sufficient two way liquidity
  • Implement a custom backup solution for the latest channel states, to protect funds in the event that the node machine crashes

Currently, there are no automated systems capable of doing the above functions. If this does not change, specialist businesses may need to be setup to provide liquidity for the Lightning network. However, just as with liquidity, the challenges in overcoming these technical issues do not necessarily mean payments will become difficult or expensive. These technical challenges may simply adjust the equilibrium market fee rate. The more difficult these problems are to overcome, the higher the potential investment returns will be to channel operators and the greater the incentive will be to fix the problems. It will be demand that drives Lightning’s success, not the challenges for node operators.

In order for Lightning fee markets to work, node operators may need to adjust fees based on the competitive landscape, this could be based on algorithms or be a manual process, aimed at maximising fee income. In an attempt to emulate what may eventually become standard practise, BitMEX Research experimented with modifying the fee rate on one of our nodes over a three month period, as the below section reveals.

Fee rate experimentation

BitMEX Research decided to conduct a basic experiment to try and evaluate the state of the fee market, even in the Lightning network’s current nascent state. We set up a Lightning node and regularly changed the fee rate to attempt to determine which rates would maximise fee revenue, just as node operators may eventually be expected to do as the network scales.

Our basic non-scientific analysis from one node is illustrated in the scatter chart below. It appears to indicate that fee rates do currently have an impact on a lighting node’s fee income. The daily fee income appears to quickly accelerate as one increases the fee rate from 0 till around 0.1 bps. Once the fee is increased above this rate, average daily fee income appears to gradually decline. Therefore, based on this experiment, it appears as if the revenue maximising fee rate is around 0.1 bps, which is certainly very low when compared to other payment systems. However, of course, this is only the fee for one hop, a payment may have multiple hops. At the same time, the current Lightning fee market barely exists, indeed BitMEX Research may be one in only a handful of Lightning nodes that has significantly experimented with economic revenue maximising behaviour by changing fees. Once the network scales and other parties try to maximise revenue, fee market conditions are likely to be very different. This exercise should therefore only be considered as an illustrative experiment, rather than anything particularly revealing about lighting fee markets.

Lightning node daily fee income versus the feerate

(Source: BitMEX Research)
(Lightning fee income data charts – notes and caveats:
* Daily data from 31st December 2018 to 24th March 2019
* Data from one Lightning node
* The base fee was 0 across the period
* The investment return data excludes onchain Bitcoin transaction fees, when including the impact of fees all but the most optimal fee rate buckets would show a negative investment return
* The data includes both weekdays and weekends, in general Lightning network traffic is significantly lower at weekends
* The fee rate was changed every day at around 21:00 UTC. The fee rate was reduced each day and then jumped up to the top of the fee rate range after several days of declines, to begin the next fee rate downwards cycle. The reason for this was that some wallets (e.g. mobile wallets) did not always query the fee rate each time it attempted to route a payment through the node, therefore when increasing the fee rate, many payments would fail. For example, when opening a channel from a mobile wallet to the Lightning node, then increasing the fee rate and immediately attempting to make a payment, the payment often failed as the wallet attempted to pay with a fee which was too low. In our view, in order to Lightning network fee markets to work, node operators may need to regularly change fees and therefore wallets may need to query fee rates more often
* Channel rebalancing occurred manually, once every two weeks. Approximately 30 minutes was spent on each occasion

* The Lightning node was running LND and the software was updated to the master every two weeks
* Approximately 30% of the channels (by value) were opened using the autopilot, the other 70% were opened manually
* The investment return was calculated by taking the outbound channel capacity of the network each day, annualising the investment return based on the daily fee income and then calculating a simple average based on all the days with a fee rate inside the particular range
* The data is based on one node only and its particular set of channels, the experience for other node operators may be very different
* We tried to use our public node for this experiment, however the fee income was too sporadic, with some network participants regularly paying well above the advertised fee rates by considerable amounts, making the data unreliable

* Unfortunately we needed to use a log scale for both axis. With respect to the fee rate we were unsure of which rates to charge, even which order of magnitude to set, therefore we tried a wide range of fees, from 0.0001% to 0.5% and a log scale was appropriate. At the same time, the daily fee income was highly volatile, ranging from 0 satoshis to over 3,000 satoshis. Therefore a log scale was deemed most appropriate. As the network develops and fee market intelligence improves, a linear scale may be more appropriate)

Fee incomes and investment returns

In addition to daily fee income, one can also consider the annualized investment return associated with running a lighting node and the various fee rates. This is calculated by annualising the daily fee income and dividing this number by the daily outbound liquidity.

The highest annualised investment investment return achieved in the experiment was 2.75%, whilst the highest fee bucket investment return was almost 1%. This seems like a reasonably attractive return for what should in theory be a relatively low risk investment, at least once the ability to backup lighting channels in real time becomes implemented. Existing Bitcoin investors could be tempted by these returns and provide liquidity to the Lightning network, or alternatively US dollar based investors could buy Bitcoin, hedge the Bitcoin price exposure using leverage and then attempt to earn Lightning network fee income.

Lightning node annualised investment return by fee bucket

(Source: BitMEX Research)

Of course, liquidity providers in the current Lightning network are not likely to be motivated by investment returns.  Current node operators are likely hobbyists, with the overwhelming majority of node operators making losses when considering the onchain fees required to open and rebalance Lightning channels. Although this hobbyist based liquidity probably can sustain the network for a while, in order to meet the ambitious scale many have for the Lightning network, investors will need to be attracted by the potential investment returns.

Lightning network fees and economic conditions

A 1% investment yield may seem attractive in the current low yield environment, however the Lightning network may initially have difficulty attracting the right commercial liquidity providers. Investors in this space are typically looking for a high risk high return investment, which appears to be the opposite end of the spectrum for the relatively low risk low return investment on offer for Lightning liquidity providers. Therefore a new type of investor, one that fits this profile, may be needed.

If the Lightning network reaches a large scale, it is possible that the highly liquid investment product, with stable low risk returns, is sensitive to economic conditions.

Consider the following scenario:

  1. The federal reserve base rate is 1.0%
  2. Lightning node operators are typically earning an annualised investment yield of 1.5% on their outbound balance
  3. Due to robust economic conditions and inflationary pressure, the federal reserve open market committee increase interest rates from 1% to 3%.
  4. Due to the more attractive investment returns, Lightning network node operators withdraw capital from the Lightning network and purchase government bonds
  5. Due to the lower levels of liquidity in the Lightning network, users are required to pay higher fees to route payments and the Lightning network becomes more expensive

However, if Lightning network liquidity is large enough for the above logic to apply, Lightning would have already been a tremendous success anyway.

The risk free rate of return

In some ways, if the Lightning network matures, one can even think of the investment returns from running a Lightning node as Bitcoin’s risk free rate of return, or at least a rate of return free from credit risk. In traditional finance this is often the rate investors earn by holding government bonds, where the government has a legal obligation to pay the principal and coupon and a means to create new money to pay the holders of the bonds, such that the risks are near zero. In theory, all other investment projects or loans in the economy should have a higher return than this risk free rate. The same could apply to Bitcoin, with Lightning node liquidity providers return rates being considered as the base rate within the Bitcoin ecosystem.

In the future, if most of the technical challenges involved in running nodes have been overcome and there are competitive fee setting algorithms, this Lightning network risk free rate could ultimately be determined by:

  • Conditions in wider financial markets – higher interest rates could mean a higher Lightning network risk free rate
  • The demand for Lighting network transactions – more demand or a higher velocity of money, should increase the Lightning network risk free rate


Whether specialist hedge funds and venture capital investors will have the same enthusiasm about becoming Lightning network liquidity providers, as they did for the “staking as a service” business model for proof of stake based systems in mid 2018 remains to be seen. While the investment returns for Lightning network liquidity providers do not yet look compelling, with the network in its formative stages, we do see potential merit in this business model.

In our view, the Lightning network can easily scale to many multiples of Bitcoin’s current onchain transaction volume without encountering any economic fee market cycles or issues, all based purely on hobbyist liquidity providers. However, if the network is to reach the scale many Lightning advocates hope, it will need to attract liquidity from yield hungry investors seeking to maximise risk adjusted investment returns. Should that occur, unfortunately the network may experience significant changes in fee market conditions as the investment climate changes over time.

However, it is relatively easy to set up a node, provide liquidity and try to earn fee income by undercutting your peers. Where the balance is ultimately struck between the operational channels of running nodes, the extent of liquidity provision and the investment returns, we obviously do not know. However, if we are forced to guess, based on the architecture and design of the Lightning network, we would say the system is somewhat rigged towards users and low fees, rather than liquidity providers.

BitMEX 研究推出以太坊节点指标网站——Nodestats.org

摘要: BitMEX 研究非常高兴宣布推出一个监控以太坊网络的新网站  Nodestats.org 。 该网站连接到五个不同的以太坊节点,并每五秒钟收集一次数据。 网站主要专注于提供与每个以太坊节点所需的计算资源相关的指标。 在分析某些指标时,我们可能已经识别出与节点报告的数据完整性有关的问题,这可能是某些以太坊用户所关注的问题。Nodestats.org 是与 TokenAnalyst 合作制作,该公司是 BitMEX 研究的以太坊网络数据和分析合作伙伴。

(截至 2019 年 3月 12 日的网站截图)



 Nodestats.org 通过整体采用来比较两个最大的以太坊节点客户端实现的统计数据—— Geth 和 Parity 。在这些客户端实现中,Nodestats.org 比较了不同节点配置的性能 ——快速、完整和归档节点。


 Nodestats.org 的主要目的如下:

  1. 提供比较不同以太坊实现的计算效率的指标。 例如,通过比较与以下相关的要求:
    •  CPU 使用率
    • 内存(RAM)
    • 带宽
    • 储存空间
  2. 比较运行以太坊节点软件和其他币(如比特币)之间的资源需求
  3. 通过查看关于节点是否足够快地处理区块以处于链端点,或差的区块传播是否导致节点在大部分时间不同步的指标,来评估以太坊 P2P 网络的实力和交易处理速度


 Nodestats.org 在 2019 年 3 月初才开始收集数据,要作出任何确切结论还为时过早。 不过,我们正在保存数据,并希望稍后分析长期趋势。 Nodestats.org 数据是通过每五秒(每小时 720 次)查询一次我们的五个以太坊节点或运行节点的机器生成的,然后将结果存储在数据库中。此数据生成的各种滚动平均值和其他指标显示在 Nodestats.org 网站上。


Nodestats 指标的说明

名称 说明 初步调查结果

这表示节点已验证并下载所有区块数据,到 P2P 网络通知节点是链端点的时间百分比


每小时指标通过确定节点是否每 5 秒处于端点来计算,其应该是每小时 720 次查询。 节点表示其处于端点的这些查询的比例是报告的指标。


该字段基于 web3 的 “isSyncing” 字段,我们认为该字段使用节点已看到的最高区块,即 “highestBlock” 字段,以确定该节点是否落后于其对等节点所看到的最高区块。

节点通常报告它们在 99.8% 的时间处于端点,这意味着在每小时 720 次查询中大约只有1次节点不是处于链端点。


唯一的例外是, Ethereum Parity (以太坊奇偶校验)完整节点,我们将在本报告后面讨论。


我们认为该指标的数据完整性很差,例如就 Parity 完整节点而言,所提供信息的完整性很弱,我们将在本报告后面解释。 展望未来,我们的目标是建立一种更有效的方法来计算这个指标。





通常, Nodestats.org 无法识别客户端跟随不同链的时间。因此,该指标通常为 0% 。(即一小时内 720 次中为 0 次)


这表示机器 CPU 资源的平均使用率百分比。


Nodestats.org 使用的所有机器 都拥有 “Xeon(R)CPU E5-2686 @ 2.30GHz” 处理单元,并且为双核。 例外情况是归档节点,其拥有 16 个核心。


所有节点都使用 AWS “i3.large” 机器,但归档节点除外,其运行 “i3.4xlarge” 。

一般来说,CPU 使用率往往在 0.01% 到 1.0% 之间。 Parity 往往达到 1% 的水平,而 Geth 似乎使用较少 CPU 性能。


 Geth 的 CPU 使用率似乎不如 Parity 的稳定,Geth 的 CPU 需求偶尔会飙升至 1% 左右。


 Nodestats.org 每 5 秒从机器读取一次,这与以太坊客户端使用的内存量有关。


Nodestats.org 使用的所有机器都拥有 14GB 内存,但归档节点除外,它是一台 120GB 内存的机器。

一般来说,无论有多少内存可用,节点都会占用绝大部分内存(例如超过 95% )。



对等者数量 节点每 5 秒向 Nodestats.org  提供一次网络对等者的数量。

 Parity 往往拥有大约 450 个对等者,而 Geth 只有大约 8 个。


 Geth 的对等者数量比 Parity 更不稳定,因为它似乎偶尔会下降到 6 个左右。

上行带宽  Nodestats.org 每 5 秒从机器读取一次,这与服务器的总网络上行带宽有关。

具有更多对等者的Parity往往使用超过100KB /秒的带宽(在每个方向)。 相比之下,Geth往往只使用大约4KB /秒的带宽。


Geth的带宽需求往往比Parity更不稳定,偶尔会飙升至60KB /秒左右。

下行带宽  Nodestats.org 每 5 秒从机器读取一次,这与服务器的总网络下行带宽有关。




目前, Parity 需要大约 180GB , Geth 使用不到 200GB ,完整归档节点需要 2.36TB 的数据。


 Parity 完整节点仍在同步

 Parity 完整节点于 2019 年 3 月 1 日开始,在撰写本文时( 2019 年 3 月 12 日)它尚未完全与以太坊链同步。客户端大约落后 450,000 个区块,而根据其当前的轨迹,它应该在几天内赶上主链端点。由于初始同步缓慢, “同步的时间百分比” 指标显示为接近 0% ,因为客户端永远不会同步。

 Ethereum Parity 完整节点机器的规格如下:

  • 双核 2.3GHz
  • 14GB 内存
  • 固态硬盘
  • 10 Gb/秒的互联网连接

事实上,具有上述规格的机器需要超过 12 天的同步可能表明,对于以太坊网络来说,初始同步问题可能比后同步问题(例如区块传播)更受关注。 虽然初始同步缓慢(至少对于这个系统设置而言)是一个潜在的问题,但以太坊尚未达到节点无法赶上的程度,因为同步速度比区块链增长速度快。




如下面的 Parity 完整节点日志生成的图表所示,网络图上看到的最高区块(蓝色)似乎有可能不正确。在网络图上看到的最高区块的数值有时随着时间的推移而下降,并且始终远远落后于实际的链端点(以绿色显示)。有时这个有可能出错的数字朝着验证链的高度(橙色)下降,而我们的网站错误地报告该节点同步。这可能是一些以太坊用户关注的问题,因为Parity完整节点与网络有很多连接,因此这可能是一个错误。


以太坊 Parity 完整节点区块高度数据 —— 2019 年 3 月 11 日和 12 日(UTC 时间)

(资料来源: 以太坊 Parity 完整节点日志)


这个潜在错误可能会破坏我们网站的整个指标,即使对于其他节点也是如此,因为最高链端点的字段可能无法正常运行,以及我们的数字可能不准确。 不过,我们继续收录这个指标,因为 Nodestats.org 网站显示节点报告的数据,与我们对数据完整性的看法无关。 我们希望将来可以实施我们自己的改进指标。

有人可能会认为,如果攻击者以正确的方式利用这个潜在错误,其影响在某些有限情况下可能会很严重。 例如,用户可能会将收款或智能合约执行看作已经验证,而他们的节点声称处于网络链端点。 但是,客户端可能并不真正处于链端点,攻击者可能会利用此漏洞来欺骗收款人提供商品或服务。 攻击者将需要在易受攻击节点错误地认为是链端点的高度上花费多一倍功夫,其工作要求证明可能比主链端点低。 不过,成功执行此攻击的可能性极小,而用户也不太可能使用最高的区块功能。



就像其同类网站 Forkmonitor.info 一样, Nodestats.org 还有很多工作需要改善。在未来几个月和几年内与 TokenAnalyst 的合作过程中,我们计划添加更多功能,例如:

  • 通过减少对节点报告的内容的依赖并开发我们自己的计算方法,提高数据的完整性
  • 用于分析长期趋势的图表和工具
  • 改进数据的粒度
  • 分叉检测系统
  • 与其他对等者相关的数据

目前, Nodestats.org 提供了一个有用的工具来评估运行以太坊节点的大致系统要求。 在非常基础的层面上,它还提供了评估以太坊网络及其各种软件实施的可靠性的机制。 不过,我们承认 “同步的时间百分比” 指标可能不可靠,但它确实突出了潜在问题。




BitMEX (www.bitmex.com)


摘要: 我们探讨的是加密货币圈内人士经常提起的一个问题: “新一轮全球金融危机何时来临?” 我们试着回答这个问题,首先要解释的是,2008 年之后,经济危机的中心不再是银行,变成了资产管理行业。 因此我们认为,一旦 2008 年金融危机卷土重来,零售银行存款和支付系统受到威胁的可能性不大。 特别是,我们相信,在看似低波动率及低回报环境的推波助澜下,公司债投资基金和非常规债券投资工具可能成为金融体系中最为薄弱的一环。 

(上一次全球金融危机距今已有 10 年,昔日报章已然泛黄,信贷情况可能在某些情况下大幅收紧,但资产管理行业是否已取代银行业的位置,处于危机中心?)


2008年全球经济危机之后,比特币被视为金融乱象丛生和怀疑主义盛行的产物,部分原因在于比特币问世的时间。 因此,比特币投资者和加密货币界人士似乎时常问一个问题:



首先,我们来探究一下这个问题本身。 我们的看法是,此问题背后主要存在三种假设:

  1. 未来数年内将出现新一轮金融危机,金融危机是不可避免的,每10年左右出现一次;
  2. 这种危机将对比特币价格产生积极影响;
  3. 新一轮全球金融危机情况与上一次相似,导致民众普遍质疑银行系统和电子支付系统的信用。

在这三种假设当中,我们真正同意的只有第一种。 虽然我们认为后两种假设可能成真,但其不确定性非常大。 

至于第二种假设,我们在 2018 年 3 月提过这个问题,但是我们指出,在交易方面比特币表现得更像是风险资产而非避险资产。 当然,从那时起比特币价格大幅下滑,未来情况可能有变。 如果比特币在新一轮全球金融危机中表现良好(在流动资金紧绌的情况下),将对比特币和价值储藏投资理念产生巨大的积极影响。 然而并没有大量证据表明这种情况将会发生。 我们认为,若这种情况发生的话,比特币价格需要与诸多替代币脱钩,这很明显是趋险型投资理念。 



有一句名言是这样说的,“历史不会重演,但总是惊人地相似。” 过去 10 年里,银行管理团队和银行业监管机构在 2008 年全球金融危机的阴影下如履薄冰。 因此,银行财务状况和资本比率显著加强。 发达市场的银行一级资本比率从经济危机前的 5% 左右提升至如今的 12% 左右(见图 1 )。 而更为基础的总资产权益率就更难以操纵,情况也相类似:从原先的 5% 左右提高至目前 9% 左右(见图2)。

图 1  – 美国与英国银行综合普通股权益一级资本比率

(资料来源: 英国综合数据来自于英格兰银行,美国数据来自于美联储

图 2 – 美国银行总资产与有形资产综合比率(资产规模超过 500 亿美元的银行)


或许,比上述比率更清晰和更发人深思的是以下简图(见图3)。 该图显示,自全球金融危机以来,西方主要银行从未扩大其资产负债表规模。 实际上,我们研究的九大银行总资产规模从 2008 年的 19.3 万亿美元大幅下降至 2018 年的 15.6 万亿美元。 也许有人会反驳说,并购活动是造成下表所示情况的主要原因,但我们的观点仍然站得住脚。

图 3 – 发达市场个别银行总资产规模 – 单位:万亿美元

(资料来源: BitMEX 研究、银行收益、彭博社)

(注: 图中显示的是摩根大通、美国银行、花旗银行、富国银行、汇丰银行、苏格兰皇家银行、德意志银行、瑞士信贷银行以及瑞士联合银行对外公布的资产总额。)

我们的看法是,财务杠杆是金融风险的主要推动因素。 似乎自2008年开始,金融体系风险的中心开始转移。 2008年,银行系统的杠杆以及杠杆与按揭市场证券化之间的相互关系引发风险。 如今,在看似低波动率环境的推波助澜下,资产管理行业的杠杆,尤其是公司债的杠杆形成同等风险。


资产管理行业的透明程度远不及银行业,要确定杠杆水平难度更大。 因此,无论是在资产管理行业杠杆问题上,还是在该杠杆的相关金融危机到来时间问题上,都难以得出结论。

2015年国际清算银行的《买方杠杆》报告指出,“风险从银行系统转移到资产管理行业,值得注意”。 报告提到,虽然投资基金在股票和固定收益领域的杠杆保持相对稳定,但是自2008年以来,杠杆率明显提高,新兴市场尤为如此。 国际清算银行报告得出以下结论:

银行系统杠杆是2008年全球金融危机的重要组成部分。 从那时起,银行紧缩财政,重新实现良好资产负债状况,藉此资产经理人(“买方”)迅速扩大全球融资领域的版图。 要获取投资基金的资产负债信息,比获取受到严格监管银行的资产负债信息难得多。 我们使用某市场数据供应商提供的资料,发现买方杠杆不容忽视,哪怕买方杠杆因基金类型而大相径庭。 股票基金投资组合的杠杆似乎使用率最低,而固定收益基金非常倚重借贷。


国际清算银行使用的数据来自于专业的投资基金流公司EPFR,虽然我们认同报告结论,但是不能完全相信数据的可靠性。 我们尚未发现理想的全球数据来源,但是超过一定规模的美国注册投资基金必须向美国证券交易委员会提交有关杠杆使用情况的数据。 美国证券交易委员会从2013年第二季度起使用这类数据,我们概括出下列表格的主要趋势(见图4、5和6)。

数据显示,与银行业不同的是,资产管理行业从2008年开始显著扩张(见图4)。 与此同时,即使难以绘制出一张自2008年起的清晰图表,可杠杆率似乎也在上升。

图 4 – 美国基金行业资产总值(单位:十亿美元)

(资料来源: BitMEX 研究、美国证券交易委员会

虽然存在着相互抵触的方法论,可是确定投资基金杠杆水平的最基础方法始终是计算总资产值与净资产值的比率,有时也称为杠杆比率。 可惜下表(见图5)时间跨度有限,但该表格似乎显示出杠杆率在适度扩大,至少在对冲基金方面情况如此。 

图 5 – 美国私募基金行业杠杆比率 – 资产总值/净资产值

(资料来源: BitMEX 研究、美国证券交易委员会

由于忽略了衍生工具的影响,杠杆比率低估了真实的杠杆情况。 美国证券交易委员会还要求披露衍生工具的名义价值。 下图说明,美国对冲基金衍生工具使用量增加。

图 6 – 美国私募基金行业 – 对冲基金 – 衍生工具名义价值/净资产值

(资料来源: BitMEX 研究美国证券交易委员会
(注: 通过调整反映美国证券交易委员会数据报告方式的变化。)


除了固定收益市场中投资基金杠杆使用量增加外,债券市场的机制日益复杂和不透明。 银行在公司债市场的地位被取代,导致各种相互联系、相互排斥的投资机构迅速增多。 下表概括了其中部分结构。

债券类型 描述/评论 参考资料
债务抵押证券 债务抵押证券(CLO)是指多家公司的一系列贷款汇集形成的一种证券。 这种产品通常划分为多个等级,低风险等级产品回报较低,高风险等级产品回报较高。 一旦公司破产,最后才向最高风险等级产品的投资者偿付。

这些产品的买家通常是退休基金、保险公司和对冲基金。 看重收益的亚洲投资者十分青睐这类产品。

市场增长 – 图 7
杠杆贷款 杠杆贷款通常是指由高负债公司发行的可变利率贷款。 大多数情况下是无担保贷款。 这类投资工具的持有者往往是退休基金和其他私人投资者。


市场增长 – 图 8

信贷质量 – 图 15

私人债务交易 与杠杆贷款市场相似,不同的是债务一般不在二级市场交易。 市场增长 – 图9
债券基金交易所买卖基金和共同基金 在此期间,所有资产类别中的交易所买卖基金(ETF)均更受青睐,连公司债券基金也不例外。 市场增长 – 图 10
私募股权 信贷质量 – 图 16

(注: 上表中各栏相互间并不排斥)


图 7 –债务抵押证券市场规模 – 单位:十亿美元

(资料来源: 花旗银行、金融时报

图 8 – 美国杠杆贷款市场规模 – 单位:十亿美元

(资料来源: 标准普尔、金融时报

图 9 – 私人债务市场规模 – 单位:十亿美元

(资料来源: 美国银行、金融时报

图 10 – 面向美国投资者的顶级债券ETF规模 – 单位:十亿美元

(资料来源: BitMEX 研究、彭博社)

(注: 图表显示的是下列债券 ETF 的总市值:iShares 核心美国 综合债券 ETF 、先锋总体债券市场 ETF 、 iShares iBoxx 美元投资级别公司债 ETF 、先锋短期公司债 ETF 、先锋短期债券 ETF 、先锋中期公司债 ETF 、 iShares 摩根 美元新兴市场债券 ETF 、先锋总体国际债券 ETF 、 iShares 按揭支持债券 ETF 、 iShares iBoxx 美元高收益公司债 ETF 、 PIMCO 增强短期策略基金、先锋中期债券 ETF 、 iShares 短期公司债 ETF 、 SPDR 巴克莱高收益债券 ETF 、 iShares 短期债券 ETF )


如以下图 11 所示,公司债务水平自 2008 年起显著提高,罗素 3000 指数中的公司当前总负债额为11万亿美元,上一次全球金融危机爆发时这些公司的总负债额刚刚超过8万亿美元。 公司利用低利率和上述新投资产品,贷款创下纪录。 

然而,图 11 的红线显示,罗素 3000 指数的公司负债情况看起来仍处于稳健水平,净负债与息税折旧摊销前利润(EBITDA)的比率略低于2.5倍。虽然该比率在过去几年间不断上升,但远远低于2008年经济危机前大约3.7倍的高水平。这种明显增长是由少数科技巨头囤积现金以及强大的经济带动企业收入提高所造成的。如果经济转向,随着公司收入减少,资产负债状况或许会再次变差。

图 11 – 公司债务水平

(资料来源: BitMEX 研究、公司数据、彭博社)
(注: 根据罗素 3000 指数中所有公司得出的总数据)

未来几年将有大量公司债券到期。这会在固定收益领域加剧流动性危机或压力的影响。 我们的分析显示(见图 12 ),美国将有 8800 亿美元公司债券将于 2019 年到期。

图 12 – 公司债券到期时间 – 单位:十亿美元

(资料来源: BitMEX 研究、彭博社)
(注: 数据基于约6400只美国公司债券组成的数据库,债券发行总量为5.7万亿美元。)


图13 – 美国公司债标准普尔信贷评级历史分布

(资料来源: 彭博社、汇丰美元投资级别指数成份股,包括金融与非金融公司)

图 14 – 未偿还美国公司债标准普尔信贷评级历史分布(按到期时间划分)

(资料来源: BitMEX 研究、彭博社)
(注: 数据基于约 6400 只美国公司债券组成的数据库,债券发行总量为5.7万亿美元。)

评估上述非常规债券工具的信贷质量,难度更大。 但是,穆迪不久前发布的一份报告显示,杠杆贷款市场投资者的保障程度大幅恶化,如以下图 15 所示。

图 15 – 穆迪对杠杆贷款契约质量的评估(美国与加拿大)

(资料来源: 穆迪、彭博社
(注: 5.0 为最低分, 1.0 为最高分。)

图 16 – 私募股权交易平均总负债与 EBITDA 倍数比例

(资料来源: 标准普尔、金融时报


在我们看来,发达经济体采取的非常规货币政策压低了投资回报和波动性,同时降低贷款成本;这种情况刺激资产经理人使用更多的杠杆,追逐更高的风险。与此同时,同样的政策也鼓励公司承担更高的债务。低波动率对固定收益领域的影响甚于其他领域。 “风险均衡” 型投资策略越来越受欢迎,采用这种策略的基金经理根据每种资产类别的风险(波动率)构建投资组合,然后使用杠杆提高回报。杠杆有助于减轻持重低风险资产带来低回报的影响。 通常的做法是,持偏高比重的是固定收益而非股票,同时纳入更多杠杆,以抵消低风险资产的低回报影响。

2018 年 2 月,波动率指数飙升,做空波动率指数的投资策略(例如 Velocity Shares 每日反向波动率指数交易所交易票据)价值暴跌至零,因此波动率急速上升。 2018 年 3 月的 BitMEX 加密货币投资者文摘中讨论过该问题。其受害者是一小群贪图早期收益的投机型投资者,而波动率指数的影响仅限于金融体系的其他部分。不过,这种情况很可能日后出现在固定收益市场上, 2018 年 2 月的事件正是其缩影。而这一次波及的将是从人为低波动率和低借贷成本中渔利的主流投资者。市场在某个时间将进行整固,其影响将远比 2018 年 2 月严重,不仅仅是数亿美元蒸发,而是数万亿美元资产化为乌有。


  1. 出现某个催化因素,导致波动率急剧上涨。
  2. 投资者需要分散其投资组合的风险,首先要处理的是流动性最高的市场,即固定收益市场。
  3. 在流动性最高的市场中,机构主导交易,各大机构可能会在同一时间抽走所有流动资金。
  4. 投资者急于退市,导致固定收益市场出现波动,流动性下降并且无法运作。
  5. CLO 和债券 ETF 等证券化债券资产以远低于净资产值的折扣价进行交易。
  6. 情况蔓延至其他的流动性资产类别,例如股票。
  7. 在未来几年里,新成立的债券发行机构开始缺乏资金;公司为了融资而苦苦挣扎,经济受到重挫。

当然,我们并不清楚什么是导致波动率增加的主要催化因素。它可能是某个地缘政治事件,新兴市场美元债券过量发行,中国资产管理行业的高杠杆,被动型 ETF ,高频率交易员,央行过快缩减资产负债规模,出乎意料的大批企业破产,欧元区债务危机,甚至是比特币出现灾难性重大漏洞引起波动等等……  



对于金融体系和人类社会而言,银行比资产经理人更加重要。如果资产管理人承受压力,虽然部分高净值人士资产减值;散户和企业存款应该是安全的;因此新一轮金融危机的影响可能不及 2008 年严重。可重要的是,政府介入以减轻经济危机影响的可能性也比 2008 年时要低。 

首先也是最明显的,各国央行行长可动用的措施被严重削弱,利率已经很低,而资产负债表规模很高。 其次,或许更为重要的是政治层面。我们肯定难以捉摸每个人的看法,但特朗普、英国脱欧、法国黄背心运动等背后的那些特殊人群或许并不支持政府对金融市场的某种干预措施。 

在现今日益“民粹化”的政治环境中,要证明量化宽松计划,或牺牲没有大量金融资产的中等收入人群,从而提高资产价格的计划的正确性,难上加难。 因此,在新一轮全球金融危机中,管理好“政治动乱”的显著风险可促使各国央行行长所采取措施的范围大幅缩减。 

请记住, 2008 年后也有政党反对央行政策, 2011 年时这种反抗达到顶峰。这次的另一项重大差别在于领导反抗者可用的工具现在更加先进了,例如社交媒体。自2008年起西方国家的政治不确定性似乎在增加。如果这种不确定性开始与金融波动相互作用,风险将会加剧。

至于何时发生全球金融危机,我们不得而知。 我们的观点是,本报告中列示的图表说明了一个问题,但这些图表并不是暗示我们正处于重大危机的边缘;或许很多年后才会发生金融危机。 至于如何从这类事件中获利,其难度或许比预测金融危机到来时间更高。或许人们可以构建一个由波动率看涨期权、远期公司债ETF看跌期权、指数挂钩政府债券、波动率对冲基金、黄金甚至少量比特币组成的投资组合。再次声明,虽然我们不知道这些事件何时会发生,不过也许现在正是调整投资组合的时机。


BitMEX (www.bitmex.com)