Lightning Network (Part 3) – Where Is The Justice?

Abstract: In our third look at the lightning network, we examine lightning channel closure scenarios and the incentives to punish dishonest parties and prevent them from stealing funds. This punishment mechanism is called a “Justice Transaction”. We explain how to arbitrarily construct a “Justice” scenario and present data on the prevalence of this type of transaction on the Bitcoin network. We have potentially identified 241 Justice transactions, representing 2.22 Bitcoin in value, since the lightning network launched at the end of 2017.

(Lightning strikes the city of Singapore)

Overview

Following on from our January 2018 discussion of the motivation behind the lightning network and our March 2019 analysis of lightning network routing fee economics, this third piece on the lightning network looks at channel closures and the incentives designed to prevent dishonest lightning nodes from stealing funds, by broadcasting an earlier channel state.

It should be noted that, by design, when a thief attempts to steal funds on the lightning network, if caught, they do not only lose the money they tried to steal, they lose all the funds in the relevant channel. This “punishment” is expected to act as a deterrent and is sometimes called “justice”.

The four lightning channel closure scenarios

Opening lightning channels is, generally speaking, more simple than closing them, there is only one way to open a lightning channel, cooperatively with interactive communication between the parties. On the other hand, when evaluating channel closures, one needs to consider four different scenarios, as outlined in the decision tree below (See figure 1).

Figure 1 – Lightning network channel closure types – decision tree

(Source: BitMEX Research)

Figure 2 – The four lightning channel closure scenarios explained

Closure type Description Onchain technical details and example transactions
This is the most common scenario.

A cooperative closure occurs when an honest node initiates the channel closure, while the node on the other side of the channel is online and communicating.

Funds are distributed to each party’s onchain wallet based on the latest channel state.

A cooperative closure requires only one onchain transaction.

Inputs are redeemed using a “normal” 2 of 2 multi-signature script and sent to two outputs, each belonging to the parties involved, with the balance based on the latest channel state. 

This transaction is hard to identify as lightning and therefore it is the most private of the three channel closure types.

Example closure:

A non-cooperative non-breach closure occurs when an honest node initiates the closure, without directly communicating with the node on the other side of the channel.

Funds are distributed to each party’s onchain wallet based on the latest channel state.

These two different economic scenarios, are represented by one technical onchain scenario.

This scenario requires two onchain transactions. 

Firstly the funds are redeemed using a 2 of 2 multi-signature witness and sent to two outputs. The node which did not initiate the closure is allocated funds based on what the channel closing party says is attributable to them, while another pot of funds is sent to an output which can be redeemed by using either an OP_IF or an OP_ELSE script. 

In a second transaction, the funds sent to the OP_IF script, are claimed by the party that initiated the channel closure, using the OP_ELSE branch of Bitcoin script.

Example closure:

A non-cooperative breach non-justice closure occurs when a dishonest node initiates the channel closure, by broadcasting an earlier channel state, attempting to steal funds from the node on the other side of the channel.

The non closing node does not check the network within the locktime period, normally 24 hours and does not broadcast a justice transaction. Therefore the theft is successful.

Funds are distributed to each party’s wallet based on an earlier channel state, such that the non closing party losses funds and the dishonest channel closing party successfully steals funds.

A non-cooperative breach justice closure occurs when a dishonest node initiates the channel closure, without directly communicating with the node on the other side of the channel.

The non closing node does check the network within the locktime period, and creates a justice transaction, such that the attempted theft fails.

The would-be thief is punished and all the funds go to the honest non closing party.

In the justice scenario, two onchain transactions are also required. 

In the first transaction, the funds are redeemed using a 2 of 2 multi-signature witness and sent to two outputs. The node which did not initiate the closure is allocated funds based on what the channel closing party says is attributable to them, while another pot of funds is sent to an output which can be redeemed by using either an OP_IF or an OP_ELSE script.

In a second transaction, the honest node, that did not initiate the closure claims all the funds sent to the OP_IF script, using the OP_IF branch.

This is the most revealing of the three channel closure types and provides the lowest level of privacy.

Example closure:

How to construct a Justice transaction?

In the below arbitrary scenario, we manually created a justice transaction, using the following steps:

1. Spin up a new lightning network node (LND), with the alias “BitMEXThief” and open a channel, worth US$50 (400,000 Satoshis) with the BitMEXResearch lightning node
2. Switch off the BitMEXThief node and back up the .lnd directory
3. Restart the BitMEXThief node and make a lightning payment of US$25 (200,000 satoshis) to BitMEXResearch. The channel is now balanced, US$25 in both directions
4. Switch off the BitMEXThief node again
5. Switch off the BitMEXResearch lightning node (to prevent it broadcasting the latest channel state to the thief node)
6. Restore the BitMEXThief node back to its state prior to the channel re-balancing, the state in step 2
7. On the restored BitMEXThief node, attempt to close the channel from its earlier state and claim the full US$50 (400,000 satoshis) to the BitMEXThief node’s onchain wallet
8. Restart the BitMEXResearch node. The node then automatically detects the attempted theft and broadcasts the “justice transaction”, sending the full US$50 (less fees) to its onchain wallet. The would be thief was punished, by losing all the funds inside the channel. Note that the thief attempted to steal US$25, but ended up losing the full US$50.

The above experiment occurred successfully, providing some assurance that Lightning does actually work and if you try to steal, you will be punished.

Network Justice transaction data

After conducting our own justice transaction, we looked at the characteristics of this transaction (Inputs redeemed using the OP_IF branch) and searched for other justice transactions on the Bitcoin blockchain. We identified 241 transactions, which appear to be justice channel closures, dating back as far as December 2017. Mr. Alex Bosworth, from Lightning Labs, has created a tool to identify justice transactions, which may be more robust than our more basic search methodology.

Figure 3 – Number of justice transactions – monthly

(Source: BitMEX Research)

(Note: There is a possibility the data includes false positives)

Figure 4 – Value redeemed in justice transactions – monthly (BTC)

(Source: BitMEX Research)

(Note: There is a possibility the data includes false positives)

The justice transactions we identified had transaction inputs totaling 2.22 BTC, with the monthly total peaking at around 0.67BTC in February 2019, as figure 4 above illustrates. This does not necessarily mean thieves tried and failed to steal 2.22 BTC, as the dis-honest nodes may have punished thieves by a amount larger than the value they tried to steal (we do not know the latest channel state). The 2.22 BTC represents the total funds claimed by honest non channel closing nodes, part of this value is funds originally owned by the dis-honest nodes and part of the value will be the value they tried to steal.

It is also possible that many of the 241 justice transactions do not indicate genuine dishonestly, for instance it could be users testing the system, where the same user owns both lightning nodes in question. For example BitMEX Research is responsible for 5 of the 241 justice transactions, when there was no victim, as BitMEX owned all the nodes and funds.

241 justice transactions, with a value of just over 2 BTC is reasonably small relative to the size of the lightning network. The lightning network statistics website 1ml.com, indicates that there are currently 940 BTC locked up in 32,951 channels. The total number of justice transactions in the last 18 months is therefore only 0.7% of the current number of lightning channels.

Conclusion

In order for the lightning network to succeed as a robust, reliable and scalable payment system, the justice mechanism needs to be effective in deterring and preventing theft. As for the optimal justice rate, this is hard to determine, if it is too high and it shows that successful thefts may be too prevalent and the threat of justice may not be sufficient. If it is too low, it may mean nobody is attempting theft, thereby increasing the risk that users do not monitor their channels. This may lead to increases in the risk of large systemic channel thefts in the future.

For now, at least according to the data we have analysed, there appears to be a reasonable degree of justice on the burgeoning lightning network.

Update to BitMEX Indices, 15 July 2019

Effective 15 July 2019 at 15:15 UTC, BitMEX will reintroduce Kraken into its indices following the resumption of trading on Kraken. The updated indices are detailed in the table below.

All traders should be aware that these indices may fluctuate substantially, and should exercise caution when trading contracts that reference these indices.

If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Affected Index

Index Constituents

.BXBT

Bitstamp, Coinbase Pro, Kraken

.BETH

Bitstamp, Coinbase Pro, Kraken

.BETHXBT

Binance, Poloniex, Kraken

.BBCHXBT

Binance, Poloniex, Kraken

.BXRPXBT

Binance, Poloniex, Kraken

.BLTCXBT

Binance, Poloniex, Kraken

.BEOSXBT

Binance, Poloniex, Kraken

Temporary Change to BitMEX Indices, 14 July 2019

Effective 14 July 2019 at 21:00 UTC, BitMEX will temporarily remove Kraken from its indices in response to Kraken’s scheduled downtime. This scheduled downtime is expected to last for 3-8 hours and will affect the 7 BitMEX indices as detailed in the table below.  Kraken will be reintroduced once trading has resumed. We will announce their reintroduction 12 hours in advance.

All traders should be aware that the price of these indices may fluctuate substantially, and should exercise caution when trading these indices.

If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Affected index

Current constituents

Temporary constituents

.BXBT

Bitstamp, Coinbase Pro, Kraken

Bitstamp, Coinbase Pro

.BETH

Bitstamp, Coinbase Pro, Kraken

Bitstamp, Coinbase Pro

.BETHXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BBCHXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BXRPXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BLTCXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BEOSXBT

Binance, Poloniex, Kraken

Binance, Poloniex

HDR Global Trading Limited Provides US$60,000 Grant to Bitcoin Developer

Following on from our 28 May 2019 announcement of a donation to the MIT Digital Currency initiative, we are delighted to announce a US$60,000 grant to Bitcoin Core contributor, Michael Ford (AKA fanquake). Michael has been a Bitcoin contributor since 2012 and has recently been added to the list of maintainers for the Bitcoin Core software project.

HDR Global Trading Limited (which owns and operates the BitMEX cryptocurrency trading platform) is proud to support Bitcoin development and engineering, aimed at improving Bitcoin’s robustness, scalability and privacy. The grant is non exclusive and requires Michael to work on Bitcoin Core. We are pleased to be Michael’s first financial supporter during his time as a Bitcoin Core maintainer.

Sam Reed, CTO and co-founder of HDR Global Trading Limited, made the following remark about the grant:

HDR Global Trading Limited, like all other companies in the cryptocurrency space, relies heavily on the (mostly-volunteer) work of coders dedicated to the mission and ideals of Bitcoin. This work is difficult, demanding, and often thankless. We believe it is the duty of corporations to give back to the projects from which they benefit – and from which their very business model stems. Without the millions of free man-hours from dedicated OSS developers powering everything from our operating systems, to our web servers, to our ops tools and Bitcoin itself, the BitMEX trading platform could not have been built. We don’t forget this gift. Therefore, HDR considers this grant, provided on a no-strings-attached basis, to be only a small part of an ongoing commitment to bolstering Bitcoin and other OSS projects for the benefit of all.

 

Libra: Zuck Me Gently



The event horizon has passed. With Libra, Facebook begins its foray into the digital asset industry. Before I begin my analysis, let’s get one thing straight; Libra is not decentralised nor censorship resistant. Libra is not a cryptocurrency. Libra will destroy all stablecoins, but who gives a fuck. I shed no tears for all those projects that somehow believed there was value in a an unheard-of sponsor creating a fiat money market fund that rode on a blockchain.
 
Libra could lay commercial banks and central banks low. It might reduce their usefulness to a dumb regulated warehouse for digital fiat money. And that is exactly what should happen to these institutions in a digital age.

Why Do Commercial Banks Exist?

Banks came about during a time of great danger for members of the human society. In feudal Europe you most likely worked dawn-till-dusk on the farm. Any meagre savings you or your feudal lord amassed were constantly under siege. Given that money was physical in nature, if you or your lord left the protection of the town, theft was likely.
 
Safety of assets has been the most important value proposition for traditional banks. They could store physical assets and records safely in their vaults. Therefore, governments and wealthy individuals stored money and assets with banks. Banks were and are engaged in a massive confidence game. That is why bank building edifices portray a certain fortified grandeur. In a generation, your assets will still be there, intact and ready for use.
 
Through their partnership with the government, banks obtain a license to issue credit and expand the money supply. They also rely on the legalised violence of the government to enforce contracts. Don’t pay the bank back, they will confiscate the encumbered asset. Should you defy the courts, a government goon will happily press boot to neck, and ensure your compliance.
 
In the last decade, human civilisation’s money and assets quickly transitioned from analogue to digital representations. Money and representations of ownership travel electronically rather than on the back of a horse. If assets and money are now digital, do we need institutions that provide physical rather than digital security?
 
As we have seen, commercial banks are terrible at securing digital information. Pick your large too-big-to-fail bank, and there will be a story about the “leakage” (euphemism for “we have no fucking clue how to safeguard your digital property”) of customer data.

Whoever has the customer, has the value

Previously banks held the most valuable information about customers. They had your whole financial history, and information about where you lived and what you bought.
 
In the past ten years, social media companies through voluntary actions of their users, amassed the most amount of personal information in human history. We share every detail of our lives on Facebook, Instagram, Google, Twitter, WeChat, LINE, Kakao Talk etc. We send billions of messages on centralised chat programs controlled by those same institutions as well. They now own the customer.
 
The modern consumer technology companies own billions of the wealthiest customers’ data. Previous to now, these companies made money on advertising and selling a product. But as with all businesses, once you are successful capturing customers, you start offering financial services.
 
Facebook has almost 2 billion daily active users. It makes complete sense to own the financial existence of their chattel. That is Libra.

Libra Deconstructed

Libra is a stablecoin backed by a basket of fiat currencies. The fiat currencies sit in a dumb regulated commercial bank. Libra allows a privileged few the ability to create and redeem Libra at its Net Asset Value (NAV). Libra rides on a blockchain where certain parties operate permissioned nodes. These parties included VC firms, technology companies, retail merchants, cryptocurrency exchanges, and most importantly commercial banks and credit card processors.
 
Libra may invest into short term government bonds, or into anything the Foundation board allows. The income earned is not passed onto the pleb Libra users, but the node operators and Libra investment token investors. The Foundation is the governing body of the Libra ecosystem. The members are selected based on the industries they represent, and their economic investment into the ecosystem. 
 
Libra does not connect real-world identities to addresses. However, you can bet that converting assets into Libra will encounter KYC. And let’s be clear, any request from a government agency to freeze a transaction will be met with compliance. Therefore, do not use Libra to buy your mood-altering substance(s) of choice.

Impact on Consumers

Many of Facebook’s users reside in places with low financial services penetration. Imagine a world where a Filipina helper can purchase goods sold in Europe with Libra. She most likely does not have great banking services where she works as an overseas foreign worker. Therefore, purchasing goods from foreign countries over the internet is difficult. With Libra, there is no issue.
 
The merchant in Europe receives payment in a basket of fiat currencies they already deal with. This transaction can happen completely inside of one of Facebook’s social media properties like Instagram or Whatsapp.
 
Facebook or a new financial services company it creates, can issue loans at the point of sale denominated in Libra. A user can opt-in to allow Facebook to use all its data on the individual to compute a credit score. Using that credit score, Facebook will lend Libra at a rate to purchase goods from merchants selling on the Facebook platform. Voila, the poorest members of our global society can experience the joys of purchasing mass-produced Chinese knick-knacks on credit. Welcome to Pax Americana!

Impact on Commercial Banks

Commercial banks make money lending. They use retail deposits to make these loans. Unfortunately, in this digital age, they no longer have the best information set about these retail depositors. The social media companies do.
 
Therefore, the Facebook, Google, and Alibaba’s of the world can originate a loan cheaper and offer a lower interest rate than a commercial bank. Libra and the plethora of copycats to come, allow technology companies to use a digital fiat representation in their ecosystems to extend credit and offer all of the most profitable banking products at a much lower cost. These global tech behemoths have billions of free cash flow on their balance sheets to lend.
 
Commercial banks can become node operators or regulated warehouses for the reserve assets of the stablecoin in question. There is still economic value in both of these verticals, but consumer technology companies will now sell the most profitable financial products themselves.
 
Any bank should be on notice, Libra and its clones are existential threats to their business models. Many will cheer as banks’ profit centers are eviscerated. But maybe society is trading one devil for another.

Impact on Central Banks

Commercial banks are not needed at their current largesse in a digital economy. With Libra, Facebook is assuming the role of a central bank. The Libra reserve is managed by a third-party foundation. The reserve managers choose the fiat currency weights, and how funds are invested. Sounds a lot like the job scorecard of a central bank governor.
 
Consumer tech companies can now issue, from their own balance sheet, credit directly to consumers. The only difference with this model is that they, for now, are not able to actually create money like commercial banks. This is the flow:
 
1.     Take retained fiat earnings, and exchange for Libra with an authorised primary dealer.
2.     Lend Libra to your customer in exchange for a good or service you offer.
3.     Obtain Libra + interest in Libra back from your customer.
4.     Sell Libra in exchange for fiat with an authorised primary dealer.
 
The money supply does not expand. That is the one major divergence from how a central bank issues credit into an economy. Central banks’ lending in most cases increases the aggregate supply of money.
 
Why trust a few crusty old men and women to manage the monetary health of the global economy. Let’s trust Zuck!
 
I have no love lost for US Representative Maxine Waters’ idiotic statements and actions on the US House Financial Services Committee. But her and other government officials’ outbursts of concern are not driven by altruistic feelings towards their subjects, but rather a fear of the upending of the financial services industry that lines their pockets and keeps them in office. The speed at which government officials rushed to admonish Libra tells you there is some potential positive value to human society embedded in the project.

Libra and Financial Privacy

It is amusing to see how many people rushed to complain about the potential loss of financial freedom Libra could represent. This fear is misplaced, financial privacy is already non-existent, nor will it ever exist in a digital fiat money system. Whether it be Facebook, The Fed, or The PBOC, centralised electronic fiat money is coming – cash will be outlawed.
 
The great thing about the launch of Libra is that it forces those concerned about the loss of financial privacy to explore alternatives. Bitcoin and other cryptocurrencies will benefit as curious plebs contemplate how secure financial privacy in this new digital age.
 
Libra and the conversations it sparked, is the best news for Bitcoin. Two billion people will now embrace and potentially be frightened of a corporate overlord controlling their financial wellbeing. Curiosity is the best food for the Bitcoin bull market.

Through their investments in augmented and virtual reality, it appears that Facebook wishes to create a completely new digital world. Libra could be the financial mana that powers this virtual existence. Let’s hope that while we are vegetating in our haptic pods, our physical shells don’t get Zucked too hard. Please Zuck me gently, and Zuck me long time.

Facebook Takes on ETF Giant Blackrock, with a Fixed Income ETF called Libra

Abstract: In a bold move, social networking giant Facebook, has challenged the traditional finance and ETF industry, with its “Libra coin”, or as we call it the “Libra ETF”. We note that there are many unanswered questions about Libra, which may lack transparency, when compared to traditional ETFs. Another key disadvantage of Libra is that unlike with legacy ETFs, investment income is not distributed to unit holders. We conclude that although Libra has significant disadvantages when compared to traditional ETF products, Facebook’s wide consumer reach with platforms such as Whatsapp and Instagram could give Libra a key commercial advantage.

(Facebook vs Blackrock – The battle for the ETFs)

Overview

The structure of Libra is analogous to the popular Exchange Traded Fund (ETF) model, where unit holders are entitled to the financial returns of a basket of financial assets. The units are tradable on exchanges and a select group of authorised participants are able to create and redeem units using the underlying assets.

As we pointed out in our February 2019 piece, the ETF industry has enjoyed considerable growth in the last decade or so, in particular in the area of fixed income (See figure 1 below). In June 2019, in a bombshell moment for the ETF industry and challenge for the established players such as Blackrock and Vanguard, social media and internet conglomerate Facebook, entered the game. In a direct challenge to Blackrocks’s “iShares Core U.S. Aggregate Bond ETF” (AGG), Facebook announced plans to launch a new ETF, the “Libra ETF”, also focused on fixed income and government bonds.

Figure 1 – Size of the Top Bond ETFs Targeting US Investors – US$ Billion

(Source: BitMEX Research, Bloomberg)

(Note: The chart represents the sum of the market capitalisations of the following bond ETFs: iShares Core U.S. Aggregate Bond ETF, Vanguard Total Bond Market ETF, iShares iBoxx $ Investment Grade Corporate Bond ETF, Vanguard Short-Term Corporate Bond ETF, Vanguard Short-Term Bond ETF, Vanguard Intermediate-Term Corporate Bond ETF, iShares J.P. Morgan USD Emerging Markets Bond ETF, Vanguard Total International Bond ETF, iShares MBS Bond ETF, iShares iBoxx $ High Yield Corporate Bond ETF, PIMCO Enhanced Short Maturity Strategy Fund, Vanguard Intermediate-Term Bond ETF, iShares Short-Term Corporate Bond ETF, SPDR Barclays High Yield Bond ETF, iShares Short Maturity Bond ETF)

Comparing the new ETF structure with the traditional space

In figure 2 below, we have analysed and compared the new innovative Libra ETF to a traditional ETF, Blackrock’s iShares Core US Aggregate Bond ETF (AGG). Our analysis shows that, although the Libra product is new, much of the relevant information, such as transparency of the holdings and frequency of the  publication of the NAV, has not yet been disclosed.

The analysis also highlights that Libra may suffer from unnecessary complexity with respect to portfolio management. The fund appears to be managed by the Libra Association, which consists of many entities in multiple industries across the globe. These same entities are responsible for issuing the ETF and the list of companies is set to expand further. At the same time, the investment mandate is unclear. In contrast Blackrock’s fixed income ETF product has a clear investment mandate, to track the Bloomberg Barclays U.S. Aggregate Bond Index, which is managed independently of the ETF issuer.

Perhaps the most significant disadvantage of the Libra product, is that unit holders do not appear to be entitled to receive the investment income. This contrasts unfavourably with Blackrock’s product, which focuses on an almost identical asset class and has an investment yield of around 2.6%. Defenders of Libra could point out that the expenses need to be covered from somewhere and that the Libra’s expense fee is not yet disclosed. However, the ETF industry is already highly competitive, with Blackrock charging an expense fee of just 0.05%. This expense fee is far lower than the expected investment yield of the product, at around 2.6% and therefore the Libra ETF may not be price competitive, a key potential disadvantage for potential investors.

Figure 2 – Libra ETF vs iShares Core U.S. Aggregate Bond ETF (AGG) – Detailed Comparison

  Libra ETF

iShares Core U.S. Aggregate Bond ETF (AGG)

Launch date June 2019 September 2003
IssuerThe Libra Association/Facebook Blackrock
Asset Class Unknown

US$63.5 billion

Asset class

Fixed Income

Bank deposits and government securities in currencies from stable and reputable central banks

Fixed income – Investment grade government and corporate bonds
Underlying Index Unknown/Not applicable Bloomberg Barclays U.S. Aggregate Bond Index

Portfolio managers

The Libra Association, based in Switzerland will manage the reserve. The investment mandate is not currently disclosed. The current members are as follows:
  • Mastercard
  • PayPal
  • PayU (Naspers’ fintech arm)
  • Stripe
  • Visa
  • Booking Holdings
  • eBay
  • Facebook/Calibra
  • Farfetch
  • Lyft
  • MercadoPago
  • Spotify
  • Uber
  • Iliad
  • Vodafone Group
  • Anchorage
  • Bison Trails
  • Coinbase
  • Xapo
  • Andreessen Horowitz
  • Breakthrough Initiatives
  • Ribbit Capital
  • Thrive Capital
  • Union Square Ventures
  • Creative Destruction Lab,
  • Kiva
  • Mercy Corps
  • Women’s World Banking

James Mauro and Scott Radell, with a clear constrained mandate to track the index

Fees

Unknown

0.05%

Investment yield

Unknown

2.6%

Use of investment income

Unit holders are not entitled to investment income Investment income will:

first go to support the operating expenses of the association — to fund investments in the growth and development of the ecosystem, grants to nonprofit and multilateral organizations, engineering research, etc. Once that is covered, part of the remaining returns will go to pay dividends to early investors in the Libra Investment Token for their initial contribution

Attributable to ETF unit holders

Available exchanges

Currently None

The Libra Association

will encourage the listing of Libra on multiple regulated electronic exchanges throughout the world

NYSE

Creation/redemption basket size

Unknown

100,000 units

Authorized Participants (entities able to create and redeem units)

Authorized resellers, not currently disclosed

Investment Banks

Fund auditor

Unknown

PwC

Information about holdings and Net Asset value (NAV)

Unknown

Full disclosure (Published daily)

(Sources: iShares, Libra)

We have also analysed the two alternatives from a technical perspective. As figure 3 below indicates, the key difference is that control of Libra tokens may in part be managed by digital signatures. As long as no whitelist of addresses is implemented, this may provide some advantages:

  • Pseudonymity
  • A limited amount of censorship resistance
  • Relatively easy integration with cryptocurrency exchanges

However, as we mentioned in our Tether report in February 2018, history has shown that these characteristics can cause platforms to ultimately face a choice between implementing KYC or face being shut down by the authorities. Facebook has already censored politically controversial figures on its main platform, therefore it may appear likely the extent to which Libra ETF units are managed by public private key cryptography is significantly constrained or eventually becomes phased out.

Figure 3 – Technical and cryptographic considerations

 

Libra ETF

iShares Core U.S. Aggregate Bond ETF (AGG)

Consensus system

Not applicable (An ETF does not require a consensus system)

Blockchain

Not relevant (Grouping records of ETF transactions into a chain of blocks linked together by hashing, is inconsequential for ETFs)

Control of units based on digital signature

Possibly:

The Libra Blockchain is pseudonymous and allows users to hold one or more addresses that are not linked to their real-world identity

No

(Sources: iShares, Libra)

Conclusion

Despite the key disadvantage, namely that Libra unit holders are not entitled to the investment income, many industry analysts are carefully examining the impact Libra could have on the traditional ETF industry and existing electronic payment systems.

While our comparison to ETFs is a bit tongue and cheek, it does highlight that the structure of the product has similar attributes to existing financial products. We therefore think it is an appropriate comparison, and if Libra wants to be competitive, it should emulate some of the governance and fee characteristics of traditional ETFs.

However, Libra could attract clients due to integration with platforms such as Facebook, Whatsapp and Instagram. If Libra does retain the property of allowing coins to be controlled by private keys, this is an interesting development and the coin is likely to gain share from tokens such as Tether. However, in our view, in the long run, it is likely Libra either disables this feature or makes it technically difficult, such that only a tiny minority of users have these “non-custodial” wallets. If that happens, Libra is nothing more than a high fee ETF.

WebSocket API Feed Interruption, 27 June 2019

Between 07:50 and 07:58 UTC on 27 June 2019, the following websocket API feeds were interrupted due to a complication during a planned upgrade of our market data distribution services:

  • Account, affiliate, execution, funds, instrument, margin, order, position, trade, transact, wallet

Users of the BitMEX website may have noticed some data not updating during this period e.g. in the Recent Trades panel, Open Orders panel, Fills panel, and Position panel.

The following public feeds were unaffected during this period:

  • Funding, insurance, liquidation, settlement, impactQuote, impactQuoteBin1m, quote, quoteBin1m, quoteBin5m, quoteBin1h, quoteBin1d, tradeBin1m, tradeBin5m, tradeBin1h, tradeBin1d, orderBookL2_25, orderBook10, orderBookL2

During this period we continued to process order instructions and the trading engine was unaffected.

Due to this issue, data in a subset of data mirrors which service user REST API requests was left in an incomplete state. A side-effect of this was that some users observed stale open orders on the BitMEX website for orders which were already cancelled for a period of 90 minutes whilst data was being restored. Any API users that may be missing updates for this period can now backfill data via the REST API.

If you are experiencing order cancellation issues via the website, please refresh your web browser.  We apologise for any inconvenience this interruption may have caused. If you have any further questions please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

WebSocket Rate Limiting Issue, 25 June 2019

At 21:09:00 UTC 25 June, we released an update to our API layer that inadvertently started to count WebSocket subscriptions to certain tables against the request rate limit that had otherwise been exempt. This update may have impacted customers who heavily utilise the WebSocket API. Once the issue was identified at 00:19 UTC 26 June, we immediately rolled back the update to bring systems back to normal.

We apologise for any inconvenience this may have caused. To read more about which subscriptions are exempt from the request rate limiter, see our previous blog post for details. 

ETHUSD Orderbook Feed Issues, 24 June 2019

Between 09:25:54 UTC and 09:44:30 UTC 24 June 2019 the orderBookL2, orderBookL2_25, orderBook10, and quote realtime websocket feeds for ETHUSD were in a degraded state. During this period, the state of the ETHUSD orderbook on these feeds was incorrect.

We were able to identify and resolve the root cause of the issue within a minute of detection. The issue was caused by a rare sequence of order events that triggered a bug in an optimisation of the orderBookL2 calculation which had been deployed to the production environment several hours earlier. This change has since been reverted.

There was no impact to orders in the trading engine itself – just the presentation of the calculated orderbook for ETHUSD downstream of the trading engine.

We have deployed additional automated feed validators to detect potential similar issues in the future and to alert us earlier.

We apologise for the inconvenience this may have caused. If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Q3 2019 Quarterly Futures Listings

On 14 June 2019 at 08:30 UTC, BitMEX will list new quarterly futures.

Please see the following tables for listings and settlements for current and upcoming futures contracts for Q3 2019. Bolded rows are the new contracts.

Code Pair Listing Settlement
ADAM19 Cardano / Bitcoin 15 Mar 2019 28 Jun 2019
ADAU19 Cardano / Bitcoin 14 Jun 2019 27 Sep 2019
BCHM19 Bitcoin Cash / Bitcoin 15 Mar 2019 28 Jun 2019
BCHU19 Bitcoin Cash / Bitcoin 14 Jun 2019 27 Sep 2019
EOSM19 EOS Token / Bitcoin 15 Mar 2019 28 Jun 2019
EOSU19 EOS Token / Bitcoin 14 Jun 2019 27 Sep 2019
ETHM19 Ether / Bitcoin 15 Mar 2019 28 Jun 2019
ETHU19 Ether / Bitcoin 14 Jun 2019 27 Sep 2019
LTCM19 Litecoin / Bitcoin 15 Mar 2019 28 Jun 2019
LTCU19 Litecoin / Bitcoin 14 Jun 2019 27 Sep 2019
TRXM19 Tron / Bitcoin 15 Mar 2019 28 Jun 2019
TRXU19 Tron / Bitcoin 14 Jun 2019 27 Sep 2019
XRPM19 Ripple Token (XRP) / Bitcoin 15 Mar 2019 28 Jun 2019
XRPU19 Ripple Token (XRP) / Bitcoin 14 Jun 2019 27 Sep 2019
XBTM19 Bitcoin / USD 17 Dec 2018 28 Jun 2019
XBTU19 Bitcoin / USD 15 Mar 2019 27 Sep 2019
XBTZ19 Bitcoin / USD 14 Jun 2019 27 Dec 2019

Important Security Advisory Update, June 2019

Summary: We have observed an increased number of unauthorised attempts to access customer accounts. We would like to remind all customers and users to please protect your BitMEX and personal accounts by: using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all your accounts; and using a password manager.

Security has always been the number one priority at BitMEX. This is why we were the first platform to adopt a manual multi-signature cold wallet setup to protect customer funds. We are consistently reviewing our security protocols and improving our standards. We remain committed to continual improvement of our platform security and the security of our customers.

In 2016, following a large botnet credential reuse attack, we published a blog post highlighting the importance of using unique passwords on BitMEX. In addition, we recommended enabling 2FA. 2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.

This message was as true and relevant then as it is now: to protect your account, you should always use strong unique passwords, in combination with a multi-factor authentication solution and password manager.

More recently, we have witnessed an increased number of attempts to compromise or obtain unauthorised access to customer accounts. Enabling 2FA on your account is the best and easiest way to protect yourself from these attacks.

Furthermore, we have observed a continued increase in the sophistication and tactics utilised by financially motivated criminals. One example of this: rather than the attacker immediately executing a withdrawal request, we have observed attackers trading funds out of accounts by deliberately making losses against another account which they also control. We have proactively identified a number of these attacks, and continue to eliminate this activity as it is detected.

Another recurring tactic observed in account takeovers is the disabling of BitMEX email login notifications following unauthorised account access. An attacker may also attempt to enable 2FA on a compromised customer account in order to create an API key with withdrawal permissions. A common thread in almost all cases is that customers may not have seen a withdrawal notification or other account related email notification; for example, a login notification.

While we review practices such as enforcing 2FA and other login access features, we have made the following changes:

  1. Customers can no longer disable login notification emails. The login notification emails will now be sent regardless of existing notification preferences.
  2. Withdrawal requests issued via the API must always complete an email verification step to confirm a withdrawal, unless the API key used was created before 8:00PM June 10, 2019 (UTC).

These changes are a step toward increasing account security for our customers, however it is important to realise that this is not the full solution. Enabling 2FA remains our strongest recommendation.

In addition to the above, BitMEX has reviewed each and every account takeover experienced by our customers and we have identified several common factors among compromised accounts:

  1. Password reuse, or use of trivially guessed passwords on the BitMEX platform and on customer personal email accounts.
  2. Compromised personal email accounts leading to account theft via password recovery flows.
  3. Malware on customer computers leading to secure password theft and subsequent login to the bitmex.com platform.

In order to combat these attacks, adopting a vigilant, disciplined approach to security is key. In all of the above scenarios, utilising 2FA greatly decreases the risk of account compromise. This is further highlighted by recent research by Google that has shown that 100% of attacks can be blocked if a security key has been used for 2FA.

While we consider mandatory enforcement of 2FA across our customer base, we will again stress the importance of adopting good security practices as outlined below.

Note that these steps should be taken not only on your BitMEX account but on personal accounts where you store any confidential information:

  1. Enable 2FA
      1. We recommend utilising one of the many available options, such as Google Authenticator or Authy.
  2. Use a strong unique password and utilise a Password Manager such as LastPass
      1. A strong password consists of at least ten characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.). Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase.
      2. Do NOT use the same passwords for your social media accounts such as Facebook, Spotify or Instagram accounts as you would for your BitMEX trading accounts or bank accounts. Use strong, unique and different passwords for each and every account!
  3. Assess your existing risk
      1. Check to see if your password has been leaked in a third-party breach via services like HIBP.
      2. Check your trading accounts on a regular basis to ensure that you know what the balances are or should be.  
      3. Regular reconciliation of your accounts would be a useful way for you to ensure all transactions in your accounts are with your authorisation.
  4. Add support@bitmex.com to your contacts list and ensure our emails are not landing in your SPAM folder
      1. Ensure that you are not filtering official communications from bitmex.com. These communications include login and withdrawal notifications.
  5. BitMEX support will NEVER ask for your account password

At BitMEX, we take security very seriously. Whilst we continue to evolve our security capabilities both externally and internally, security is ultimately everyone’s responsibility. If you have digital funds on your online accounts, it is critical that you take steps to ensure your account safety/security as above.

If you observe any unusual activity on your account, please contact our Support team immediately via our contact page.