The bitcoin flash crash to $0.01 in June 2011

Abstract: We look at the events surrounding the bitcoin price rally in June 2011 to $32 and the following temporary flash crash down to $0.01, on the MtGox exchange. We look at the incompetence of MtGox and examine the causes of the crash. We then look at the political battle and uncertainty which occurred in the aftermath of the crash.

Bitcoin price from May 2011 to 18 June 2011

(Source: YouTube, MtGox, BitMEX Research)


Click here to download the pdf version of this report



If one likes price volatility and scandals, the summer of 2011 was an exciting time for Bitcoin. Over the course of a few days, bitcoin plummeted in value from a peak of $32 to just $0.01 on the MtGox exchange, a trading platform based in Tokyo, which was dominant at the time. This was after a recent rally, with bitcoin trading at around $2 a couple of months earlier. The crash down to $0.01 is now a famous part of Bitcoin history.

In this piece, we look at the cause of the crash and its aftermath. Although the major exchange of the time, MtGox, was shown to the community to be largely negligent, which may not have been the best advertisement for Bitcoin. In our view the engaging nature of the events which occurred that summer, ironically made a significant contribution to the level of interest in the space.

MtGox security issues & the context of the event

There was significant uncertainty surrounding the hack at MtGox which caused the June 2011 price crash and the issues surrounding it were never fully explained. The Bitcoin community was riddled with rumours about whether MtGox was solvent and how much bitcoin was stolen.

Thanks to a report published in 2017 by Kim Nilsson, we now have a relatively strong understanding of what occurred in 2011 and the damage that this caused to MtGox.  Ironically, despite the huge impact on the market and the company’s reputation, in terms of MtGox’s solvency, this event was largely insignificant compared to other security incidents. For many however, a new window into MtGox was opened up, which illustrated a severe lack of monitoring systems, governance, controls and security measures.

The  table below lists some of the major security incidents at the MtGox exchange, with the June 2011 hack highlighted in green. This incident may have only directly cost the exchange 2,000 bitcoin, an inconsequential amount, compared to roughly 837,000 bitcoin of total losses.

List of known MtGox losses

Date Incident name Description USD lost BTC lost
20 Jan 2011 Liberty Reserve withdrawal exploit 50,000
30 Jan 2011 Liberty Reserve withdrawal exploit 2 A user supposedly withdrew US$2billion from their account which never existed. Although it seems no wire transfer actually occurred and therefore there may have been no losses
1 March 2011 Wallet theft 1 Hackers obtained the MtGox wallet.dat file from the server. This is believed to be the withdrawal transaction. As of 19 July 2018, the stolen 80,000 bitcoin has never been moved. 80,000
22 May 2011 Wallet theft 2 Somebody is believed to have accessed a wallet containing 300,000 bitcoin, which was kept unencrypted on a public drive. The thieves decided to return 297,000 bitcoin, keeping a 1% fee. The return transactions are believed to be for 280,000 and 17,000. 3,000
19 June 2011 Price crash to $0.01 Hacker gained access to Jed McCaleb’s administrative account, and sold bitcoins to crash the price, to withdraw as many bitcoins as possible within the US$1,000 per day limit. Other users who purchased bitcoin at low prices may have also withdrawn funds. 2,000
11 Aug 2011 Bitomat Took over the debts of Bitomat after the company deleted its private keys 17,000
Sept 2011 Database hacked A hacker gained write access to the database and inflated balances to withdraw funds 77,500
Sept 2011 Wallet theft 3

A hacker obtained the main wallet.dat file again and began withdrawing funds in October 2011.

MtGox appears not to have noticed this.

October 2011 Incorrect deposits The change from the above hacker’s withdrawal transactions were incorrectly booked as new MtGox deposits, totalling 44,300 bitcoin. This resulted in customers seeing new deposit balances in their accounts. In some ways the hackers therefore caused more damage to MtGox than the value of coins which were stolen. Some of these errors were corrected, so the net impact may be around 30,000 bitcoin. 30,000
28 Oct 2011 Destroyed bitcoin

A software bug caused funds to be sent in such a way that they could not be redeemed.

Example of such transactions can be found here & here

May & Aug 2013 US law enforcement seizures Federal agencies in the US seized funds from MtGox’s Dwolla account due to allegations the exchange was not complaint with US regulations. 5,000,000
May 2013 Coinlab dispute Coinlab sued MtGox in a dispute over a licensing agreement. 5,000,000
2011 to 2013 Willy Bot MtGox trading program designed to make up some of the above losses, but actually ended up making things worse. 51,600,000 22,800
Total 61,650,000 837,909

(Source: Cracking MtGox, BitMEX Research)

Overview of the events in June 2011

In the weeks leading up to 19 June, many users of MtGox were reporting that their accounts had been hacked. At around the same time a database of MtGox users, including an MD5 hash of their passwords (with an unclear/inconsistent salt policy) was leaked and made available. Many passwords were identified. Some traders used the same credentials at the rival exchange, Tradehill, who also experienced security issues. Despite this, MtGox did not suspend trading, a decision which many traders questioned.

On 19th June 2011 (3am on 20th June Tokyo time), there were large sell orders on the exchange and the price crashed from around $17.50 to $0.01 and trading continued at this level for several minutes before recovering. This lead to a high degree of uncertainty, with some assuming there may be a problem with the Bitcoin network.

It now seems likely that what actually happened was that a hacker may have obtained access to the account of Jed McCaleb, the founder of MtGox who sold the exchange to Mark Karpeles around three months earlier. This account appears to have retained administrative rights to the database and therefore the hacker was able to manipulate account balances and grant themselves a large number of bitcoins on the MtGox system. The hacker is the likely to have begun selling some of these coins.

Due to the poor management of MtGox, in our view it is unlikely that the company were aware of this, even in the aftermath of the hack, and therefore the explanations provided at the time of the events were incomplete or inaccurate.

The withdrawal limits

At the time, MtGox had a daily withdrawal limit of US$1,000, this applied to both bitcoin and USD (via Dwolla). This meant that the hacker (or any others who benefited from the hack by buying bitcoin at low prices), would be unable to benefit by withdrawing the funds, except within the US$1,000 limit. However, the US$1,000 bitcoin limit was based on the market price of bitcoin on the platform and since the price fell to $0.01, in theory the maximum each user could withdraw was 100,000 bitcoin, certainly not a small amount.

Fortunately, however, MtGox appeared to also have a bitcoin based withdrawal limit, that many users were unaware of. As the Mark Karpeles said at the time:

2011-06-20 00:16:43 MagicalTux the btc withdrawal limit saved us

(Source: IRC, Note: MagicalTux is the CEO & owner of MtGox, Mark Karpeles)

Mark then mentioned that only 2,000 bitcoin were withdrawn in the aftermath of the event, which was a relatively positive result for MtGox.

Got about 2,000 BTC out

(Source: IRC)

There was widespread scepticism about this number at the time, with many believing much more was stolen. Ironically, this 2,000 bitcoin figure now seems about right, although MtGox had lost far more in other incidents. However, due to the price crash and suspension of trading, this incident was very public at the time and resulted in the incompetence of the MtGox platform being exposed to the community.

The rollback debate

Many trades took place at the artificially low price of around $0.01 during the crash. Some traders & investors were unhappy at missing out on the price rally from around $1 to $32, and therefore had buy orders waiting in the system, all the way down the order book to $0.01. To them, this crash is exactly what they were waiting for. To the dismay of many of these traders, in the aftermath of the incident MtGox said they would reverse the trades which occurred during the crash:

The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST). One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins. Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.

(Source: MtGox)

After this announcement there was significant debate in the community as to whether the rollback should occur. Obviously many participants in the debate had a financial interest in the outcome and this was no doubt effecting their views. In many ways, there were some parallels between this rollback and the 2016 DAO “rollback” on the Ethereum network, with some similar arguments being made.

Supporting the rollback Opposing the rollback
  • Most traditional exchanges tend to roll back trades in exceptional circumstances, particularly if trades occur at extremely unusual prices. The prices in this instance were certainly extreme.
  • The bitcoin were stolen and therefore users should not benefit from stolen goods.
  • The bitcoin may never have existed and may only have been entries in MtGox’s database and therefore it may not be possible to deliver the coins.
  • MtGox should take responsibility and compensate all parties involved. In particular MtGox did not act appropriately in the weeks prior to this event when many users reported that their accounts were hacked and they allowed trading to continue.
  • MtGox had no policy with respect to the matter and should therefore honour the trades.
  • If MtGox reversed the trades in this case, then users may not trust them again.
  • Reversal is an arbitrary process, would MtGox reverse trades if a much smaller amount of money was stolen? This is one rule for the rich and another for the poor.
  • Although there are some examples of major traditional exchanges reversing trades in exceptional circumstances, there are examples where they have not done so.
  • Honouring the trades is more consistent with the no bailout, dog eat dog, 24×7 uptime, immutability type culture in the community, which was in some ways more prevalent at the time than it is today.

The community appeared to be split on this issue, with some even favouring a vote to decide.

The trader who bought 260,000 bitcoins for US$2,622

The day after the incident, a trader called “Kevin”, claims to have purchased around 260,000 bitcoins during the crash and was arguing that he should be able to keep the coins. As he explained:

I had around $3,000 USD in my MtGox account, from earlier sales I’d made. I looked at the market stats, and realized that there were tons of orders to buy BTC at $0.01 that would likely eat up any remaining bitcoins this seller had on the order. I figured if I put a buy order in for $0.0101, my order would execute first and I could buy a huge amount of bitcoins

(Source: Bitcointalk)

Kevin posted what he claimed to be the trade confirmation:

06/19/11 17:51  Bought BTC 259684.77 for 0.0101

Kevin then went on to explain the likely reason behind the price crash, which was that the seller was trying to manipulate the price down so that they could withdraw more coins within the US$1,000 limit. In our view this part of Kevin’s story is likely to be an accurate explanation for the price crash. This logic contradicts the claim from MtGox that the person who conducted the hack was also the buyer of the bitcoin.

I could place a reasonably sized sell order for $0.001, crash the market again, and withdraw probably all of the bitcoins, since they’d be valued at $0.001 each and would fit under the $1,000 USD limit. I also decided against this, when I realized that whoever placed the gigantic sell order was probably doing so for the exact same reason

However, some have doubted the accuracy of Kevin’s story, claiming the volume of trades he claims is not consistent with the MtGox feed. The feed appeared to show trading volume of only 55,000 bitcoins during the crash past $0.0101 and only 238,000 bitcoins traded in the period. Only 3,000 bitcoin seem to have been traded at the $0.0101 price. These figures are lower than those implied by Kevin, although Kevin’s trades could have been excluded from this data for a variety of reasons. The feed was also notoriously unreliable and it was not clear if there was a precise definition of some for the information in the feed. In our view, there is no reason to believe the whole truth of any of the parties involved in this incident, but Kevin’s explanation for the crash itself seems plausible to us.

MtGox price feed during the crash

(Source: BitMEX Research, MtGox. Note: Volume in bitcoin)

The proof of reserves

The MtGox exchange was down for several weeks and many users were becoming anxious about the solvency of the platform. There was uncertainty over the amount of bitcoin which were lost and users were concerned about a run on MtGox, eventually leading to the exchange going into liquidation and users losing funds. In an attempt to reduce some of these concerns, as the chat log and bitcoin transaction show below, MtGox attempted to prove it had access to a significant quantity of bitcoin, by conducting an onchain transaction on 18th July 2011.

IRC Chat log – 18 July 2011

(Source: IRC Logs)


At the time, the above action seemed to settle the nerves of many of the traders.


A few weeks after these events, after many false starts, trading at MtGox eventually resumed and the bulk of the trades were reversed. However, to this day, as far as we are aware, MtGox has not been able to provide a coherent explanation for what occurred. The lack of a consistent narrative from MtGox lead many to believe that MtGox had poor monitoring and controls of its systems and that the company was run negligently. Many concluded “never to trust MtGox again”.

Unfortunately, however, MtGox somehow continued to dominate the exchange ecosystem for another three years. However one views the conduct and transparency of some of the platforms and players in the ecosystem today, we can at least conclude that things have  significantly improved since 2011.


Tether :波多黎各季度财务数据更新

摘要:继续我们先前关于 Tether 的研究,波多黎各的金融监管机构刚刚发布了 2018 年第一季度的财务数据,其提供了更多与 Tether 相关的证据。除此之外,一位与 Tether 相关的消息人士向我们证实,我们初步报告中的推测是正确的。

先前的报告中提到,我们认为普罗特波罗的贵族银行是 Tether 的主要储备银行,几个月后,彭博社便在 2018 年 5 月发布了一篇文章,进一步证实了我们的看法。正如彭博社所说:

知情人士透露,去年波多黎各圣胡安的贵族银行接管了 Bitfinex 的银行业务。

除此之外,BitMEX 研究团队还与 Tether 关系密切的人士进行了交流,他们也确认了我们在 2018 年 2 月的报告中的推测。我们最初是根据波多黎各金融监管机构披露的数据而推测的。目前该机构又进一步提供了截至 2018 年 3 月的最新季度数据。我们认为,新的数据依然支持着我们最初的推测。


2018 年第一季度的财务数据更新

包括贵族银行在内的国际金融实体( IFE )类别的银行存款达到 35 亿美元,本季度增长 6.9% 。该类别机构的总资产达到 41 亿美元,本季度增长 7% 。这种适度增长与加密币交易量的增长吻合,这可能是基于 Tether 流通量增长和加密币生态系统的持续增长,而本季度因加密币价格走弱而缓慢了下来。本季度, Tether 的流通总值增加了 62.7% ,达到 23 亿美元。

见下图,我们更新了之前的图表,该版本比较了 Tether 总流通量与包含了贵族银行在内的波多黎各银行类别机构的存款总额。

波多黎各的 IFE存款总额与 Tether 流通量比,单位为百万美元。(资料来源: IFE 账户资料, BitMEX 研究, Coinmarketcap )

现金占总资产的百分比(表明全储备银行业务)在本季度也从 85.8% 上升至 91.0% 。 这也表明了加密币或与 Tether 相关的业务量,正如我们在上一篇文章中所解释的如此。

波多黎各的 IFE现金总额占总资产的百分比。(资料来源: IFE 账户资料, BitMEX 研究)

在本季度,监管机构似乎将 “ Tether 余额” 的名称由 “银行中的现金” 改为,“存款、货币市场投资和利息相关投资余额”。 我们不认为这有可疑的地方。





BitMEX (

Tether: Puerto Rico financial data quarterly update

Abstract: Following our earlier research pieces on Tether, financial information from Q1 2018 has been released by the financial regulators in Puerto Rico, providing more evidence of the impact of Tether. In addition to this, a source close to Tether has confirmed to us that the speculation in our initial report is correct.

After our earlier speculation that Noble Bank in Puetro Rico was Tether’s primary reserve bank, a few months later in May 2018 Bloomberg released an article further substantiating our claims. As Bloomberg put it:

According to three people with knowledge of the matter, Noble Bank International, based in San Juan, Puerto Rico, took over banking duties for Bitfinex last year.

In addition to the above, BitMEX Research has also now spoken to people close to Tether, who have also confirmed the reliability of most of the claims in our February 2018 report. Our initial discovery was based on the disclosure of data from the financial regulator in Puerto Rico, who have recently provided the latest update, for the quarter ended March 2018. In our view, the data continues to support our initial speculation.

New Financial Data for Q1 2018

Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.5 billion, up 6.9% in the quarter. Total assets in the category were $4.1 billion, up 7% in the quarter. This moderate growth coincides with a the moderate increase in the volume of crypto-coin trading, which has likely resulted from the continued growth of the Tether balance and crypto-coin ecosystem, moderated by crashing crypto-coin prices in the quarter. In the quarter, the value of Tether in issue increased by 62.7% to $2.3 billion.

We have updated the chart below from the version in our earlier piece, which compares the Tether balance with the deposits in the banking category in Puerto Rico which contains Noble Bank.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)


Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 85.8% to 91.0%. This also indicates crypto-coin or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)


In the quarter the regulator appears to have changed the name of the Tether balance, to “Deposits, money market investments and other interest-bearing balances” from “Cash in banks“. We do not view this as suspicious.


稳定币( Stablecoins )的历史进程(第一部分)

摘要:在这篇文章中,我们回顾了一些去中心化的稳定币的历史,主要重点关注两个案例研究, BitShares ( BitUSD )和 MakerDAO ( Dai )。我们研究了各种产品设计的有效性,例如包含价格可预见性和抵押品。我们的结论是,虽然成功的稳定币很可能代表了金融技术发展的圣杯,但到目前为止我们所研究的所有系统似乎都缺乏能够大规模扩展的能力。我们分析的加密币似乎都基于 “为什么会不以这个价格进行交易?” 的定价逻辑,尽管随着技术改进,根据对这种推理的定价依赖正在下降。


去中心化的稳定币旨在实现比特币(数字交易的抗审查性)和传统金融资产如美元或黄金的价格稳定性等特征。这些稳定币的系统不同于 Tether 之类的加密币,其是由一个实体机构来控制持有的美元抵押品,这导致系统中心化,因此容易被有关机构取缔。


随着去中心化交易所相关概念的萌芽,去中心化的稳定币被称为金融技术的 “圣杯” ,因为它们具有非常强大的潜在好处。在我们看来,这种技术对社会的变革性质将是巨大的,可能比具有浮动汇率的比特币或以太币更为重要。去中心化的稳定币可以具有比特币的优势(抗审查性与电子交易能力),其也没有汇率不稳定的缺陷以及需要鼓励用户和商家采用新的代币的问题。这种系统可以非常成功,因此很多人试图开展这样的项目便不足为奇了:



名称 类型 发行日 白皮书链接
BitShares (BitUSD) 加密币抵押 2014 年 7 月 21 日 白皮书
Nu (NuBits) 加密币抵押 2014 年 9 月 24 日 白皮书
Steem (SteemUSD) 加密币抵押 2016 年 4 月 19 日 白皮书
Corion 无抵押 2017 年 10 月 14 日 白皮书
MakerDAO (Dai) 加密币抵押 2017 年 12 月 27 日 白皮书
Alchemint 加密币抵押 2018 年 9 月 白皮书
BitBay 无抵押 2018 年 9 月 白皮书
Carbon 无抵押 不适用 白皮书
Basis 无抵押 不适用 白皮书
Havven 加密币抵押 不适用 白皮书
Seignoriage Shares 无抵押 不适用 白皮书




  • M0 – 票据和硬币以及在中央银行的存款
  • M1 – 银行活期存款(包括 M0 )
  • M2 – 银行储蓄账户存款(包括 M1 )
  • M3 – 货币市场账户中的货币(包括 M2 )
  • MZM – 按需赎回的所有金融资产中的资金(包括 M3 )
  • MSC( Synthetic Crypto Money ) – 合成加密稳定币系统(包括 MZM )内的资金



在这篇文章中,我们探讨了构建这些合成美元类型代币系统的一些最有著名及有趣的案例。  2014 年的 BitUSD 及一个更近期的项目 – MakerDAO ( Dai )。


案例一: BitShares ( BitUSD ) –  2014 年

名称 BitUSD
发行日 2014 年 7 月 21 日


我们将探讨的第一个稳定币是 BitUSD ,它是一个在 BitShares 平台上的稳定币。  BitShares 是一个 2014 年推出的权益委托证明( DPOS )平台:

  • 丹尼尔·拉里默( Daniel Larimer )( EOS 和 Steem 背后的主要系统设计师)
  • 查尔斯·霍斯金森( Charles Hoskinson )(前以太坊基金会首席执行官兼 Cardano 设计师)和
  • 斯坦·拉里默( Stan Larimer )(丹尼尔的父亲)


BitShares 只是丹尼尔·拉里默设立的一系列去中心化自治公司( DAC )平台中的一个,如下图所示:

(注:丹尼尔·拉里默的公司Invictus Innovations推出了许多代币/ DAC 平台,包括 Protoshares , Angelshares 和 BitShares 。黑色箭头代表 Protoshares 代币持有者被授予新链中的代币, Invictus Innovations 承诺将在所有新的 DAC 平台上提供新代币。资料来源: BitSharestalk


BitUSD 营销材料

(资料来源: BitShares Youtube 视频简介


BitUSD 系统动态

资金池 解析
Bitshares BitShares 平台的原始代币。
Bitshares 作为抵押品 独立于 Bitshares 资金来源,作为抵押品支持稳定币的价格。
BitUSD 价格稳定的代币,设计的用途为追踪美元的价格。


参与方 解析
BitUSD 持有者 BitUSD 稳定币的投资者和用户。 BitUSD 的持有人能够赎回抵押品中的 Bitshares 代币。
BitUSD 创建者 创建 BitUSD 的群体,通过将 BitShares 作为抵押品将其出售到市场(创建新贷款)来创建新的 BitUSD 。这笔贷款可能会持续一小段时间,之后需要展期或将其抵押品提升至初始保证金水平。
投资者 那些在去中心化平台上以 Bitshares 交易 BitUSD 的群体,反之亦然。因此有一个 Bitshares 与 BitUSD 的市场兑价。
区块挖掘者 Bitshares 区块生产者/矿工消费着 BitShares 以支持 BitUSD 的价格,如果 BitShares 的价值小于它所支持的 BitUSD 价值的 150% ,他们只有权这么做(基于 BitUSD 和 BitShares 去中心化系统的自身汇率)。然后矿工可以使用 Bitshares 来兑换/销毁 BitUSD 。 (发布后, 150% 的保证金水平增加到 200% )
价格稳定机制 价格走向 解析
投资者心理学(不清楚 / “为什么不以 1 美元交易?” ) 双向 在 BitUSD 系统中似乎没有特定的价格稳定机制。我们可以自由兑换并创建 BitUSD ,但此交易价格将由去中心化交易所的 BitUSD 与 BitShares 价格决定,该价格与“真实美元价格”无关。在某种程度上,价格参考自身的价格。因此没有任何机制直接将 BitUSD 的价格维持在 1 美元,但他们提出的论点是“为什么它会以任何除了 1 美 元以外的其他价格进行交易?”我们认为这种逻辑很弱。
BitUSD 赎回(间接) 正面 如果抵押代币( BitShares )的价值下跌,任何 BitUSD 持有人都可以赎回 BitUSD 并获得价值 1 美元的 BitShares ,前提是假设 BitUSD 的市场价格仍然是 1 美元并且抵押品中有足够的 BitShares 。


只有在 BitShares 值下降且 BitUSD 市场价格保持在 1 美元的情况下,此稳定性机制才能保护系统的完整性。我们认为,它并没有直接稳定 BitUSD 价格在 1 美元左右的功效。如果 BitUSD 的价格偏离了 1 美元,这种机制可能无法帮助价格回调。





抵押品价值下跌 – BitShares 是一种新的,未经测试的低价值资产,因此其价值波动很大。如果代币在一笔创建 BitUSD 贷款的贷款期内的价值急剧下跌 50% ,可能没有足够的抵押品来覆盖且可能会有脱钩的情况出现。


缺乏价格预见性 – 在我们看来,这种设计中最具争议的一个方面是缺乏任何价格的预期机制,为系统提供真实世界的汇率。然而,任何价格预期系统都难以实现,并可能隐含一些弱点和被操纵的可能性。我们将在第二部分中详细讨论这一点。在我们看来,唯一真正的解决方法是稳定币系统需要从去中心化的交易所获取交易价格,前期是可以从现实世界获取去中心化的美元交易价格。 BitShares 的去中心化交易所不允许 “实际美元” 交易。像 Bisq 这样没有中央清算的去中心化交易系统理论上可以允许交易“实际美元”价格且能提供交易价格。因此,如果这些系统出现,稳定币最终可能被认为是建立在具有流动性且稳健的去中心化交易平台之上的第二层技术。


操纵 – 去中心化交易平台上 Bitshares 与 BitUSD 的交易量较低,因此区块挖掘者可以通过使 Bitshares 相对于 BitUSD 的价格下跌来操纵市场,使他们能够以折扣价获得 Bitshares 。

缺乏任何价格稳定机制 – 该系统的主要缺点是缺乏任何能将价格导向 1 美元的机制,除了 “它还能以多少钱来交易?” 的逻辑。



在丹尼尔看来, BitUSD 创造的机制类似于美元在经济中的创造方式,由金融机构将其“借到”经济体系中。

这与日常银行系统中创建美元的方式相同。在抵押品的支持下,美元被“借到”经济体系中,就目前的银行系统而言,抵押品是你的房子。在我们的系统中,是它在 DAC 本身的权益。

(资料来源:让我们谈谈比特币第 129 集


丹尼尔在某种程度上是正确的,但正如我们在这篇文章的介绍中所解释的那样,这些合成美元远不如传统银行创造的货币那么可靠,并且可以被视为一个全新的风险层,因为它们甚至在架构上离远基础货币更远。除此之外,在获得银行贷款时,银行通常有法律义务在客户要求时提供实物现金。虽然对 BitUSD 持有者来说他们也可以这么要求,但对于 BitUSD 的创建者来说,他们没有法律义务。虽然银行通常没有足够的现金储备来偿还所有存款,但他们有法律义务,这是 BitUSD 与美元银行存款的一个重要区别。


对于缺乏价格挂钩的弱点,拉里默假设 “价格反馈是不必要的” ,其回应如下:


(资料来源:让我们谈谈比特币第 129 集


在我们看来, 1 美元的价格是 “唯一理性选择” 的论点很弱。基本上,如果价格不是 1 美元,那会是什么?在我们看来,这种逻辑在某些时期可能适用,但它不可持续,也不会实现规模效应。



现有的 BitUSD 流通量远低于许多人所想,在某些时期,发行量仅为 40,000 美元左右。与此同时,流动性非常低,价格稳定性较弱,如下图所示。 BitUSD 的主要设计师在 2017 年提出了一个新的 stablecoin SteemUSD ,这次系统包涵了一个价格供给的设计。因此,我们认为 BitUSD 是一个有意思的早期实验性系统,它没有做到它所希望实现的,也没有成功建立一个强大的稳定币。



案例二: MakerDAO( Dai ) –  2017 年

名称 Dai
发行日 2017 年 12 月 27 日
价格可预见性 有(间接)


我们参考的下一个稳定币是 Dai ,它存在于以太坊平台上。该系统非常复杂,有四个相关的资金池和六个可能的稳定机制。目前大约发行了 5,000 万美元等值的 Dai ,而且价格挂钩机制似乎运作的相当不错。



资金池 解析
以太坊 以太坊是用于 Maker 和 Dai 区块链平台的原始代币
以太坊池 发放 Dai 代币时,以太坊作为抵押品被放置在抵押品池中。这些通常被称为抵押债务头寸( CDP )
Dai Dai 是 ERC-20 代币,通过抵押池中的以太币生成。 Dai 是价值 1 美元的稳定币。
Maker Maker 代币是 MakerDAO 的治理代币。它的用途在于决定与生态系统稳定性有关的各种举措的投票。在抵押品解锁过程中也必须持有它。在该过程中,可以从用户获得稳定费,其中必须以 Maker 支付。  Maker 也属于 ERC-20 代币。
参与方 解析
Dai 创建者 将以太坊发送到智能合约的人,锁定以太坊以换取 Dai 。这些人也被称为 CDP 所有者。
Dai 持有人/用家 持有人不一定是 Dai 的创建者。他们可能投资持有或使用 Dai 稳定币。
Maker 代币持有人 Maker 代币持有者能对 MakerDAO 系统的若干功能和参数进行投票。他们管理着稳定费率和清算比率等参数,并负责提名其他团体。
管理员 这些交易员监督着 Dai 抵押品,如果价格下跌至不足的水平,则需要通过用 Dai 来公开购买抵押品。
Oracles 报价方提交价格信息的汇总,用于为 Maker 和以太坊决定价格(但不是 Dai 本身)。这些代理商由 MakerDAO 代币持有者提名。



全球结算者 这是 MakerDAO 代币持有者提名的另一个团体。这个团队可以通过给予持有人某个固定价格赎回抵押品的权利来解除整个 Dai 制度
价格稳定机制 价格走向 解析
Dai 赎回 正面 理论上,主要的稳定机制是以价值 1 美元的以太币来兑换 Dai 。赎回只能由CDP持有者来执(除非他没有足够的抵押品)。如果 Dai 的价格下降, CDP 的持有者需要使用他们目前持有的 Dai 或在市场上购买,然后他们可以根据 oracles 提供的价格来兑换/消除价值 1 美元的以太坊。
Dai 创建 负面 为了补充 Dai 赎回过程,防止 Dai 攀升价过高,是太坊持有者能通过将以太坊置于 CDP 内来创造新的 Dai 。
目标汇率 (未激活) 双向 存在 “目标利率反馈机制”( TRFM ),其似乎是系统中的另一种价格稳定机制。但是,它还没有激活,也还没有制定出有关机制。

其想法是目标汇率由 MakerDAO 代币持有者设定。目标利率基本上是适用于创建或赎回 Dai 的价差,旨在纠正价格。

CDP 清算(间接) 正面 交易员/管理员可以通过这种机制赎回由另一个 CDP 持有的以太坊抵押品。只有当此抵押品的价值降至不足以支持 Dai 时才会发生这种情况,在该情况下 Dai 的价值为 150% 。这应该激励 CDP 持有者继续增持他们的 CDP ,以确保有大量的以太坊缓冲区。

这是确保系统完整性并确保抵押品价值始终充足的必要机制。然而,目前尚不清楚这是否可以直接使 Dai 的价值维持在1美元。这种机制可以被认为是稳定机制的一个组成部分,它只是确保了抵押品的水平是足够的。我们认为,需要其他赎回制度才能使其机制变得有意义。

全球结算 正面 此机制可随时触发启动。启动该机制基本上为所有 Dai 的持有者提供了一个选项,可以在触发时根据 oracle 价格转换回以太坊的固定值,价值 1 美元(或者根据系统中的抵押品总价格,换成任何价格) 。这个和正常赎回之间的区别在于价格是固定的,并且对所有  Dai持有者开放,而不是与特定的 CDP 配对。

我们认为,这种机制可以用作对 CDP 持有人的威胁,以确保他们在价格下跌的情况下继续赎回 Dai ,而不是继续在更低的价格情况持有。


MakerDAO 代币发行(间接) 正面 MakerDAO 代币持有人充当最后买家。如果系统中的抵押品价格(汇集的以太坊)降至 100% 以下,MakerDAO 将在公开市场上自动创建和拍卖,以筹集额外资金来弥补该系统的抵押价值。因此,如果系统抵押价值不足, Maker 持有人将承担损失。

我们认为,这种机制再次保护了抵押品的价值,但并没有直接帮助 Dai 的价格回归到 1 美元。


核心稳定机制分析 –  Dai 赎回

主要的稳定机制似乎是,如果 Dai 的价格太低, CDP 持有者可以赎回,如果价格太高,人们可以创造新的 Dai 。例如,如果戴的价格下降到 80 美分, CDP 持有者可以在市场上购买 Dai 并赎回它,得到价值 1 美元的以太坊并赚取不错的利润。这就是系统在正常情况下的运作方式。


以上所述似乎是一个强大的稳定机制,应该将 Dai 的价格保持在 1 美元或接近 1 美元。然而,该理论可能只有在 CDP 持有者期望 Dai 的价格回到 1 美元时才有效。如果 Dai 的价格已经下降到 80 美分, CDP 持有者如果预计 Dai 价格会进一步跌至 60 美分他们便可能不愿意赎回,因为价格下跌将使他们能够获得更多的利润。没有机制可以保证价格下跌到 80 美分时,它不会继续下跌。


因此,稳定机制可能在某种程度上取决于两个群体, Dai 持有者和 CDP 持有者之间的角力。这两个群体基本上是在市场上相互交易, Dai 持有者销售 Dai 而 CDP 持有者是潜在买家。如果权力平衡转向 CDP 持有者,而他们资本充足,耐心,协作并有决心,这个群体可以战胜 Dai 代币持有者,驱使价格下跌,然后再买回来赚取大量利润。这看似不太可能,但在我们看来,稳定机制可能不适用于所有市场情况。虽然我们认为 Dai 在某些方面优于 BitUSD ,但 Dai 价格挂钩机制以与 BitUSD 相同,都依赖于市场心理和投资者期望。因此, Dai 的挂钩机制也很弱,不太可能产生规模效应。


全球结算系统可以减轻上述风险。如果 CDP 持有者成功地操纵 Dai 的价格,这可能会触发全球结算。然后 Dai 持有人将获得大约 1 美元的以太坊。因此,全球结算机制触发的威胁可能会维持 Dai 的价格在一定区间。然而,这种威胁的有效性还取决于各团体, CDP 持有者, MakerDAO 代币持有者和全球结算触发者的决心。



我们认为 Dai 是目前市场上最健全,最先进的稳定比系统之一。我们认为,在研究 Dai 的价格稳定机制时,没有一种强有力的机制可以确保价格稳定。相反,它们有一个复杂的系统网络,它们在某种程度上相互牵引并使用循环逻辑。人们可以声称这种复杂性是为了模糊缺乏强大而明确的稳定性机制而创建的,但它更有可能是个实验性试错的系统设计。


因此,该系统仍然依赖于投资者的期望和心理,尽管其程度低于 BitUSD 。虽然现有的稳定系统至少在一段时间内可以有作用,但我们认为它们不足以抵御市场动荡或 Dai 和 CDP 持有者之间的权力不平衡。因此,寻找 “圣杯” 仍在继续着。






BitMEX (


A brief history of Stablecoins (Part 1)

Abstract: In this piece we look over the history of distributed stablecoins, focusing on two case studies, BitShares (BitUSD) and MakerDAO (Dai). We examine the efficacy of various design choices, such as the inclusion of price oracles and pooled collateral. We conclude that while a successful stablecoin is likely to represent the holy grail of financial technology, none of the systems we have examined so far appear robust enough to scale in a meaningful way. The coins we have looked at seem to rely on “why would it trade at any other price?” type logic, to enforce price stability to some extent, although dependence on this reasoning is decreasing as technology improves.


Please click here to download a pdf version of this report



Distributed stablecoins aim to achieve both the characteristics of crypto-coins like Bitcoin (censorship resistant digital transactions) and the price stability of traditional financial assets, such as the US Dollar or gold. These systems are distinct from tokens such as Tether, where one entity controls a pool of US Dollar collateral, ultimately making the system centralised and thus susceptible to being shut down by the authorities.

Along with the somewhat related idea of distributed exchanges, distributed stablecoins have been referred to as the “holy grail” of financial technology, due to their very strong potential benefits. In our view the transformative nature of such a technology on society would be immense, perhaps far more significant than Bitcoin or Ethereum tokens with their floating exchange rates. Distributed stablecoins could have the advantages of Bitcoin (censorship resistance combined with the ability to transact electronically), without the difficulties of a volatile exchange rate and the challenge of encouraging users and merchants to adopt a new unknown token. Such a system is likely to be very successful and therefore it is no surprise that so many people have attempted to launch such projects:

List of stablecoin projects

Name Type Launch Date White paper link
BitShares (BitUSD) Crypto-collateralized 21 July 2014 White paper
Nu (NuBits) Crypto-collateralized 24 Sept 2014 White paper
Steem (SteemUSD) Crypto-collateralized 19 April 2016 White paper
Corion Non-collateralized 14 Oct 2017 White paper
MakerDAO (Dai) Crypto-collateralized 27 Dec 2017 White paper
Alchemint Crypto-collateralized Sept 2018 White paper
BitBay Non-collateralized Sept 2018 White paper
Carbon Non-collateralized n/a White paper
Basis Non-collateralized n/a White paper
Havven Crypto-collateralized n/a White paper
Seignoriage Shares Non-collateralized n/a White paper

The technical challenges involved in creating such systems are often underestimated. Indeed constructing a distributed stablecoin system, which is robust enough to withstand cycles or the turbulence and volatility linked to financial markets may be almost impossible. For instance perhaps most forms of fiat money, even the US Dollar itself, have not even achieved that, with credit cycles putting US Dollar bank deposits at risk. A stablecoin system which builds on top of the US Dollar is therefore never going to be more reliable than traditional banking, in our view.

In economics there is a concept of money supply, with risk and the potential inflationary impact increasing as the number of layers increase. One could add this stablecoin systems on top, as a new high risk layer:

  • M0 – Notes & coins plus deposits at the central banks
  • M1 – Money on deposit in a bank current account (including M0)
  • M2 – Money on deposit in a bank savings account (including M1)
  • M3 – Money in a money market account (including M2)
  • MZM – Money in all financial assets redeemable on demand (including M3)
  • MSC (Synthetic Crypto Money) – Money inside synthetic crypto stablecoin systems  (including MZM)

However advanced or sophisticated the distributed stablecoin technology is, we believe the token is likely to be less robust than the layers above it in the money supply tree.

In this piece we review some of the most prominent and interesting attempts at building these synthetic US Dollar type systems. BitUSD in 2014 and then a more recent project, MakerDAO (Dai).


Case study 1: BitShares (BitUSD) – 2014

Coin Name BitUSD
Launch Date 21 July 2014
Crypto collateral Yes
Price oracle No

The first stable coin we will discuss is BitUSD, a stablecoin on the BitShares platform. BitShares was a delegated proof of stake (DPOS) platform launched in 2014 by:

  • Daniel Larimer (The primary architect behind EOS and Steem),
  • Charles Hoskinson (the former Ethereum Foundation CEO & Cardano architect), and
  • Stan Larimer (Daniel’s father).

BitShares is just one in a long line of decentralised autonomous corporation (DAC) type platforms released by Daniel Larimer, as the below image shows:

(Note: Daniel Larmier’s company Invictus Innovations launched a number of token/DAC platforms including Protoshares, Angelshares and BitShares. The black arrows represent Protoshares coin holders being granted tokens in the new chains, which Invictus Innovations promised to deliver on all new DAC platforms. Source: BitSharestalk)


BitUSD Marketing material

(Source: Introduction to BitShares Youtube video)

BitUSD System dynamics

Pools of Funds Description
Bitshares The native currency of the BitShares platform
Bitshares held as collateral Separate pools of Bitshares  held as collateral, used as backing for the stablecoin.
BitUSD The stable token, designed to track the value of the US Dollar


Groups of Participants Description
BitUSD holders Investors and users of the BitUSD stable coin. Holders of BitUSD are able to redeem the tokens for the Bitshares held in collateral.
BitUSD creators Those that create new BitUSD, by selling it into the market (creating new loans), by posting BitShares as collateral. This loan may be for a small period of time, after which it needs to be rolled over or have its collateral topped up to the initial margin level.
Traders Those exchanging BitUSD for Bitshares, and vica versa, on the platform’s own distributed exchange. There is therefore a Bitshares vs BitUSD market price.
Block producers Bitshares block producers/miners have a role of spending the BitShares backing BitUSD, something they are only entitled to do if the value of the BitShares is less than 150% of the value of the BitUSD it is backing (based on the BitUSD vs BitShares exchange rate on the system’s own distributed exchange). The miner can then uses the Bitshares to redeem/destroy the BitUSD. (After the launch the 150% margin level was increased to 200%)


Price Stability Mechanisms Price Direction Description
Investor psychology (Unclear/”Why not trade at $1?”) Both directions There does not appear to be a specific price stability mechanism in the BitUSD system. One can redeem and create BitUSD, however the price this transfer occurs at is determined by the BitUSD vs BitShares price in distributed exchange, which is not linked to “real USD”. In a way the price references itself. There is therefore no direct mechanism keeping the price of BitUSD at $1, but the argument put forward is “why would it trade at any other price?” In our view this logic is weak.
BitUSD redemption (indirect) Positive Should the value of the collateral currency (BitShares) fall, any BitUSD holder can redeem the BitUSD and obtain $1 worth of BitShares, assuming the market price of BitUSD is still worth $1 and there is sufficient BitShares held in collateral.

This stability mechanism protects the integrity of the system only in the event that the value of BitShares falls and the BitUSD market price remains at $1. It does not directly stabilize the price of BitUSD around $1, in our view. If the price of BitUSD deviates from $1, this mechanism may not help correct the price.

In our view, it is important to draw the distinction between a mechanism designed to protect the value of collateral and that of a mechanism which directly causes the price of the stablecoin to converge.


Exposure to a fall in the value of collateral – BitShares was a new, untested and low value asset, and therefore its value was volatile. If the value of the token falls by 50% sharply, in a period spanned by one of the loans used to create BitUSD, there may be insufficient collateral and the peg could fail.

Lack of a price oracle – In our view one of the most controversial aspects of this design is the absence of any price oracle mechanism, providing the system with real world exchange rates. However any price oracle system is challenging to implement and may introduce several weaknesses and avenues for manipulation. We will talk more about this in part 2. In our view, the only real way around this may be that any stablecoin system may require a price feed from a distributed exchange, which can in theory publish a distributed price feed from real world US Dollar transactions. The distributed exchange in BitShares did not allow “real USD”. A distributed exchange system like Bisq, without a central clearing could in theory allow “real USD” prices and provide a distributed price feed.   Therefore stablecoins may eventually be considered as a layer two technology on top of liquid and robust distributed exchange platforms, should these systems ever emerge.

Manipulation – Trading volume in the Bitshares vs BitUSD market on the distributed exchange platform was low, it was therefore possible for block producers to manipulate the market by causing the value of Bitshares to fall relative to BitUSD, enabling them to obtain Bitshares at a discount.

Lack of any price stability mechanism – The main weakness of the system is the lack of any mechanism to move the price towards $1, other than the “where else would it trade?” logic.

Daniel Larimer’s defence of the system

In Daniel’s view, the mechanism of BitUSD creation is analogous to how USD are created in the economy, in that financial institutions lend them into existence.

It’s the same way dollars are created in the regular banking system. Dollars are learnt into existence backed by collateral, in the case of the current banking system the collateral is your house. In the case of our system its shares in the DAC itself.

(Source: Lets talk Bitcoin episode 129)


In a way Daniel is correct here, however as we explained in the introduction to this piece, these synthetic dollars are far less reliable than those created by more traditional banks, and can be considered as a whole new layer of risk, as they are even further away from base money. In addition to this, when obtaining a bank loan, the bank typically has a legal obligation to provide the customer physical cash should they demand it. While such an outcome for BitUSD holder is possible, its not a legal obligation for the creators of BitUSD. Although obviously banks typically do not have the cash in reserve to pay back their deposits, we think the fact they have a legal obligation to do so is an important distinction to draw when comparing BitUSD to US Dollar banking deposits.

In response to the supposed weakness of a lack of a price peg, Larimer argues in favor of his “hypothesis that the price feed is unnecessary” as follows:

It implements automatic margin calls, such that if the price moves against someone who is effectively short, it forces them to cover and buy it back in the market and that creates a peg. The market peg works on the premise that all market participants buy and sell based on what they think market participants will be buying and selling in the future. The only rational choice is to assume that it’s going to trade based on the peg in the future. If you don’t believe that they you have to decide on which way it’s going to go, up or down. And if you don’t have a way of saying you abstain from the market. If you don’t think it works you sell the shares and get out, as the systems going to fail in the first place. So its a self reinforcing market peg, that causes the asset to always have the purchasing power of the dollar.

(Source: Lets talk Bitcoin episode 129)


In our view this idea that a price of $1 is the “only rational choice” is a weak argument. It is basically saying that if the price is not $1, then what will it be? This logic may hold true for some periods, but it is not sustainable and will not scale, in our view.


The volume of BitUSD in existence was a lot lower than many had hoped, in some periods there was only around $40,000 in issuance. At the same time liquidity was very low and the price stability was weak, as the below chart illustrates. The main architect of BitUSD went on to propose a new stablecoin SteemUSD in 2017, this time including a price feed system. Therefore we consider BitUSD as an interesting early experiment, it did not achieve what was hoped nor did it build a robust stablecoin.

(Source: Coinmarketcap)


Case Study 2: MakerDAO (Dai) – 2017

Coin Name Dai
Launch Date 27 Dec 2017
Crypto Collateralized Yes
Price Oracles Yes (indirect)

The next stablecoin we look at is Dai, which exists on the Ethereum platform. This system is highly complex, with four relevant pools of funds and six possible stability mechanisms. There are currently around $50 million worth of Dai in issuance and the peg seems to be holding up reasonably well.

System dynamics

Pools of Funds Description
Ethereum Ethereum is the native token of the Blockchain platform used for Maker & Dai
Pooled Ethereum Ethereum is placed in pools used as collateral for issuance of the Dai token. These are often referred to a collateralized debt positions (CDPs)
Dai Dai is an ERC-20 token that is generated by collateralizing pooled Ether. Dai is the stablecoin token, designed to be valued at $1.
Maker The Maker token is MakerDAO’s governance token. It is used to vote on various initiatives that pertain to the stability of the ecosystem. It is also mandatory to possess during the collateral unlocking process. During such a process, a stability fee is garnered from the user, where payment is accepted exclusively in Maker. Maker is also an ERC-20 token.


Groups of Participants Description
Dai Creators An individual who sends Ethereum to a smart contract, locking up Ethereum in exchange for Dai. These people are also known as CDP owners.
Dai Holder/User A Dai holder may or may not be a Dai creator. They may invest in or use the Dai stablecoin token.
Maker Token Holders Maker token holders vote on several functions and parameters of the MakerDAO system. They manage aspects such as stability fees and liquidation ratios, as well as having responsibility to nominate other groups.
Keepers These traders monitor the Dai collateral and if it falls to an insufficient level, purchase the collateral in an open auction, by spending Dai.
Oracles Price feed producers submit price information that is aggregated and used to select a given price for both Maker and Ethereum (but not Dai itself). These agents are nominated by MakerDAO token holders.

In order to prevent manipulation, there is a one hour lag between the price publication and when it impacts the system. In addition to this a median type mechanism is used to select the price, which involves ignoring the highest and lowest prices. In our view this may not prove to be robust enough if the oracles have a conflict of interest and try to engage in manipulation.

Global settlers This is another group nominated by the MakerDAO token holders. This group can unwind the entire Dai system, by giving Dai holders the right to redeem their collateral at a fixed price.


Price Adjustment Mechanics Price Direction Description
Dai Redemption Positive The primary stability mechanism is the ability, in theory, to redeem Dai for $1 worth of Ethereum. Redemption can only be conducted by CDP owners (unless there is insufficient collateral). If the price of Dai falls, CDP owners need to either use Dai they currently hold or buy it in the market, and then they can redeem/delete Dai for $1 worth of Ethereum based on the price feed provided by the price oracles.
Dai Creation Negative To complement the Dai redemption process, the mechanism to prevent the price of Dai climbing too high, is the ability of Ethereum holders to create new Dai, by placing Ethereum inside of CDPs.
Target rate (Not active) Both directions There is a “Target Rate Feedback Mechanism” (TRFM), which appears to be another price stability mechanism in the system. However, it is not yet active nor have several specifications of the mechanism been worked out yet.

The the idea is that a target rate is set by the MakerDAO token holders. The target rate is essentially a spread which applies to the creation or redemption of Dai, designed to correct the price.

CDP liquidation (indirect) Positive There is a mechanism by which traders/keepers can redeem the Ethereum collateral held by another CDP. This can only occur if the value of this collateral falls to an insufficient level to backup the Dai, in this case 150% of the value of Dai. This should incentivise CDP owners to keep topping up their CDPs to ensure there is a large buffer of Ethereum.

This is a necessary mechanism to ensure the integrity of the system and ensure the value of the collateral is always sufficient. However it is not clear if this directly keeps the value of Dai at $1. This mechanism can be thought of as a building block on the stability mechanism, which merely ensures the level of collateral is sufficient. Other redemption systems are needed to make this meaningful, in our view.

Global Settlement Positive This mechanism can be triggered at any time. The triggering essentially gives all Dai holders an option to convert back to a fixed value of Ethereum, worth $1 according to the oracle price feed, at the time of the triggering (or whatever price is possible given the total level of collateral in the system). The difference between this and normal redemption, is that the price is fixed and its open to all Dai token holders and not paired to a particular CDP.

The idea is that this mechanism can be used as a threat against CDP holders, to ensure they keep redeeming Dai in the event the price falls, rather than holding out for an even lower price.

Global settlement can also be used in the event of bugs or other emergencies.

MakerDAO token issuance (indirect) Positive MakerDAO token holders act as the buyer of last resort. If the collateral (pooled Ethereum) in the system were to drop below 100% collateralization, MakerDAO is automatically created and auctioned on the open market to raise additional funds to collateralize the system. Hence, if the system becomes undercollateralized, Maker holders absorb the damage.

Again this mechanism protects the value of collateral, but does not directly help the price of Dai converge to $1, in our view.

Analysis of the core stability mechanism – Dai redemption

The primary stability mechanisms appear to be the ability of CDP owners to redeem if the price of Dai is too low and for people to create new Dai if the price is too high. For example if the price of Dai falls to 80 cent, CDP owners could purchase Dai in the market and redeem it, unlocking $1 worth of Ethereum and making a nice profit. This is how the system should work under normal circumstances.

The above appears to be a robust stability mechanism which should keep the price of Dai at or near $1. However, the theory may only work if CDP owners expect the price of Dai to correct back to $1. If the price of Dai has fallen to 80 cent, CDP owners may be reluctant to redeem if they expect the Dai price to fall further to 60 cent, as such a price would enable them to make even more profit. There is no guarantee that once the price reaches 80 cent, it won’t continue to fall.

Therefore the stability mechanism could depend somewhat on the power dynamics between two groups, Dai owners and CDP owners. These two groups are essentially trading against each other in the market, Dai owners are selling of Dai and CDP owners are the potential buyers. If the power balance shifts towards CDP owners, such that they are well capitalised, patient, collaborative and determined, this group could outmaneuver the Dai token holders, drive the price down, and then buy it back and make a large profit. This may seem unlikely, but in our view the stability mechanism may not work in all market scenarios. Although we consider Dai as superior to BitUSD, in some limited ways, the Dai peg relies on market psychology and investor expectations, in the same way as BitUSD. Therefore the Dai peg is also weak and unlikely to scale.

The global settlement system can mitigate the above risk. If CDP owners are successfully manipulating the price of Dai down too far, this could trigger global settlement. Dai holders would then get around $1 of Ethereum back. Therefore the threat of global settlement may keep the price of Dai up. However again the effectiveness of this threat depends on the determination of the various groups, the CDP owners, MakerDAO token holders and global settlement activators.


We consider Dai to be one of the most sophisticated and advanced stablecoins systems which has been produced so far. In our view, when digging into Dai’s stability mechanisms, there is no one powerful mechanism which ensures stability. Instead we have a complex network of systems, which to some extent reference each other and use circular logic.  One could claim this complexity was created to obfuscate the lack of a strong and clear stability mechanism, but it is more likely to be an indication of an experimental trial and error type approach to the design of the system.

Therefore the system is still reliant on investor expectations and psychology, although to a lesser extent than the BitUSD. While the stability systems in place could work, at least for a while, we think they are not robust enough to withstand market turmoil or some types of power imbalances between Dai holders and CDP owners. Therefore, the search for the holy grail continues.


比特币经济学 – 债务通缩的漩涡(第三部分)



点击此处下载本报告的 pdf 版本



对比特币和相关加密币最常见的批评之一是其有限的供应量(比特币为 2,100 万)以及其通货紧缩的特性,这可能对经济发展有着不利因素。批评者认为,历史告诉我们,有限的货币供应量是个糟糕的货币政策,其将导致或加剧经济崩溃。要么是因为人们认为金钱将升值导致不愿意消费,又或者因为债务的实际价值增加,导致负债的实际的经济负担越来越重。比特币批评者认为支持比特币的人是 “经济幼稚” 的,因为他们未能从过去的经验学习到教训。





– Mitsuru Iwamura (“我们能否稳定加密币的价格?:了解比特币的设计及其与中央银行竞争的潜力”) –  2014 年


关键在于,如果没有通货膨胀机制,例如每年增加 2% 比特币供应,那么这种货币注定失败,因为人们会开始囤积它,因为人们认为它明年的价值将高于今年的价值。

– David Webb (视频 51 分钟处) –  2014 年



– 经济学家(“比特币通缩问题”) –  2014 年


该货币的 “供应量” 最终将被限制在 2,100 万个单位。对比特币自由主义的信徒来说,这是排除中央银行操控通货膨胀的最简便的方法。然而,现代中央银行有充分的理由支持低通胀的货币政策。在现实世界中,工资是具有 “粘性” 的:公司发现很难削减员工的工资。实际上,小幅度的通货膨胀滋润了这种制度,因为某程度上来说它削减了无法跟上通货膨胀的工人的工资。如果货币供应增长缓慢,那么价格就会下降,而具有粘性工资的工人的成本会更高,进一步使得失业率上升。如果受雇工人囤积现金并期望物价进一步下跌,那么经济下滑势头将加剧。

– “经济学人”(“从无到有”) –  2014 年


我们目前的全球经济体系非常糟糕,但我认为比特币是最糟糕的。对于初学者来说, BTC 本质上是通缩的。比特币能被挖掘出来的数量是有上限的(专用术语 “开采” :新的比特币是通过数学运算所创建的,这也将使得比特币的挖掘变得越来越困难 – 就像计算一个越来越大的素数数字,他们与下个数字距离越来越大)。这意味着生成新比特币的成本会随着时间的推移而增加,导致比特币的价值相对于市场上可用的商品和服务而增加。追逐商品的钱少了;每个人只需要花费更少的现金(因为商品的供应大于资金的供应)。

– Charlie Stross (“为什么我要比特币被烧成灰烬”) –  2013 年


尽管如此,仍然有 2,100 万的供应限制问题。如果达到上限,比特币供应的未来必须走向部分准备金制度的道路,因为只重新借出现有加密币,或者有一天可以用比特币为贷款进行结算 – 这是常规银行惯例 – 才能克服供应缺乏的问题。

– Izabella Kaminska – 金融时报(“比特币问题”) –  2013 年


因此,[比特币] 这个实验告诉了我们关于货币制度范围内的所有事物,它展示了对新的黄金标准这种制度的反感 – 因为它显示了这种制度对金钱囤积,通货紧缩和经济萧条的情况下有多么的脆弱。

– Paul Krugman (“金色网络恐惧症”) –  2011 年



– 地下经济学家(“为什么比特币不能成为货币”) –  2010 年



数十年来,许多经济学家一直在讨论通货膨胀的优缺点。然而,争论的主要观点是基于一下理论;来自不同学派的经济学家对这个话题有不同的看法。可以说,目前的经济共识认为通缩是一种不良的经济现象,而以每年约达到 2% 的温和通货膨胀是需要的。而倾向奥地利学派的学者则不成比例地支持比特币和黄金这些具有通货紧缩特性的商品,他们反对集权管理通货膨胀并以正通货膨胀作为货币政策目标的管理方式。


对通货紧缩的负面看法的主要驱动因素之一似乎是基于 1929 年的经济大萧条和债务通缩漩涡。该理论认为,在经济衰退和通货紧缩期间,债务的实际价值增加。这种增长加剧了已经疲软的市场经济。经济学家欧文·费雪( Irving Fisher )因为这套理论而出名,他以该理论解释了 1837 年, 1873 年和 1929 年的经济大萧条。



  1. 债务清算导致公司流动性出现问题和
  2. 随着银行贷款的还清,存款货币的收缩以及流通速度放慢。由于流动性不足造成的资产出售所引起的存款货币的收缩及其速度的放缓将造成
  3. 价格下降,美元价值膨胀。假设,如上所述,价格的下降不受到通货再膨胀或其他因素的影响,那么
  4. 由于破产导致,企业净资产价值将进一步下降,及
  5. 利润下降,而这个社会就像一个害怕亏损经营的私人企业一样,将根据“资本主义”的原则
  6. 减少产量,减少贸易和劳动人口。这些亏损,破产和失业将导致
  7. 对市场前景悲观及对市场失去信心,进而导致
  8. 囤积货币和货币流通速度进一步放慢。以上八个变化将引起
  9. 复杂利率的波动,特别是名义利率下降,货币利率下跌以及实际利率或商品利率攀升。


– Irving Fisher ( 1933 )


批评人士指责比特币支持者 “经济幼稚” 时,他们可能不完全正确,或者他们可能漏掉了一些细微差别。首先,不需要成为奥地利经济学家我们也可以质疑通缩(供应上限)是否一定代表会出现问题。通货紧缩在某些情况下可能不好,但可能取决于其市场经济的特点和社会通用的货币类别。社会学不像计算机科学及数学题目,没有人能给出一个正确性高的完美答案,且学术领域的意见是随时间而不断变化的。此外,经济环境也会随着时间而变化,这可能会导致大环境一系列的变动,而其中在不同阶段使用不同的通货膨胀货币政策可能是更理想的。因此,固化的硬性规则,例如“通货紧缩对市场总是差的”,未必是正确的理念。例如,费雪关于通货膨胀的观点对 20 世纪的经济状态来说是正确的,但到 2150 年,技术可能已经从根本上改变了市场经济运作模式,而导致另一种通货膨胀货币政策可能更适合当时的社会。







  • 任意环境损害 – 对比特币的另一种常见批评是能源密集型开采过程造成的环境破坏。虽然我们在挖矿诱因系列的第二部分中已经解释过,但这个问题可能被高估,因为矿工在采矿地点方面有许多选择。这种灵活性可以减少环境破坏,因为矿工可能会利用废弃的能源项目,而不是投资新项目。然而,值得注意的是,由比特币造成的负面环境破坏的确是一个显着的外部负面影响。采矿激励措施由交易费用和区块奖励(通货膨胀)组成。因此,增加通货膨胀会增加环境损害的程度并增加外部负面影响。如果确定实行 2% 的通胀政策,这可能意味着系统每年至少花费 2% 的总价值来 “损害” 环境。通货膨胀政策的决定难免有些武断,选择的通货膨胀率越高,对环境破坏的程度就越大。这与现有的金融体系有着相似之处。至少在一些评论家看来,中央银行刺激经济实现通胀目标的政策也可以说是造成了较高的环境损害。尽管基于比特币的系统对于通货膨胀与环境损害之间的联系更为直接且较容易衡量。与其实行永续的通货膨胀政策,在比特币中,区块奖励每四年减半,直到矿业激励完全由交易费用代替。这意味着环境损害的程度将由市场主导,因为它代表用户愿意为系统安全而支付的费用,而不是任意通货膨胀货币政策所产生的环境损害。
  • 使矿工和用户的利益一致 – 矿工目前主要通过开采奖励而不是交易费来激励着他们。这会导致生态圈中产生一些潜问题,例如矿工和用户的利益可能不一致。举例来说,矿工可以排除区块中的交易,这将会违背用户的利益。如果矿工主要是由交易费而被激励的话,他们不太可能采取这种行动,而比特币的通缩政策将确保这将最终成为现实。
  • 无法产生代币价值 – 供应上限可以被视为比特币投资者的最关注的卖点,这可能有助于使投资者对它产生的兴趣,这是系统发展所必需的。如果它最初选择了永久性通胀政策,比特币可能无法取得任何成功,即使通货紧缩政策不是最理想的。


这场辩论的讽刺 – 关于经济面的批评只有在比特币取得巨大成功时才有意义


这一点类似于保罗·克鲁格曼( Paul Krugman )在 2013 年“比特币是邪恶的”片段中所提到的那样。尽管克鲁格曼先生在比特币社区受到了嘲讽,但最明显的是他在 1998 年的评论中指出:“到 2005 年左右,互联网对经济的影响将不会超过传真机。”我们认为,下列引用的句子是准确且合理的:

让我们来谈谈比特币是否是一个泡沫,以及这是否是一件好事 – 以便确保我们不会将这些问题与彼此混淆。

– Paul Krugman – “比特币是邪恶的” – 2013





我们的结论是,与 “经济幼稚” 无关,一些比特币支持者可能对债务,通货紧缩,货币属性和信贷扩张之间的关系有更细致的理解,而不是批评者认为的那样。相反,人们可能会认为这是主流市场对于货币和债务之间的关系缺乏了解,以及比特币有可能使两者脱钩,但这都是普遍的误解。事实上,对于许多人而言,比特币将债务与货币分离并从而造成通缩的环境却又不导致债务通缩漩涡问题的这个能力是重点,而不是缺陷。

然而,即使比特币解决了这个经济问题,认为比特币会导致更加繁荣的经济体系仍是较天真的想法。比特币是一个新颖独特的系统,可能会导致更多的经济问题,也许是意想不到的或从未见过的。毕竟没有完美的 “钱” 。仅仅将过去的传统经济面临问题套在这种新型的金钱上是不正确的。虽然可能比较困难,但确定比特币潜在面临的经济问题可能需要更进一步的分析和对底层技术的更深入理解。






BitMEX (

Bitcoin Economics – Deflationary Debt Spiral (Part 3)


This report is the third in a three part piece on Bitcoin economics. In the first piece, we looked at common misconceptions with respect to how banks make loans and the implications this has on the ability of banks to expand the level of credit in the economy. We analysed the inherent properties of money which ensure that this is the case and evaluate the impact this could have on the business cycle. In part two, we considered why Bitcoin might have some unique combinations of characteristics, compared to traditional forms of money.  We explained the implications this could have on the ability of banks to engage in credit expansion. In this piece (part three), we examine the deflationary nature of Bitcoin and consider why this deflation may be necessary due to some of Bitcoin’s weaknesses. We also look at how Bitcoin could be more resilient to some of the traditional economic disadvantages of deflation than some of Bitcoin’s critics may think.


Click here to download the pdf version of this report


Bitcoin’s deflation problem

One of the most common critiques of Bitcoin and related crypto-coin systems, is the supply cap (in the case of Bitcoin 21 million) and the associated deflationary nature of the system, which could be damaging to the economy. Critics have argued that history has taught us that a finite monetary supply can be a poor economic policy, resulting in or exacerbating, economic crashes. Either because people are unwilling to spend appreciating money or because the real value of debt increases, resulting in a highly indebted economy. Bitcoin proponents are often called “economically naive”, for failing to have learnt these economic lessons of the past.

In this third piece on Bitcoin economics, we explain that the situation may be more complex than these critics think, as Bitcoin is fundamentally different to the types of money that came before it. There may be unique characteristics about Bitcoin, which make it more suited to a deflationary policy. Alternatively, limitations or weaknesses in Bitcoin could exist, which mean that too much inflation could have negative consequences not applicable to traditional forms of money. In our view, these issues are often overlooked by some of Bitcoin’s economic critics.

A selection of quotes about Bitcoin’s inflation problem

The supply of central bank notes can easily expand and contract. For  a  positive  demand  shock  to  bank  notes  (shifting  from  consumption/investment  to money: i.e. it is a  deflationary  shock),  the  central  bank increases money  supply  by  buying  securities and  foreign  currencies.    For  a  negative  demand  shock  to  bank  notes,  the  central  bank absorbs money in circulation by selling securities and other assets.  In case of [Bitcoin], the latter operation is not included in its protocol. That is  to  say,  the  cryptocurrency  protocol  usually  includes  the  currency  supply  rule,  but  does  not  have  a  currency  absorption  or  write-off  protocol. Can we reduce this irreversibility?

– Mitsuru Iwamura (“Can We Stabilize the Price of a Cryptocurrency?: Understanding the Design of Bitcoin and Its Potential to Compete with Central Bank Money”) – 2014


The point is that by not building in an inflation, of say 2% per annum in the global supply of Bitcoins, you almost doom it as a currency, because people will start hoarding it, knowing that it’s going to be worth more next year than it is this year

 –  David Webb (51 minutes into the video) – 2014


More broadly, a hard supply cap or built-in deflation is not an inherent strength for a would-be money. A money’s strength is in its ability to meet society’s needs. From my perspective, Bitcoin’s built-in deflation means that it does a poorer job than it might at meeting society’s needs. Maybe I will be proven wrong. We shall see.

 –  The Economist (“Bitcoin’s Deflation Problem”) – 2014


The currency’s “money supply” will eventually be capped at 21m units. To Bitcoin’s libertarian disciples, that is a neat way to preclude the inflationary central-bank meddling to which most currencies are prone. Yet modern central banks favour low but positive inflation for good reason. In the real world wages are “sticky”: firms find it difficult to cut their employees’ pay. A modicum of inflation greases the system by, in effect, cutting the wages of workers whose pay cheques fail to keep pace with inflation. If the money supply grows too slowly, then prices fall and workers with sticky wages become more costly. Unemployment tends to rise as a result. If employed workers hoard cash in expectation of further price reductions, the downturn gathers momentum.

 – The Economist (“Money from Nothing”) – 2014


Our current global system is pretty crap, but I submit that Bitcoin is worst.  For starters, BtC is inherently deflationary. There is an upper limit on the number of bitcoins that can ever be created (‘mined’, in the jargon: new bitcoins are created by carrying out mathematical operations which become progressively harder as the bitcoin space is explored—like calculating ever-larger prime numbers, they get further apart). This means the cost of generating new Bitcoins rises over time, so that the value of Bitcoins rise relative to the available goods and services in the market. Less money chasing stuff; less cash for everybody to spend (as the supply of stuff out-grows the supply of money).

 –  Charlie Stross (“Why I want Bitcoin to die in a fire”) – 2013


Nevertheless, there is still the 21m limit issue. If the limit is reached, the future of Bitcoin supply has to go down the path of fractional reserve banking, since only re-lending existing coin, or lending on the basis that settlement can one day be made in Bitcoin — a la conventional banking practice — can overcome the lack of supply

 Izabella Kaminska – Financial Times (“The problem with Bitcoin”) – 2013



So to the extent that the experiment [Bitcoin] tells us anything about monetary regimes, it reinforces the case against anything like a new gold standard – because it shows just how vulnerable such a standard would be to money-hoarding, deflation, and depression.

–  Paul Krugman (“Golden Cyberfetters”) – 2011


While Bitcoin has managed to bootstrap itself on a limited scale, it lacks any mechanism for dealing with fluctuations in demand. Increasing demand for Bitcoin will cause prices in terms of Bitcoin to drop (deflation), while decreasing demand will cause them to rise (inflation). What happens in each of these cases? Let’s start with deflation, because right now demand for Bitcoin is on the rise. What do people do when they think something’s value will be higher tomorrow than it is today? Well, they acquire and hold on to it! Who wants to give up money that’s constantly rising in value? In other words, rising demand causes demand to rise further. Irrational exuberance at its finest. Deflation begets deflation, ad infinitum, or at least until something breaks.

The Underground Economist (“Why Bitcoin can’t be a currency”) – 2010


Deflation and the deflationary debt spiral

Many economists have been debating the advantages and disadvantages of inflation for decades. Nevertheless, this primary point of contention is one of theory; economists, from differing schools of thought have a variety of views on the topic.  It is fair to say that the current economic consensus is that deflation is an undesirable economic phenomenon, while moderate inflation of around 2% per annum is desired. Those with Austrian school leanings, who oppose centrally managing inflation towards a certain positive target, tend disproportionality to support Bitcoin and gold’s somewhat deflationary nature.

One of the primary drivers for the negative view on deflation appears to be the 1929 great depression and the idea of a deflationary debt spiral. The theory is that during a period of economic recession and deflation, the real value of debt increases. Such an increase compounds the misfortunes of an already weak economy. Economist Irving Fisher is often credited with formulating this theory, as a response the financial crises of 1837, 1873 and the 1929 great depression.

Then we may deduce the following chain of consequences in nine links:

  1. Debt liquidation leads to distress setting and to
  2. Contraction of deposit currency, as bank loans are paid off, and to a slowing down of velocity of circulation. This contraction of deposits and of their velocity, precipitated by distress selling, causes
  3. A fall in the level of prices, in other words, a swelling of the dollar. Assuming, as above stated, that this fall of prices is not interfered with by reflation or otherwise, there must be
  4. A still greater fall in the net worths of business, precipitating bankruptcies and
  5. A like fall in profits, which in a “capitalistic,” that is, a private-profit society, leads the concerns which are running at a loss to make
  6. A reduction in output, in trade and in employment of labor. These losses, bankruptcies, and unemployment, lead to
  7. Pessimism and loss of confidence, which in turn lead to
  8. Hoarding and slowing down still more the velocity of circulation. The above eight changes cause
  9. Complicated disturbances in the rates of interest, in particular, a fall in the nominal, or money, rates and a rise in the real, or commodity, rates of interest.

Evidently debt and deflation go far toward explaining a great mass of phenomena in a very simple logical way

 – Irving Fisher (1933)


Is deflation as bad as these critics claim?

To the extent that critics accuse Bitcoin supporters of being economically naive, they may not always be entirely correct or they could be missing some nuances. Firstly, one does not need to be an Austrian economist to question whether deflation (supply cap) is always undesirable. Deflation could be bad in some circumstances, but it may depend on the characteristics of the economy and the type of money used in society. The social sciences are not like maths or computer science, nobody really knows the right answer to a high degree of certainty and opinions in the academic community change over time. Furthermore, economic circumstances can change over time, which can result in a different set of dynamics, where different inflation policies are optimal. Therefore a hard rule, fixed for all time, such as “deflation is always bad”, may not be the correct philosophy. For example, maybe Fisher’s view on inflation was correct for the economy in the 20th century, however by 2150 technology may have fundamentally changed to such an extent, such that another inflation policy may be more appropriate for society.

Bitcoin has different characteristics and the deflationary debt spiral argument may be less relevant

As we explained in part 1 and part 2 of this piece, Bitcoin possesses properties which are fundamentally different to the traditional money used in the economy such as the US Dollar or gold backed systems. Traditional money, such as the US Dollar are based on debt, which is an inherent property of fiat money. Alternatively Bitcoin may have properties which make it resilient to credit expansionary forces, such that the money is not inherently linked to debt. Therefore in the event of an economic crash and deflation, in a Bitcoin based economy, the impact of increases in the real value of debt could be less significant than one may think. This could make the deflationary debt spiral argument less relevant in a Bitcoin based economy.  In our view, it is likely that many of the Bitcoin critics may have overlooked this point when evaluating the disadvantages of Bitcoin’s deflationary monetary policy.

Disadvantages of inflation unique to Bitcoin

In addition to Bitcoin having some potential advantages, which could make it more resilient to the disadvantages of deflation, Bitcoin’s critics may also have overlooked some of Bitcoin’s weaknesses, which may make it more vulnerable to inflation:

  • Arbitrary environmental damage – Another common criticism of Bitcoin is the environmental damage caused by the energy intensive mining process. Although as we explained in the second part in our series on mining incentives, this issue could be overestimated since miners have a uniquely high level of choice with respect to the geographic location of their mining operations. This flexibility could reduce environmental damage as miners may use failed energy projects rather than investing in new ones.  However, it is still important to note that, the negative environmental damage caused by Bitcoin does seem to be a significant negative externality.  Mining incentives are made up of transaction fees and the block reward (inflation). Therefore increasing inflation increases the level of environmental damage and increases the negative externality. If a 2% inflation policy is decided upon, this could mean at least 2% of the value of the system is spent “damaging” the environment per annum. The inflation policy decision is somewhat arbitrary and the more inflation is selected the greater the extent of environmental damage. There may even be parallels here with the existing financial system. The policy of central banks to stimulate the economy, to achieve their inflation targets, could also be said to cause an arbitrarily high level of environmental damage, at least in the eyes of some critics. Although the link between inflation and environmental damage in a Bitcoin based system is more direct and measurable.  Instead of continued inflation, in Bitcoin the block reward halves every four years until mining incentives are driven entirely by transaction fees. This means that the level of environmental damage will be driven by the market, in that it could represent the amount that users are willing to pay for security, rather than an arbitrarily high level of environmental damage which would be the result of an inflationary monetary policy.
  • Aligning the interests of miners and users – Miners are currently primarily incentivised by the block reward rather than transaction fees. This results in a number of potential problems in the ecosystem, for example perhaps the interests of miners and users are not well aligned. Miners could, for example, exclude transactions from blocks, against the interests of users. Miners may be less likely to take this kind of action if they are primarily incentivised by transaction fees, something Bitcoin’s deflationary policy ensures will eventually become reality.
  • Inability to generate coin value – The supply cap can be considered as a key selling point of Bitcoin for investors and is likely to have helped generate investor interest which may have been necessary to bootstrap the system. If a perpetual inflationary policy was chosen, Bitcoin may not have been able to succeed to the extent it has, even if the deflationary policy is inferior from an economic perspective.

The irony of this debate – economic criticisms are only relevant if Bitcoin is a tremendous success

Much of this discussion focuses on the economics of Bitcoin, assuming Bitcoin is widely adopted, such that the inflationary dynamics have an impact on society. In our view this is an unlikely outcome and perhaps should be considered even more unlikely by Bitcoin’s critics. In our view, Bitcoin may satisfy a useful niche, that of making both censorship resistant and digital payments, but it’s unlikely to become the main currency in the economy. Therefore the debate about Bitcoin’s deflationary nature should be considered as largely irrelevant anyway. Hence it is therefore somewhat odd that some critics use this as an argument against Bitcoin.

This point is similar to one Paul Krugman made in his 2013 “Bitcoin is Evil” piece. Although Mr Krugman is widely derided in the Bitcoin community, most notably for his 1998 comment that “by 2005 or so, it will become clear that the Internet’s impact on the economy has been no greater than the fax machine’s”, we consider the distinction he draws in the quote below as both accurate and sensible:

So let’s talk both about whether BitCoin is a bubble and whether it’s a good thing — in part to make sure that we don’t confuse these questions with each other.

Paul Krugman – “Bitcoin is Evil” – 2013


Perhaps Satoshi thought that having a finite supply cap and a deflationary bias, may help the system succeed, even if from society’s point of view, moderate inflation would be more utilitarian. From a system design perspective, producing a working payment system should be the priority, since a system which does not succeed, even if it’s hypothetically beneficial to society, is ultimately useless.


We conclude that rather than being driven by economic naivety, some Bitcoin supporters may have had a more nuanced understanding of the relationship between debt, deflation, the properties of money and credit expansion than the critics think. In contrast one could argue it’s the economic mainstream’s lack of understanding of the relationship between money and debt, and the potential ability of Bitcoin to somewhat decouple the two, which is the most prevalent misunderstanding. Indeed to many, Bitcoin’s ability to decouple debt from money and thereby result in a deflationary climate without the deflationary debt spiral problem is the point, rather than a bug.

However, even if Bitcoin has solved this economic problem, perhaps it’s naive to think Bitcoin would result in a more prosperous economic system. Bitcoin is a new and unique system, which is likely to cause more economic problems, perhaps unexpected or new ones. After all there is no perfect money. It just may not be correct to apply the traditional economic problems of the past, to this new type of money. Although it may be more difficult, identifying Bitcoin’s potential economic problems may require more analysis and a stronger understanding of the underlying technology.

Ironically, if one thinks these economic problems associated with deflation have a remote chance of being relevant, like the critics indirectly imply, that would mean Bitcoin has a significant chance of becoming widely adopted and hugely successful. In that case, perhaps the sensible thing to do is buy and “HODL”.


自比特币现金( Bitcoin Cash )以来 44 个比特币分叉代币列表

摘要:尽管比特币在 2018 年可能已经不再被这个问题所困扰,但在关于共识分叉和区块链分叉的第六篇文章中,我们提供的列表含有 44 个代币,这些代币是自比特币现金拆分以来所有从比特币链条中分叉的代币。

(资料来源: gryb25

从 2015 年底到 2017 年底,比特币社区对区块链分叉非常关注并进行了重点分析,最终推出了比特币现金,继而推出了大量其他代币。我们已经在下列五篇文章中分别介绍了这些分叉的相关内容:

在第六篇文章,我们列出了 44 个从比特币分叉出来的代币。



名称 URL/来源 分叉区块高度
Bitcoin Cash 478,558
       Bitcoin Clashic (从比特币现金分叉)
       Bitcoin Candy (从比特币现金分叉)
Bitcoin Gold 491,407
Bitcore 492,820
Bitcoin Diamond 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot 498,777
United Bitcoin 498,777
BitcoinX 498,888
Super Bitcoin 498,888
Oil Bitcoin 498,888
Bitcoin Pay 499,345
Bitcoin World 499,777
Bitclassic Coin 499,888
Lightning Bitcoin 499,999
Bitcoin Stake 499,999
Bitcoin Faith 500,000
Bitcoin Eco 500,000
Bitcoin New 500,100
Bitcoin Top 501,118
Bitcoin God 501,225
Fast Bitcoin 501,225
Bitcoin File 501,225
Bitcoin Cash Plus 501,407
Bitcoin Segwit2x 501,451
Bitcoin Pizza 501,888
Bitcoin Ore 501,949
World Bitcoin 503,888
Bitcoin Smart 505,050
BitVote 505,050
Bitcoin Interest 505,083
Bitcoin Atom 505,888
Bitcoin Community 506,066
Big Bitcoin 508,888
Bitcoin Private 511,346
Classic Bitcoin https:// 516,095
Bitcoin Clean 518,800
Bitcoin Hush 2018 年 2 月 1 日
Bitcoin Rhodium 未知
Bitcoin LITE 未知
Bitcoin Lunar 未知
Bitcoin Green 未知
Bitcoin Hex 未知

(资料来源: BitMEX 研究,分叉代币网站,






BitMEX (

List of 44 Bitcoin fork tokens since Bitcoin Cash

Abstract: Although in 2018 Bitcoin may have somewhat moved on beyond this issue, in this sixth piece on consensus forks and chainsplits, we provide a list of 44 tokens which seem to have forked away from Bitcoin since the Bitcoin Cash split.

(Source: gryb25)

From late 2015 to the end of 2017, there was significant focus and analysis in the Bitcoin community about a chainsplits, finally resulting in the launch of Bitcoin Cash and then a plethora of other tokens. We have already covered some of topics related to these splits, in the five articles below:

In this sixth piece we list 44 Bitcoin forked tokens.

List of Bitcoin forked coins since Bitcoin Cash

Name URL/Source Fork Height
Bitcoin Cash 478,558
       Bitcoin Clashic (Forked from Bitcoin Cash)
       Bitcoin Candy (Forked from Bitcoin Cash)
Bitcoin Gold 491,407
Bitcore 492,820
Bitcoin Diamond 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot 498,777
United Bitcoin 498,777
BitcoinX 498,888
Super Bitcoin 498,888
Oil Bitcoin 498,888
Bitcoin Pay 499,345
Bitcoin World 499,777
Bitclassic Coin 499,888
Lightning Bitcoin 499,999
Bitcoin Stake 499,999
Bitcoin Faith 500,000
Bitcoin Eco 500,000
Bitcoin New 500,100
Bitcoin Top 501,118
Bitcoin God 501,225
Fast Bitcoin 501,225
Bitcoin File 501,225
Bitcoin Cash Plus 501,407
Bitcoin Segwit2x 501,451
Bitcoin Pizza 501,888
Bitcoin Ore 501,949
World Bitcoin 503,888
Bitcoin Smart 505,050
BitVote 505,050
Bitcoin Interest 505,083
Bitcoin Atom 505,888
Bitcoin Community 506,066
Big Bitcoin 508,888
Bitcoin Private 511,346
Classic Bitcoin https:// 516,095
Bitcoin Clean 518,800
Bitcoin Hush 1st February 2018
Bitcoin Rhodium Unknown
Bitcoin LITE Unknown
Bitcoin Lunar Unknown
Bitcoin Green Unknown
Bitcoin Hex Unknown

(Source: BitMEX Research, Forked coin websites,

Please note it is very important to handle these new fork tokens with caution. In particular, we would strongly advise you not to import your Bitcoin private key into any new fork token wallets without first spending the Bitcoin to a new output associated with a different private key after the token snapshot point, so that your Bitcoin is not at risk.





我们将探讨比特大陆的新型以太坊矿机,并了解与 ASIC 相比,它的效能可能低于大众的预期。我们探讨这个产品可能将赋予矿机对新型更先进的技术的兼容性,新型矿机的技术效能虽然低于 ASIC ,但在某程度上可以降低 PoW 算法变化可能带来的冲击。然后我们得出这样的结论:无论这个特定的以太坊芯片是否能够做到这点,这种类型的技术可能最终会终结为了改善去中心化而使用 ASIC PoW 算法变更的时代,导致最终加密社区不得不接受 ASIC 。


比特大陆最近推出了一款新的以太坊矿机,被广泛认为是 ASIC ,预计将于 2018 年 7 月底发货。然而,以太坊社区中的很多人反对 ASIC 并更喜欢以 GPU 来挖矿,因为生产 GPU 的公司的主要经营重心在于电脑游戏产业而不是加密产业,这应该意味着硬件分布将更加广泛和公平,从而改善去中心化。因此比特大陆的风险可能是以太坊社区可能决定以硬分叉来改变 PoW 算法,这可能会使比特大陆的矿机贬值并导致其投入的研发费用石沉大海。

在本报告中,与以太坊社区相比,我们推测比特大陆可能先行一着。比特大陆可能已经从门罗币那里学到了教训, 门罗币最近进行了 PoW 变更,导致比特大陆的 ASIC 芯片大幅贬值。开发特定的芯片需要一笔相当可观投资,因此我们认为比特大陆可能已经采取了一些对策来避免重蹈覆辙。比特大陆可能已经设计出了一种新型采矿芯片,其 ASIC 效率较低,但将不受 PoW 变更的影响。这会导致以太坊就 PoW 变更做出的硬分叉毫无意义。


最近门罗币就对抗 ASIC PoW 的变更

2018 年 4 月初, 门罗币社区决定透过硬分叉来改变 PoW 算法,试图令 ASIC 无用武之地,并使 门罗币更加偏向 GPU 挖矿。由于散列率急剧上升,如图 1 和图 2 所示, 门罗币社区认为, ASIC 制造商秘密开发了门罗币 ASIC ,并正在开采门罗币代币。

如图 2 所示, 2018 年初 90 日滚动哈希率增长率达到了约 300% (根据 7 日滚动平均数计算)。即便考虑到门罗币价值的急剧上涨,这个增长率也是非同寻常。在门罗币程序员宣布硬分叉的计划之后,比特大陆便开始在官网上出售门罗币 ASIC ,表明他们可能的确一直在秘密开采。如图 1 所示, PoW 变更后,门罗币散列率显着下降。

硬分叉之后, 门罗币分裂成两条链,原来规则的代币被称为门罗币原链( XMO )。虽然这枚硬币的价值比门罗币的低,但它的散列率更高,因为除了门罗币原链外,这个 ASIC 没有什么其他代币可挖掘的。这次分叉虽然没有重放攻击保护,但门罗币增加了环签名限制,因此可以通过在门罗币原始链上以较少(少于 7 个)的环签名交易来拆分门罗币和门罗币原链。


图 1 – 门罗币的散列率与价格相比

资料来源: Coinmarketcap , BitMEX 研究


图 2 – 门罗币的散列率与价格相比 – 7 日移动平均的 90 日滚动百分比

资料来源: Coinmarketcap , BitMEX 研究

备注:在 PoW  硬分叉之后的 7 天内,散列率滚动平均排除了硬分叉前的数据



正如我们上面提到,比特大陆最近推出了一款新的以太坊矿机,预计将于 2018 年 7 月底发货。鉴于门罗币的历史以及以太坊社区中许多人,包括那些在家里采用 GPU 挖掘以太币矿工们)可能对比特大陆的新产品感到不满,比特大陆对此可能会感到担忧。新矿机的一个缺点是可能促使矿工中心化,但除此之外,现有矿工们持有的 GPU 赋予他们的既有经济利益也可能会为该产品带来敌意。比特大陆的管理层并不愚蠢,因此我们认为该公司可能会谨慎行事,并可能已采取措施来缓解部分风险。


图 3 – 比特大陆新的以太坊矿机: 蚂蚁矿机 E3


  • 功耗: 800W  
  • 哈希率: 180MH / s



该产品的规格如上。根据下表所示,与其他代币 ASIC 的效率增益进行比较,此新型以太坊矿机的效率低于人们对于 ASIC 矿机的期望 。比如比特币 ASIC 的效能比 FPGA 高约 521 倍,而门罗币 ASIC 的效能比 GPU 高约 88 倍。相比之下,新的以太坊矿机效能只比 GPU 高约 1.4 倍。这可能表明新的以太坊矿工根本不是 ASIC ,而只是一种比现有 GPU 矿机更高效的新设备。然而,虽然下表是一个粗略计算,忽略了许多关键的变量和因素,例如以太坊开采算法的记忆密集型特性,但尽管计算结果不是绝对精准,这些数字仍然可以说明观点:


图 4 – 矿工效率计算(约值)

矿机 散列率 (GH/s) 功率 (W) 散列能耗 (J/GH)
比特币 (SHA256)
CPU 0.0005 100 200,000
高端 GPU 0.5 300 600
FPGA 0.8 40 50
高端 ASIC 14,000 1,340 0.096
效率提高 521x
以太币 (Ethash)
高端 GPU 0.032 200 6,250
蚂蚁矿机 E3 0.18 800 4,444
效率提高 1.4x
门罗币 (CryptoNight)
高端 GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
效率提高 88x

资料来源: BitMEX 研究,比特大陆



采矿芯片类型和矢量处理器( VP )

如下图 5 所示,比特币在 2009 年推出时,一般采用 CPU 进行采矿。但是, GPU 和 FPGA 的体统结构在处理重复散列时的操作更为高效。因此,网络首先转移到 GPU ,然后转移到 FGPA 。 2013 年,出现了特定散列函数的 ASIC 。与 CPU , GPU 和 FPGA 相比, ASIC 在运行特定散列时的效率更高,但 ASIC 其他散列上的效率非常低或实际上完全无用。


图 5 – 加密币芯片类型的发展时间轴

资料来源: BitMEX 研究

备注:在 2018 年底能否投入矢量处理器( VP )仍待观察


比特大陆可能已经开发出一种新型芯片 – 矢量处理器。该芯片的体系结构可以用于一般的 PoW 散列函数,但不适用于特定的散列函数。这些芯片可能比 GPU 和 FPGA 更高效,但效率低于 ASIC 。与 ASIC 相比,其优势在于它们在某些方面可能不受 PoW 更新的威胁。新的以太坊矿机就是基于这类芯片,即便这只是我们的猜测。


图 6 – 加密币芯片类型的演变

芯片类型 中央处理器( CPU ) 图形处理器 ( GPU ) 矢量处理器 ( VP ) 专用集成电路 ( ASIC )
加密币例子 比特币 ( BTC ) – 2009 至 2011 比特币 ( BTC ) – 2012 至 2013
以太币 ( ETH ),
门罗币 ( XMR )

以太币 ( ETH ) – 2018 后

比特币 ( BTC ) – 2014 至今,
门罗币原链 (XMO)

制造商 英特尔,

比特大陆 比特大陆, 

台积电, 三星,
格芯, 中芯国际

台积电, 三星,
格芯, 中芯国际
台积电 台积电,
主要用途 运算 游戏 加密币挖掘 加密币挖掘
对 PoW 更新免疫 潜在免疫


比特大陆新的以太坊矿机可能是为 Ethash 量身定制的,因为矿机内部的元件如电路,电源控制设备,存储器和控制模块等都可以专门为以太坊采矿进行校准。然而芯片本身,也这是迄今最需要投资的领域,可能会更大众化且不用专门为以太坊设计。因此,如果以太坊进行 PoW 变更,当芯片离开生产商时可以将芯片组装成新设备,或者甚至可能将老设备中的芯片用在新的以太坊矿机内。尽管至今这些仍只是我们的猜测。


人工智能( AI )技术

2018 年 4 月 19 日,在台积电新季度的绩汇报上,联席首席执行官 Mark Lie 表示:

[比特大陆] 在区块链技术上做了许多贡献,比如 AI 。他们做得很好。我们预计他们会慢慢转向 AI 领域。

资料来源: Q1 2018 earnings call


“ AI ” 的含义很广。虽然目前还待确认,但新的矢量处理器芯片可能是台积电表示的 “人工智能技术” 。因为这类芯片可以在散列算法之间切换,所以在一定程度上我们可以认为这芯片属于 AI 的范围。矢量处理器芯片到底是只能编程,就像现代 GPU 一样,还是普遍来说可以比 GPU 更高效仍有待观察。如果真的出现了这种芯片,这先进的技术能力可能被视为比特大陆的一项重大成就。这种技术的研发成本可能更高,而且比专用集成电路技术更专业化,这会使挖矿中心化问题更加严重。


以太坊散列率增长 – 新芯片仍未部署的证据

尽管如此,我们还没有看到在以太坊网络上有意欲部署新芯片。 如下面的图 7 和图 8 所示,以太坊的算力(在广义上说)在价格波动的情况下仍遵循正常的趋势。


图 7 – 以太坊散列率与价格和英伟达 GPU 销售相比

资料来源:彭博, , Coinmarketcap ,英伟达, BitMEX 研究


图 8 – 以太坊散列率与价格 – 7 日移动平均的滚动 90 日百分比增长

资料来源:彭博, , Coinmarketcap , BitMEX 研究



在讨论比特大陆新的以太坊矿机是不是 ASIC 以及新芯片可能对 PoW 变更免疫时, Vitalik Buterin 告诉我们:


尽管我们上面已经说过,本文中的大部分内仍是根据我们的猜测。然而,即使我们对这款特定芯片的认知存在错误,我们仍然认为在未来比特大陆或其他公司可能会开发出通用的散列芯片,该散列芯片效能在任何散列算法下都将比 GPU 更高 。此时,对抗 ASIC PoW 变更的时代可能已经结束,加密社区必须在两个坏苹果之间做出选择:

  1. 允许 ASIC ,或者,
  2. 允许通用散列芯片,而其技术和生产能力可能更加中心化。

除非 PoS 系统经过证明足够强大。








BitMEX (

New Ethereum Miner Could be a Game Changer


We look at Bitmain’s new Ethereum miner and notice that it may be less energy efficient than one might expect for an ASIC. We explore the possibility that this miner contains a new more advanced form of technology, which is less efficient than ASICs, but potentially partially immune to PoW algorithm changes. We then conclude that whether this particular Ethereum chip is capable of this or not, this type of technology may eventually end the era of anti-ASIC PoW changes designed to improve decentralisation, such that crypto-coin communities may have to accept the inevitability of ASICs.


Bitmain have recently launched a new Ethereum miner, widely believed to be an ASIC, and it is expected to ship in late July 2018. However, many in the Ethereum community oppose ASICs and prefer GPU mining, since GPU companies are primarily concerned with gaming rather than crypto-coins, which should mean that the hardware is distributed more widely and fairly, improving decentralisation. Therefore a risk to Bitmain could be that the Ethereum community decide to hardfork to change the PoW algorithm, which could devalue the Bitmain machines and result in a large wasted investment.

In this report, we speculate that Bitmain may already be one step ahead of the Ethereum community. Bitmain may have already learnt a lesson with Monero, two coins which recently conducted PoW changes, potentially resulting in large devaluations of Bitmain’s ASIC chips. Developing a custom chip requires a considerable financial investment and therefore we think Bitmain may have taken some countermeasures to avoid another loss. Bitmain could have designed a new type of mining chip, less efficient that ASICs, but immune to PoW changes. This could make an Ethereum hardfork PoW change mostly pointless.

The recent Monero anti-ASIC PoW change

At the start of April 2018 the Monero community decided to hardfork and change the PoW algorithm, in an attempt to “brick” ASICs and make Monero more GPU-friendly. Due to sharp increases in hashrate, illustrated by Figure 1 and 2 below, the Monero community believed that ASIC manufacturers had developed Monero ASICs, in secret, and were mining the coin.

As Figure 2 shows below, the rolling 90-day hashrate growth rate reached c. 300% in the early part of 2018 (based on 7-day rolling averages). Even after factoring in the sharp increase in value of the Monero coin, this is an extraordinary growth rate. After Monero developers announced plans for a hardfork, Bitmain began to sell Monero ASICs on their website, indicating that they could indeed have been mining in secret. After the PoW change, as Figure 1 shows, the Monero hashrate dropped off significantly.

After the hardfork, the Monero chain split into two, with the original rules coin being called Monero Original (XMO). Although this coin had a lower value than Monero, it had a higher hashrate, since there was little else for the Monero ASICs to mine. There was no replay protection implemented for the split, however Monero increased the ring signature limit, therefore one can split Monero and Monero Original by first initiating a transaction on the Monero Original chain with fewer ring signatures than are allowed on Monero (less than 7).

Figure 1 – Monero hashrate compared to Monero price

Source: Coinmarketcap, BitMEX Research


Figure 2 – Monero hashrate compared to Monero price – Rolling 90-day percentage growth of 7-day moving average

Source: Coinmarketcap, BitMEX Research

Note: In the 7 days following the PoW hardfork, the hashrate rolling average excludes the period prior to the hardfork

Bitmain’s new Ethash miner

As we mentioned above, Bitmain has recently launched a new Ethereum miner, which is expected to ship around late July 2018. Given the history with Monero and the fact that many in the Ethereum community, including those mining Ethereum at home on GPUs, are likely to be unhappy at a new Bitmain product, Bitmain may be concerned. One downside to the new miner could be increased miner centralization, but in addition to this, the product may also receive hostility from some in the Ethereum community due to their financial interests in the existing Ethereum miners, GPUs. Bitmain’s management is not stupid, and therefore in our view the company is likely to act with caution and may have taken measures to mitigate against some of these risks.

Figure 3 – Bitmain’s new Ethereum miner: the Antminer E3


  • Power consumption: 800W
  • Hashrate: 180MH/s

Source: Bitmain

The advertised specification of the product is disclosed above. As the table below illustrates, a back -of-the-envelope calculation could imply this new Ethereum miner is less efficient than one would expect if it was an ASIC, based on comparisons with the efficiency gain measured on some of the other ASICs related to other coins. For instance a Bitcoin ASIC is c. 521x more efficient than an FPGA, while the Monero ASIC is c. 88x more efficient than a GPU. In contrast the new Ethereum miner is only c. 1.4x more efficient than a GPU. This could indicate that the new Ethereum miner is not an ASIC at all, but merely a new device more efficient than the existing GPU miners. However, we appreciate that the below table is a crude approximation which ignores many crucial variables and factors, such as the memory-intensive nature of the Ethereum mining algorithm. But although the calculation is inaccurate, the figures can still potentially illustrate a point:

Figure 4 – Approximate miner efficiency calculations

Miner Hash rate (GH/s) Power (W) Energy per hash (J/GH)
Bitcoin (SHA256)
CPU 0.0005 100 200,000
High end GPU 0.5 300 600
FPGA 0.8 40 50
High end ASIC 14,000 1,340 0.096
Efficiency gain 521x
Ethereum (Ethash)
High end GPU 0.032 200 6,250
Antminer E3 0.18 800 4,444
Efficiency gain 1.4x
Monero (CryptoNight)
High end GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
Efficiency gain 88x

Source: BitMEX Research, Bitmain
Note: Figures are approximations

Mining chip types & Vector processors (VPs)

As Figure 5 below illustrates, when Bitcoin launched in 2009, mining was conducted using CPUs. However, the architectures of GPUs and FPGAs are more efficient at processing repetitive hash operations. Therefore the network shifted, first to GPUs and then to FGPAs. In 2013, ASICs designed for specific hash functions emerged. Compared to CPUs, GPUs and FPGAs, ASICs are far more efficient at running a particular algorithm, however excluding this, ASICs are far less efficient or actually totally useless.

Figure 5 – Crypto-coin chip type timeline

Source: BitMEX Research
Note: The inclusion of Vector Processors (VPs) towards the end of 2018 is speculative

It might be possible that Bitmain has developed a new type of chip, a Vector Processor. The architecture of this chip could be designed for PoW hash functions in general, but not for a specific hash function. These chips could then be more efficient than GPUs and FPGAs, but less efficient than ASICs. The advantage over ASICs is that they could be, in some respects, immune to PoW changes. It is possible that the new Ethereum miner falls into this category of chip, although this is mostly speculation on our part.

Figure 6 – The evolution of crypto-coin chip types

Chip type Central Processing Unit (CPU) Graphics Processing Unit (GPU) Vector processor (VP) Application Specific Integrated Circuit (ASIC)
Example crypto-coins Bitcoin (BTC) – 2009 to 2011 Bitcoin (BTC) – 2012 to 2013
Ethereum (ETH),
Monero (XMR)

Ethereum (ETH) – 2018 onwards

Bitcoin (BTC) – 2014 to present,
Monero Original (XMO)

Manufacturers Intel,
Bitmain Bitmain,
Canaan Creative,

TSMC, Samsung,
Global Foundries, SMIC

TSMC, Samsung,
Global Foundries, SMIC
Global Foundries
Primary use Computing Gaming Crypto-coin mining Crypto-coin mining
Immune to PoW change Yes Yes Potentially No

Higher efficiency


It is possible that Bitmain’s new Ethereum miner is tailored for Ethash, in that the components inside the miner such as the electric circuits, power control devices, memory and control modules could all be specifically calibrated for mining Ethereum. However the chip itself, which is the area that requires by far the most financial investment, could be more general and not specifically designed for Ethereum. Therefore if Ethereum conducts a PoW change, it could be possible to direct the chips into a new device as they leave the foundry or perhaps even recover the chips from the old device put them into a new Ethereum miner. Although again, at this point we are speculating.

Artificial Intelligence (AI) technology

At TSMC’s latest set of quarterly results on 19th April 2018, Co-CEO Mark Lie said the following:

[Bitmain] is doing a lot of things on blockchain technology, like AI. They are doing very well. We expect them to slowly move to the AI area.

Source: Q1 2018 earnings call

“AI” is a term with many meanings. Although at this point the situation is unclear, it is possible that any new Vector Processor chips could be what TSMC mean by AI technology. Since any such chip may be able to switch between hashing algorithms, at a stretch, one could argue this falls within the scope of AI. It remains to be seen if the chip is merely programmable, like modern GPUs, or if there is a trick up its sleeve that could give it an efficiency gain vs. GPUs in most cases. If present, this advanced technological capability is likely to be seen as a major achievement for Bitmain. Such technology may also be even more expensive to develop and more specialised than the technology in ASICs, which could make the decentralisation problem even worse.

Ethereum hashrate growth – No evidence of deployment of the new chips

Despite the above, we have not yet seen any strong indications of the deployment of the new chips on the Ethereum network. As Figures 7 and 8 below indicate, Ethereum’s hashrate appears, broadly speaking, to be following a normal trend given the price volatility.

Figure 7 – Ethereum hashrate compared to Ethereum price and NVidia GPU sales

Source: Bloomberg,, Coinmarketcap, Nvidia, BitMEX Research


Figure 8 – Ethereum hashrate compared to Ethereum price – Rolling 90-day percentage growth of 7-day moving average

Source: Bloomberg,, Coinmarketcap, BitMEX Research


When discussing the possibility that Bitmain’s new Ethereum miner isn’t an ASIC and that the new chip may be somewhat immune to PoW changes, Vitalik Buterin told us:

I have a very similar impression myself

Despite what we have said above, most of the content in this article should be considered guesswork. However, even if we are wrong about this particular chip, we still think it is reasonably likely that at some point in the future, Bitmain or another company, will develop a general-purpose hashing chip, which is more efficient than GPUs for almost all hashing algorithms. At this point the era of anti-ASIC PoW changes could be over, with crypto-coin communities having to make a choice between two potentially unfavourable outcomes:

  1. Allowing ASICs, or,
  2. Allowing general purpose hashing chips, where technologies and production capabilities could be even more concentrated.

Unless of course proof-of-stake systems prove robust enough.



Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.


权益证明( Proof of Stake )的完整指南 – 以太坊的最新提案和 Vitalik Buterin 的采访


在这篇文章中,我们分析了权益证明( PoS )共识系统。我们就它的理论优势和弱势进行了研究。然后,我们分析了迄今为止尝试过最著名和新颖的 PoS 提案的具体细节,在这些提案细节中,我们发现有些提案使得纯 PoS 系统变得越来越复杂以至看起来有点不切实际。我们也就最新的以太坊提案进行了分析,以往的尝试相比,我们认为这是一项重大的改进,它可以为以太坊网络安全性提供优势。然而,该系统仍然严重依赖于工作证明( PoW ),区块的生成仍然依赖于该证明,并且我们不清楚 PoS 在该过程中是否有助于确保节点汇聚在一条链上。因此,我们对以太坊未来能否大幅减少对 PoW 系统的依赖持怀疑态度。




在深入探讨权益证明( PoS )的具体细节之前,重要的是要了解建立这些共识系统时想要达到什么目的。本质上,他们试图构建的数据结构需要具有以下属性:

  1. 数据的内容不被任何一个实体控制(去中心化的数据存储和数据验证是不够的);
  2. 数据库可以演化(卡斯帕术语:“有活力”);另外重要的是
  3. 参与者对数据内容是有共识的,即当冲突发生时节点有一种机制来决定哪一条是有效的区块链(卡斯帕术语:“安全”)

当两个有效竞争的链条冲突时, PoW 使用积累的工作规则来决定哪一条有效(分叉选择规则)。这不仅为上述第三点提供了解决方案,另外 PoW 机制自身也解决了区块生产和区块产出的时间问题。总的累积工作是分岔选择规则,但区块生产者也需要在每个区块中包含一个 PoW 元素,这个过程是随机的,因此每个区块的生产者以及每个区块的生成时间问题也可以透过 PoW 解决。

PoS 是一个基于积累权益(即拥有最多加密币支持,投票或投注的)分叉选择规则的概念。然而,与 PoW 不同的是, Pos 无法直接解决谁生产区块或生产区块的时间问题。因此这些问题需要通过其他机制来解决。然而, PoW 同时解决了加密币分配的问题,所以 PoW 也是 PoS 系统中可行的替代方案之一。


PoS 的理论概述



拜占庭将军问题说明了在尝试构建具有上述属性的数据结构时涉及的一些主要挑战。本质上,主要问题是关于区块产出时间及如何确定应该先更新分类帐上的哪些数据。实际上,如果三分之一以上的参与方有问题,那么从数学的角度来看,这个问题是无法解决的,正如 Leslie Lamport 在 1982 年所证明的那样。


资料来源:拜占庭将军问题( 1982 )


因此, PoW 可以被认为是一个不完美的方案,它有一个相当强大的拜占庭容错系统,但在统计数学上便相对弱一些。正是在这种情况下,由于系统不完善,人们应该像分析 PoW 那样分析所有其他 PoS 的替代品,因为这些系统也会有它们的缺陷。


在 PoS 中有两个竞争的哲学。其中一个来自 PoW 。基于此的加密币包括 Peercoin , Blackcoin 以及之前的以太坊 PoS 提案迭代。第二个哲学更多的是基于 20 世纪 80 年代 Lamport 的学术研究,并且基于 Lamport 认为建立拜占庭式容错系统需要大于三分之二。以太坊目前对卡斯帕( Casper )提案偏向了第二个哲学方案。


PoS 的优势

PoS 通常在 PoW 的背景下进行研究,作为解决或减轻基于 PoW 的系统中的负面外部因素或问题的替代方案:



也许 PoS 系统中最被广为流传的优点是它不像 PoW 需要经过一个能源密集型的消耗过程。如果 PoS 的系统可以具有与 PoW 系统相同特性,则可以避免对环境损害。这对 Po​​S 来说是一个重要正面的因素,尽管在实际上此问题可能被夸大了,就如我们在比特币能源消耗方面的文章所提到的那样,因为矿工们根据成本考量会使用成本较低的能源或再利用其他能源作为动力来源,从而降低了对环境的损害。



PoW 系统的另一个主要问题是矿工的利益可能与加密币持有人的利益不一致,例如,矿工可以出售他们的加密币,然后只关心短期而非长期加密币价值。另一个问题是哈希率可能会被出租,而承租人对于系统的长期前景又没有经济利益。而 PoS 直接将共识代理人与加密币的投资联系了起来,理论上来说投资者与共识代理人之间的利益是一致的。


采矿中心化和 ASIC

PoS系统的另一个关键优势是可能改善中心化。 PoW 采矿有许多中心化的优势在 PoS 系统中是不适用的:

  • ASIC 生产成本昂贵且被垄断(比特大陆占有很高的市场份额);
  • 芯片代工厂昂贵且被垄断(台积电,英特尔,三星和中芯是仅有的规模厂商);
  • ASIC 相关技术有可能会被专利垄断;
  • 廉价能源有限,并且无法轻易获取;和
  • 采矿的许多层面将形成规模效应,例如维护成本和能源成本,从而实现中心化。


PoS 的缺陷和经济弱点


正如我们在上面提到的那样,中本聪的 PoW 系统似乎是一石四鸟:

  • 区块链选择(分叉选择规则),
  • 加密币分配,
  • 谁生产区块,和
  • 区块生产时点。

PoS 似乎只是提供了的区块链选择的解决方案,而没有就其他问题提出有效方案。



对 PoS 系统最常见的批评之一是它按现有持币比例分配新资金。因此,与它的代替品–更为公平的 PoW 相比“富人变得更富了”,并且导致少数富有的用户拥有更高比例的财富。如果一开始就投资于 PoS 系统,您可以保持您的财富份额,然而在 PoW 系统中,您的财富将被稀释,因为新的奖励将分配给矿工。事实上,如果奖励按现有持币比例分配,人们可以辩论它其实不算是通货膨胀,这种情况下的奖励制度在经济层面上相当于为货币尾数加多了个零而已。因此,人们甚至可以声称奖励制度毫无意义,本质上根本没有任何奖励。然而,这只适用于当所有用户及资金都纳入了 PoS 系统的情况下,而实际上有些用户会希望将新资金用于其他目的。





PoS 的技术和收集的弱点


共识问题的核心是时间和交易顺序。如果两个区块同时生成, PoW 通过随机的过程解决问题,无论哪个区块建立在第一个区块之上都可以带头,然后激励矿工们在多区块的工作链上工作。 PoW 需要能源,在现实世界中这是一种有限资源,因此矿工必须决定将该资源分配到哪个区块链上。

相反, PoS 系统中的这个过程并不清晰。如果同时生成两个区块,则每个冲突块都可以建立权益。最终,一个区块可能比另一个区块拥有更多的权益,这可能使其成为赢家。这里的问题是,如果允许持币人改变主意而支持赢家,这样系统就会集中在同一条区块链上,那他们为什么不将权益分布在多条区块链上?

然而,所有的权益都只是区块链上的资源,与现实世界没有联系,因此可以在两个相互冲突的区块链上投放相同的权益。这就是所谓的“免费午餐”问题,我们认为这是 PoS 面临的最重要的问题。


“免费午餐” 问题

“免费午餐” 问题 权益不会增加系统的收集性,因为相同的权益可以应用到多个竞争链中,这是一种无风险的方式,可以增加他们的奖励。相反,在基于 PoW 的系统中,消耗的能源是真实的世界有限资源,因此 “相同” 的工作不能应用于多个竞争链。 
辩护论点一 这个问题可以避免或减轻。该协议可以进行调整,若一个冒名者在多条链上投放相同的权益,第三方可以提交该证明给任一条区块链,从而实行惩罚,例如没收权益(削减条件)。或者,与其惩罚它,还可以使作弊者失去潜在的回报,或将其排除在权益池之外。
PoS 怀疑论者的回应 上述辩护是不恰当的,并可能将惩罚本身合法及必要的行为。例如,如果一个持币人首先接收到一个区块,而大多数人首先接收到另一个区块,那么该持币人可能会改变主意并转而遵从大多数。事实上,容许改变主意和投靠大多数确保网络趋同的过程是共识系统的要点。如果这种行为受到惩罚,系统如何整合?

要么惩罚的经济价值高于切换跟随多数的奖励,要么低于。因此,免费午餐的问题意味着 PoS 系统永远无法对系统整合作出贡献,因此这个想法从根本上是有缺陷的。

辩护论点二 上述明显的困境可以通过以下几个方法解决,比如:

  • Casper 的早期建议使用了多轮投注。在初期改变一个人的想法可能是合理的,惩罚也许很小,而在后来的几轮中,在多个竞争链中使用相同权益的惩罚可以增加,使得最终用户对系统的最终性有高度的保证。
  • 最新的 Casper 循环旨在容许验证者改变他们的想法,但只在 “合法“ 的情境里而非 “非法“ 的情境里。 
PoS 怀疑论者的回应 通过添加多轮投注机制,大大增加了系统的复杂性。这只是增加了一些混乱的层面来掩盖免费午餐的问题,而没有解决根本问题。
辩护论点三 没有一个系统是完美的,实际上建立一个完美的系统在数学上是不可能的,因此免费午餐的问题无法得到完美解决,然而上述措施的确可以缓解该问题,因此这些理论性问题不太适用于现实世界。



PoS 的另一个潜在问题是所谓的 “远程攻击” 问题。例如,攻击者可以购买一个过去拥有大量加密币的私钥,然后根据这一点生成另一个历史记录,从而根据 PoS 验证向自己颁发越来越多的奖励。由于攻击者获得了大量的奖励,他可以生成比现有区块链更高的权益链,并且可以重组过往这么多年区块链。

这个问题的解决方案是检查点(checkpoint),即一旦达到某个特定的关联阈值就锁定在某个链状态的过程,使其永远不会重组。批评者认为,该解决方案需要随时保持其节点上网,因为脱机节点不能检查点。有人声称,如果一个人离线,安全模式将退为 “询问友人”,因为人们依赖于查询他人的检查点。尽管过去比特币的模式包含了检查点,但其目的是加速初始同步,尽管这种影响可能会导致 “询问友人” 安全模型开启。





尽管生态系统在不断扩大,但许多企业和交易所都 24 小时不间断的运行着,因此必须始终保持节点运行,且可以执行检查点设置。有大量的激励措施阻止它们进行大规模的链上重组。对许多人来说,这有足够的安全性,因此远距离攻击问题带来的风险是不相关的或者只处于理论层面的。



在一个纯 PoS 的系统中,权益人也需要生产区块。这些系统通常通过从池子中选择一系列授权区块生产者来开展工作,其中概率与权益持有成正比。这里的问题是共识系统内部需要随机性。如果区块本身用于生成熵,那么权益人可以尝试操控区块中的内容将未来的区块分配给他们自己。然后,权益人可能需要越来越多的计算能力来尝试越来越多的替代区块,直到他们被分配到未来的区块。这基本上又变回了 PoW 系统。

在我们看来,与“免费午餐问题”相比,权益磨削问题对于 PoS 来说不是一个根本性的问题。解决这个问题所需要的只是网络中熵的来源,或像以太坊这样的任何人都可以参与的智能合约 – RanDao 就可以解决这个问题。


案例研究 –   Peercoin 和以太坊的 Casper


1 –  Peercoin  – 2012 年


Peercoin 是一个PoW 和 PoS 系统的混合体,建立在加密币年龄的理念之上。分叉选择规则是选择那条加密币年龄最大的区块链。

加密币年龄被简单定义为加密币数量与持有周期的积。在一个简单易懂的例子中,如果鲍勃从爱丽丝那儿收到了 10 个加密币并有了 90 天,那我们可以说鲍伯的加密币年龄已经累积到了 900 个加密币日。

资料来源: Peercoin 白皮书

在 Peercoin 中,一些区块是纯使用 PoW 而生产的,而另一些区块的 PoW 的难度根据矿工在交易中摧毁的加密币年龄(基于 coinstake 而不是基于 coinbase 的交易)进行调整。“例如,如果鲍勃有一个钱包输出积累了 100 个加密币年的年龄,并预计它在 2 天内产生一个[ PoS 区块],那么爱丽丝可以大致预计她 200 个加密币年的钱包可以在 1 天内产出一个[ PoS 区块]。



弱点 概要
免费午餐 该协议的目的是通过忽略第二个相互冲突的链条来防止矿工在多个连锁链条进行 coinstake 交易时使用相同的加密币。然而,这是不够的,并且如果它们以不同的顺序接收冲突区块,则会导致节点分叉。
区块生产 通过使用 PoW 生成区块来解决
远程攻击 这是 Peercoin 的一个重要漏洞,攻击者可以通过不支出加密币来增加加密币的年龄,然后发起重组攻击。

这是通过中央系统每天广播数次检查点来解决的。因此 Peercoin 是一个集中系统。

权益磨削 这可能不是个问题,因为从验证者池中没有选择的问题,因为始终需要 PoW 系统并且加密币权益改变了 PoW 的目标。



就当时来说 Peercoin 是一个有趣且新颖方法,但是该提案产生了一个中心化的系统,无法匹配 PoW 的属性。


2 – 以太坊 –  Caper 全 PoS 系统 –  2015 年


这是一个完整的 PoS 建议,基于“通过赌注达成共识”的美学。

  • 区块由区块生产者池里产生,随机数生成器用于选择轮到哪个生产者生产区块,然后给生产者一个时间窗,在该时间段内他们可以生成有效区块。
  • 有一组绑定的验证人,投注人必须先被绑定才能投注区块。
  • 然后验证人可以对区块进行投注,每次投注会有一个概率提供,代表潜在回报。
  • 在几轮下注之后,随着概率接近 1 或 99% ,该区块就被认为是最终的。





  • 如果该区块尚未产出,但当前时间非常接近该区块应该发布的时间,请下注 0.5 。
  • 如果该区块尚未产出,但自该区块应该发布以来已经过了很长时间,则下注 0.3 。
  • 如果该区块存在,并且按时产出,则押注 0.7 。
  • 如果该区块存在,但它产出的时间或者太早或太迟,下注 0.3 。
  • 为了帮助防止 “卡住” 情况,应增加一些随机性,但基本原则保持不变。

默认的博弈策略有一个公式(如下所示),以便将概率推离 0.5 ,这样链将向前移动,使得预期概率更接近零或一。

设 e(x) 是使 x 更“极端”的函数。即,将值从 0.5 推到 1 。一个简单的例子是如果 x> 0.5 ,则分段函数 e(x)= 0.5 + x / 2 否则 x / 2

如果验证人在概率为 99% 时下注,则回报非常小( 1% 用作计算回报的度量),相反,在 50% 的概率投注获胜后代表 100% 的回报,这会从奖励池中获得更高的回报。

分叉选择规则就是所有加权概率的总和超过了一定的阈值,比如 0.99 。例如,一个 5 个区块的链条,每个区块显示 5 分的概率均为 1 。任何在 0.99 阈值之后改变主意并将权益投放在多个链条上的验证人可能会被惩罚(削减)。而若在阈值前改变主意将不会被惩罚。




弱点 概要
免费午餐 该协议旨在通过惩罚机制来防止矿工在多条链上使用相同的加密币下注,一旦被发现,验证人将失去其存款。我们认为,这可能会损害系统的收集性,尽管下注程式可能会将概率降到 0.5 以下,进而助于缓解问题。
区块生产 RanDAO 合同可以用来提供熵来选择区块生产者。然而,这只能提供一个时间窗口,在这个时间窗口中可以生产区块,但对于该区块是否是在时间窗口内生产是没有共识的,在此之后,投注过程应该能够解决该争议。
远程攻击 一旦达到某个概率阈值,节点便会检查点区块。远程攻击问题在节点关闭期间仍然可能发生。
权益磨削 RanDAO 合同可能可以解决权益磨削问题。


以太坊未采纳该提案。我们认为该提案从未完成,因为该系统的一些参数和方面缺乏规范。尽管通过权益达成共识很有趣,但它似乎太复杂,而且存在太多的不确定性。这种方法说明了在构建完整的 PoS 系统时将遇到的困难,以及在试图解决其缺陷时,它会导致问题越来越复杂,直到系统变得不可行。


3 – 以太坊 – Casper 最新版本 –  PoW / PoS 混合系统 – 2018 年


与早期所提出的一些 PoS 系统相比,目前的 Casper 提案反映了哲学上和技术上的变化。它回到了 20 世纪 80 年代 Lamport 的学术工作以及 Lamport 的定理:当且仅当系统中三分之二的代理人诚实时,才能使这些系统有效工作。因此,目前的 Casper 版本比以前更加雄心勃勃。 PoS 不再用于生产区块或决定区块的时间,这些仍然由 PoW 矿工完成。 PoS 系统将作为检查点。在我们看来,这个建议优于早期相对复杂的 Casper系统。



  • PoS 系统仅在每 100 个区块间才会启用,作为检查点提供 PoW 系统额外的保证。
  • PoS 系统的参与者将他们的以太币发送到 “验证者池” ,并且每隔 100 个区块将其权益放在一个区块之后。如果池中三分之二的资金支持提案,则该区块将被视为最终提案,若有争议,此提案将优先于 PoW 。
  • 验证人投票仅在最后一个检查点区块之后12 个确认内有效。
  • 如果没有达到三分之二的门槛,该链条将继续完全基于 PoW 系统操作。
  • 如果有任何权益者作出违规行为,第三方可以提交以下的证明,若该证明属实,骗子们将失去全部权益/存款,同时第三方可以得到 4% 的回报作为激励:
    1. 在同一高度上为多重矛盾区块投票
    2. 在不同高度上为多重矛盾区块投票,但使用矛盾参照区块,除非新的参照区块有更多的高度。


以太坊奖励结构将进行调整,以便 PoS 验证人得到除了 PoW 矿工之外另一部分支付费用。据我们所知,这个新分配的细节尚未确定。



我们认为, Casper 的最新版本与早期版本相比有了显着的改进,主要原因是复杂度较低且对 PoW 系统更加依赖。


  1. 当超过三分之一的权益人拒绝参与 – 在这种情况下,我们回到了 PoW 的系统
  2. 当权益人在定案后会改变他们的想法,以至于三分之二以上的权益人支持了替代链 – 远距离攻击问题
  3. 当三分之二多数的权益人支持比当前领先的 PoW 链短的链,这是导致重组的一种新方式。我们认为这是该提案的最大缺点。

这个系统背后假设的核心是它的 PoW 推动了链的发展,并且 PoS 系统只是在 PoW 矿工已经锁定了一个链条的情况下才会启动, PoS 投票在 12 名矿工确认之前甚至是不生效的。事实上,如果三分之二的多数支持无法实现,那么这条链会继续保持原来的状态。

因此,我们得出这样的结论,即最新的 Casper 提案的核心特征是 PoW 系统先行,只有其后,若出现PoW 矿工恶意破坏行为, PoS 系统可以为链条重组提供额外保证。因此, PoW 仍然提供系统收集性, PoS 机制可以抵御矿工重组威胁。因此,尽管 PoS 提供了这种安全性,但正如上面第三点所指出的那样,它也提供了额外的风险,因此我们不清楚整体好处是否大于坏处。

弱点 概要
免费午餐 验证人若同时投票支持相互冲突的检查点区块, 他们可能会失去他们的权益。收集问题通过 PoW 挖掘来解决。
区块生产 PoW 矿工生产区块,因此不存在与选择区块生产者相关的问题。
远程攻击 一旦验证者池中的三分之二的权益投票通过区块,节点最终将确定该区块并且不能重组。但远程攻击问题在节点关闭期间仍然存在。
权益磨削 PoW 矿工生产区块,因此不存在权益磨削问题。





BitMEX 研究团队独家采访 Vitalik Buterin 关于最新的 Casper 提案

问题 1  – 即使 PoS 系统可以提供比以前更多的保证,在达到 34% 的投票门槛之前,重组风险可能会更高,因为重组可能通过 PoS , PoW 或以更多方式发生。您担心这个潜在问题吗?

我并不担心。有充足的理由相信它不应该对系统的稳定性产生负面影响。未锁定链条的评分规则是 “最终确定时期 + 总难度 * ε” 。这里有一篇论文指出,任何“单一”链条评分规则都是纳什均衡;我们的评分规则显然是单调的,所以它是纳什均衡。矿工和验证人都使用链条评分规则,所以矿工和验证人都会自然地帮助链条增长,而不是试图重组。 Casper FFG 以这种方式进行了设计,以 “基于链条” 的共识以及 BFT 理论使得系统 “跑的舒服” 。


可能使 “重组风险更高” 的情况是:


  • 当大多数验证人比大多数矿工更不诚实
  • 如果 Casper 特定的代码有错误

我们相信,如果上述任何一点是真的,那么 Casper FFG 的风险会增加。

问题 2  – 您认为用户和交易所会如何反应?交易所是否应该在存入存款之前修改其做法,例如 2 次确认外加得到 34% 验证人的投票?

如果是我管理的交易所,我会做一些安排,比如要求高达 1 万美元的存款需要等待 12 个确认,及在存款金额更大的情况下要求区块锁定。

问题 3  – 是否会有总体评分指标供交易所使用,一个结合了 PoW 和 PoS 影响的指标?


  • 交易已被纳入一个区块,这是区块头
    • 这是头的第 N 个祖先
    • 这是一个检查点 C 的始祖。它是头的祖先。验证人已​​经开始对 C 进行投票。
  • 验证人认证了 C 。
  • C 的孩子 –  C’ 存在,并且验证人已经开始对 C’ 进行投票来确定C
  • C’ 的孩子有超过 1/3 的选票。在这一点上,至少有一个验证人需要实际上被削减,以便将情况恢复,使 C 到达最终状态。


我们认为,这个最新的 PoS 提案是迄今为止最好的。我们认为这可能会被以太坊采纳,并可能为该系统的安全性做出积极的贡献。但是,该系统仍然依赖 PoW 采矿,至少在中期阶段。在 PoS 过程发生之前,系统需要依赖 PoW 首先解决任何拜占庭问题。因此,该系统依靠 PoW 进行区块生产,并确保系统在一条链上收集的特性。虽然 PoS 开采可能会缓解一些风险(敌意的 PoW 开采),但是它是否对系统收集性或安全性做出了净贡献仍不清楚。因此, PoS 的批评者可能会认为,从 PoW 矿工重新分配给权益者的任何奖励都会不必要地削弱系统的收集性和安全性。


尽管我们认为目前的提案具有可操作性,但 “免费午餐的问题” 可能是一个重大挑战。这个新机制是否解决了这个问题,至今仍未有定论。因此,尽管计划将此提案作为一个垫脚石,作为逐步转向全面 PoS 系统的先行计划,但要达到全面 PoS 系统可能比以太坊社区中的某些人认为的更难实现。








BitMEX (