Following on from our 28 May 2019 announcement of a donation to the MIT Digital Currency initiative, we are delighted to announce a US$60,000 grant to Bitcoin Core contributor, Michael Ford (AKA fanquake). Michael has been a Bitcoin contributor since 2012 and has recently been added to the list of maintainers for the Bitcoin Core software project.

HDR Global Trading Limited (which owns and operates the BitMEX cryptocurrency trading platform) is proud to support Bitcoin development and engineering, aimed at improving Bitcoin’s robustness, scalability and privacy. The grant is non exclusive and requires Michael to work on Bitcoin Core. We are pleased to be Michael’s first financial supporter during his time as a Bitcoin Core maintainer.

Sam Reed, CTO and co-founder of HDR Global Trading Limited, made the following remark about the grant:

HDR Global Trading Limited, like all other companies in the cryptocurrency space, relies heavily on the (mostly-volunteer) work of coders dedicated to the mission and ideals of Bitcoin. This work is difficult, demanding, and often thankless. We believe it is the duty of corporations to give back to the projects from which they benefit – and from which their very business model stems. Without the millions of free man-hours from dedicated OSS developers powering everything from our operating systems, to our web servers, to our ops tools and Bitcoin itself, the BitMEX trading platform could not have been built. We don’t forget this gift. Therefore, HDR considers this grant, provided on a no-strings-attached basis, to be only a small part of an ongoing commitment to bolstering Bitcoin and other OSS projects for the benefit of all.

 

The event horizon has passed. With Libra, Facebook begins its foray into the digital asset industry. Before I begin my analysis, let’s get one thing straight; Libra is not decentralised nor censorship resistant. Libra is not a cryptocurrency. Libra will destroy all stablecoins, but who gives a fuck. I shed no tears for all those projects that somehow believed there was value in a an unheard-of sponsor creating a fiat money market fund that rode on a blockchain.
 
Libra could lay commercial banks and central banks low. It might reduce their usefulness to a dumb regulated warehouse for digital fiat money. And that is exactly what should happen to these institutions in a digital age.

Why Do Commercial Banks Exist?

Banks came about during a time of great danger for members of the human society. In feudal Europe you most likely worked dawn-till-dusk on the farm. Any meagre savings you or your feudal lord amassed were constantly under siege. Given that money was physical in nature, if you or your lord left the protection of the town, theft was likely.
 
Safety of assets has been the most important value proposition for traditional banks. They could store physical assets and records safely in their vaults. Therefore, governments and wealthy individuals stored money and assets with banks. Banks were and are engaged in a massive confidence game. That is why bank building edifices portray a certain fortified grandeur. In a generation, your assets will still be there, intact and ready for use.
 
Through their partnership with the government, banks obtain a license to issue credit and expand the money supply. They also rely on the legalised violence of the government to enforce contracts. Don’t pay the bank back, they will confiscate the encumbered asset. Should you defy the courts, a government goon will happily press boot to neck, and ensure your compliance.
 
In the last decade, human civilisation’s money and assets quickly transitioned from analogue to digital representations. Money and representations of ownership travel electronically rather than on the back of a horse. If assets and money are now digital, do we need institutions that provide physical rather than digital security?
 
As we have seen, commercial banks are terrible at securing digital information. Pick your large too-big-to-fail bank, and there will be a story about the “leakage” (euphemism for “we have no fucking clue how to safeguard your digital property”) of customer data.

Whoever has the customer, has the value

Previously banks held the most valuable information about customers. They had your whole financial history, and information about where you lived and what you bought.
 
In the past ten years, social media companies through voluntary actions of their users, amassed the most amount of personal information in human history. We share every detail of our lives on Facebook, Instagram, Google, Twitter, WeChat, LINE, Kakao Talk etc. We send billions of messages on centralised chat programs controlled by those same institutions as well. They now own the customer.
 
The modern consumer technology companies own billions of the wealthiest customers’ data. Previous to now, these companies made money on advertising and selling a product. But as with all businesses, once you are successful capturing customers, you start offering financial services.
 
Facebook has almost 2 billion daily active users. It makes complete sense to own the financial existence of their chattel. That is Libra.

Libra Deconstructed

Libra is a stablecoin backed by a basket of fiat currencies. The fiat currencies sit in a dumb regulated commercial bank. Libra allows a privileged few the ability to create and redeem Libra at its Net Asset Value (NAV). Libra rides on a blockchain where certain parties operate permissioned nodes. These parties included VC firms, technology companies, retail merchants, cryptocurrency exchanges, and most importantly commercial banks and credit card processors.
 
Libra may invest into short term government bonds, or into anything the Foundation board allows. The income earned is not passed onto the pleb Libra users, but the node operators and Libra investment token investors. The Foundation is the governing body of the Libra ecosystem. The members are selected based on the industries they represent, and their economic investment into the ecosystem. 
 
Libra does not connect real-world identities to addresses. However, you can bet that converting assets into Libra will encounter KYC. And let’s be clear, any request from a government agency to freeze a transaction will be met with compliance. Therefore, do not use Libra to buy your mood-altering substance(s) of choice.

Impact on Consumers

Many of Facebook’s users reside in places with low financial services penetration. Imagine a world where a Filipina helper can purchase goods sold in Europe with Libra. She most likely does not have great banking services where she works as an overseas foreign worker. Therefore, purchasing goods from foreign countries over the internet is difficult. With Libra, there is no issue.
 
The merchant in Europe receives payment in a basket of fiat currencies they already deal with. This transaction can happen completely inside of one of Facebook’s social media properties like Instagram or Whatsapp.
 
Facebook or a new financial services company it creates, can issue loans at the point of sale denominated in Libra. A user can opt-in to allow Facebook to use all its data on the individual to compute a credit score. Using that credit score, Facebook will lend Libra at a rate to purchase goods from merchants selling on the Facebook platform. Voila, the poorest members of our global society can experience the joys of purchasing mass-produced Chinese knick-knacks on credit. Welcome to Pax Americana!

Impact on Commercial Banks

Commercial banks make money lending. They use retail deposits to make these loans. Unfortunately, in this digital age, they no longer have the best information set about these retail depositors. The social media companies do.
 
Therefore, the Facebook, Google, and Alibaba’s of the world can originate a loan cheaper and offer a lower interest rate than a commercial bank. Libra and the plethora of copycats to come, allow technology companies to use a digital fiat representation in their ecosystems to extend credit and offer all of the most profitable banking products at a much lower cost. These global tech behemoths have billions of free cash flow on their balance sheets to lend.
 
Commercial banks can become node operators or regulated warehouses for the reserve assets of the stablecoin in question. There is still economic value in both of these verticals, but consumer technology companies will now sell the most profitable financial products themselves.
 
Any bank should be on notice, Libra and its clones are existential threats to their business models. Many will cheer as banks’ profit centers are eviscerated. But maybe society is trading one devil for another.

Impact on Central Banks

Commercial banks are not needed at their current largesse in a digital economy. With Libra, Facebook is assuming the role of a central bank. The Libra reserve is managed by a third-party foundation. The reserve managers choose the fiat currency weights, and how funds are invested. Sounds a lot like the job scorecard of a central bank governor.
 
Consumer tech companies can now issue, from their own balance sheet, credit directly to consumers. The only difference with this model is that they, for now, are not able to actually create money like commercial banks. This is the flow:
 
1.     Take retained fiat earnings, and exchange for Libra with an authorised primary dealer.
2.     Lend Libra to your customer in exchange for a good or service you offer.
3.     Obtain Libra + interest in Libra back from your customer.
4.     Sell Libra in exchange for fiat with an authorised primary dealer.
 
The money supply does not expand. That is the one major divergence from how a central bank issues credit into an economy. Central banks’ lending in most cases increases the aggregate supply of money.
 
Why trust a few crusty old men and women to manage the monetary health of the global economy. Let’s trust Zuck!
 
I have no love lost for US Representative Maxine Waters’ idiotic statements and actions on the US House Financial Services Committee. But her and other government officials’ outbursts of concern are not driven by altruistic feelings towards their subjects, but rather a fear of the upending of the financial services industry that lines their pockets and keeps them in office. The speed at which government officials rushed to admonish Libra tells you there is some potential positive value to human society embedded in the project.

Libra and Financial Privacy

It is amusing to see how many people rushed to complain about the potential loss of financial freedom Libra could represent. This fear is misplaced, financial privacy is already non-existent, nor will it ever exist in a digital fiat money system. Whether it be Facebook, The Fed, or The PBOC, centralised electronic fiat money is coming – cash will be outlawed.
 
The great thing about the launch of Libra is that it forces those concerned about the loss of financial privacy to explore alternatives. Bitcoin and other cryptocurrencies will benefit as curious plebs contemplate how secure financial privacy in this new digital age.
 
Libra and the conversations it sparked, is the best news for Bitcoin. Two billion people will now embrace and potentially be frightened of a corporate overlord controlling their financial wellbeing. Curiosity is the best food for the Bitcoin bull market.

Through their investments in augmented and virtual reality, it appears that Facebook wishes to create a completely new digital world. Libra could be the financial mana that powers this virtual existence. Let’s hope that while we are vegetating in our haptic pods, our physical shells don’t get Zucked too hard. Please Zuck me gently, and Zuck me long time.

On 27 June 2019, we set a new record for crypto: >$1B open interest on XBTUSD, >$13B traded on XBTUSD, >$16B on all BitMEX products. Yet, Nouriel Roubini still believes that cryptocurrencies are a farce. Watch him face-to-face next week in Taipei’s Asia Blockchain Summit vs our CEO, Arthur Hayes.


 

On 14 June 2019 at 08:30 UTC, BitMEX will list new quarterly futures.

Please see the following tables for listings and settlements for current and upcoming futures contracts for Q3 2019. Bolded rows are the new contracts.

Code	Pair	Listing	Settlement
ADAM19	Cardano / Bitcoin	15 Mar 2019	28 Jun 2019
ADAU19	Cardano / Bitcoin	14 Jun 2019	27 Sep 2019
BCHM19	Bitcoin Cash / Bitcoin	15 Mar 2019	28 Jun 2019
BCHU19	Bitcoin Cash / Bitcoin	14 Jun 2019	27 Sep 2019
EOSM19	EOS Token / Bitcoin	15 Mar 2019	28 Jun 2019
EOSU19	EOS Token / Bitcoin	14 Jun 2019	27 Sep 2019
ETHM19	Ether / Bitcoin	15 Mar 2019	28 Jun 2019
ETHU19	Ether / Bitcoin	14 Jun 2019	27 Sep 2019
LTCM19	Litecoin / Bitcoin	15 Mar 2019	28 Jun 2019
LTCU19	Litecoin / Bitcoin	14 Jun 2019	27 Sep 2019
TRXM19	Tron / Bitcoin	15 Mar 2019	28 Jun 2019
TRXU19	Tron / Bitcoin	14 Jun 2019	27 Sep 2019
XRPM19	Ripple Token (XRP) / Bitcoin	15 Mar 2019	28 Jun 2019
XRPU19	Ripple Token (XRP) / Bitcoin	14 Jun 2019	27 Sep 2019
XBTM19	Bitcoin / USD	17 Dec 2018	28 Jun 2019
XBTU19	Bitcoin / USD	15 Mar 2019	27 Sep 2019
XBTZ19	Bitcoin / USD	14 Jun 2019	27 Dec 2019

Summary: We have observed an increased number of unauthorised attempts to access customer accounts. We would like to remind all customers and users to please protect your BitMEX and personal accounts by: using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all your accounts; and using a password manager.

Security has always been the number one priority at BitMEX. This is why we were the first platform to adopt a manual multi-signature cold wallet setup to protect customer funds. We are consistently reviewing our security protocols and improving our standards. We remain committed to continual improvement of our platform security and the security of our customers.

In 2016, following a large botnet credential reuse attack, we published a blog post highlighting the importance of using unique passwords on BitMEX. In addition, we recommended enabling 2FA. 2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.

This message was as true and relevant then as it is now: to protect your account, you should always use strong unique passwords, in combination with a multi-factor authentication solution and password manager.

More recently, we have witnessed an increased number of attempts to compromise or obtain unauthorised access to customer accounts. Enabling 2FA on your account is the best and easiest way to protect yourself from these attacks.

Furthermore, we have observed a continued increase in the sophistication and tactics utilised by financially motivated criminals. One example of this: rather than the attacker immediately executing a withdrawal request, we have observed attackers trading funds out of accounts by deliberately making losses against another account which they also control. We have proactively identified a number of these attacks, and continue to eliminate this activity as it is detected.

Another recurring tactic observed in account takeovers is the disabling of BitMEX email login notifications following unauthorised account access. An attacker may also attempt to enable 2FA on a compromised customer account in order to create an API key with withdrawal permissions. A common thread in almost all cases is that customers may not have seen a withdrawal notification or other account related email notification; for example, a login notification.

While we review practices such as enforcing 2FA and other login access features, we have made the following changes:

1. Customers can no longer disable login notification emails. The login notification emails will now be sent regardless of existing notification preferences.
2. Withdrawal requests issued via the API must always complete an email verification step to confirm a withdrawal, unless the API key used was created before 8:00PM June 10, 2019 (UTC).

These changes are a step toward increasing account security for our customers, however it is important to realise that this is not the full solution. Enabling 2FA remains our strongest recommendation.

In addition to the above, BitMEX has reviewed each and every account takeover experienced by our customers and we have identified several common factors among compromised accounts:

1. Password reuse, or use of trivially guessed passwords on the BitMEX platform and on customer personal email accounts.
2. Compromised personal email accounts leading to account theft via password recovery flows.
3. Malware on customer computers leading to secure password theft and subsequent login to the bitmex.com platform.

In order to combat these attacks, adopting a vigilant, disciplined approach to security is key. In all of the above scenarios, utilising 2FA greatly decreases the risk of account compromise. This is further highlighted by recent research by Google that has shown that 100% of attacks can be blocked if a security key has been used for 2FA.

While we consider mandatory enforcement of 2FA across our customer base, we will again stress the importance of adopting good security practices as outlined below.

Note that these steps should be taken not only on your BitMEX account but on personal accounts where you store any confidential information:

1. Enable 2FA
   1. 1. We recommend utilising one of the many available options, such as Google Authenticator or Authy.
2. Use a strong unique password and utilise a Password Manager such as LastPass
   1. 1. A strong password consists of at least ten characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.). Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase.
      2. Do NOT use the same passwords for your social media accounts such as Facebook, Spotify or Instagram accounts as you would for your BitMEX trading accounts or bank accounts. Use strong, unique and different passwords for each and every account!
3. Assess your existing risk
   1. 1. Check to see if your password has been leaked in a third-party breach via services like HIBP.
      2. Check your trading accounts on a regular basis to ensure that you know what the balances are or should be.  
      3. Regular reconciliation of your accounts would be a useful way for you to ensure all transactions in your accounts are with your authorisation.
4. Add support@bitmex.com to your contacts list and ensure our emails are not landing in your SPAM folder
   1. 1. Ensure that you are not filtering official communications from bitmex.com. These communications include login and withdrawal notifications.
5. BitMEX support will NEVER ask for your account password

At BitMEX, we take security very seriously. Whilst we continue to evolve our security capabilities both externally and internally, security is ultimately everyone’s responsibility. If you have digital funds on your online accounts, it is critical that you take steps to ensure your account safety/security as above.

If you observe any unusual activity on your account, please contact our Support team immediately via our contact page.