Unboxing Bitmain’s IPO

Abstract: In this piece we review and analyse Bitmain’s financial data, which was made available (or leaked) as part of the pre-IPO process. The figures indicate Bitmain was highly profitable and cash generative in 2017, but may currently be loss making. Bitmain also spent the majority of its operating cash flow acquiring Bitcoin Cash and may have suffered mark to market losses of US$328 million as a result. We conclude that the IPO itself may go well, however going forwards the allocation of investor capital will be key and management may need to improve in this area.

The IPO process

Bitmain expects to submit IPO documents to the Hong Kong Stock Exchange at the end of August 2018, with a public listing expected towards the end of 2018. The company has just conducted a pre-IPO round, raising several hundred million dollars at a valuation of around $14 billion. Therefore we believe the company is likely to attempt to raise several billion dollars at the IPO stage, with a valuation north of $20 billion.

Documents outlining this process, which also contain Bitmain financial data, have been leaked on Twitter. We have reason to believe the authenticity of these documents, which forms the basis for this report.

Bitmain’s position in the mining industry

Area Companies Bitmain’s position
Chip manufacturing/foundry TSMC, Samsung, Global Foundries, SMIC Bitmain has no presence or prospects in this area
ASIC design, mining machine assembly and distribution Bitmain, Canaan Creative, Ebang, Innosilicon, Bitfury Bitmain is the dominant player in this area and this is the company’s core business. In 2017 Bitmain claims to have had a cryptocurrency market share of 85% and a Bitcoin share of 77%
Mining pool operator BTC.com, AntPool, BTC.TOP, Slush, ViaBTC & F2Pool Bitmain has a dominant position in this space. BTC.com & Antpool are the two largest pools, which are both owned by Bitmain. Bitmain is also an investor in ViaBTC. In the last six months these three pools had a combined global market share of around 48%
Mining farm operator Hive Blockchain, Genesis mining, Bitmain In 2016 Bitmain is likely to have been a dominant player, however the pre-IPO documents show Bitmain has significantly scaled back in this area.  Revenue from own mining operations has fallen from 18.4% of total revenue in 2016 to just 3.3% in Q1 2018.

(Source: Bitmain pre-IPO documents, BitMEX Research)

Will there be demand for the IPO?

Bitmain has a strong or dominant position in most areas in cryptocurrency mining, as the table above illustrates. Bitmain is likely to be the largest and most profitable company in the blockchain space, which is likely to make the company attractive to many investors.

In the last few years and decades the key lesson many technology investors have learnt, rightly or wrongly, is to always invest in the number one company. The number one company typically benefits the most from network effects and as a result smaller rivals tend to fail. The below list of usual suspects illustrate this basic point:

Sector Company
Messaging app Whatsapp, Line (Japan), WeChat (China)
Search Google
Ride sharing Uber
eCommerce Amazon (US), Alibaba (China)
Music streaming Spotify
Online Video streaming Youtube

Justified or not, the blockchain space is now regarded by many as one of the the next big internet based technologies and Bitmain is the number one player in this space. Whether this network effect type logic can apply to ASIC design and distribution is not clear to us and the benefits of being big may be limited to the more traditional economies of scale. We think it is important to not only look at cryptocurrency mining through the technology lens, but also to look at it from the angle of an energy intensive industry, like mining for natural resources. In these sectors the benefits of scale are more limited than for internet based networks. Therefore we don’t completely agree that one should blindly invest in the largest cryptocurrency mining entity, we just think than some investors, perhaps naively, may think this way.  

Bitmain’s own mining operation declines

As we alluded to above, one of the most interesting discoveries in the Bitmain pre-IPO documents was the sharp decline in Bitmain’s own mining farm business. Although the share of revenue has dramatically fallen, in absolute terms own mining revenue still grew by 250% in 2017, its just that the 948% growth in equipment sales overshadowed this.

Bitmain – share of revenue from own mining operations

(Source: Bitmain pre-IPO documents, BitMEX Research)

We believe this decline represents a smart strategic decision by Bitmain to divest (relatively speaking), from an increasingly competitive and lower margin area. In our view, as one moves down the mining supply chain, the competition is likely to increase faster and Bitmain made a sensible move by trying to focus their efforts up the chain, where an increasingly large proportion of the value from mining may accrue. In some ways this is good news for Bitcoin decentralisation, as a dominant mining player has stepped back. We believe ASIC design and distribution is less critical to network security than mining farm operation, which in theory choose the pools who construct blocks and select which blocks to build on top of. Of course Bitmain’s power and dominance in the ASIC space still remains as a significant problem for Bitcoin.

Currently Bitmain are likely to be making losses 

In the documents, Bitmain disclosed the revenue, sales and crucially gross profit margin for each of the main mining products. We have displayed the relevant data in the table below. The data shows that Bitmain sold over a million S9’s in 2017 and then over 0.7 million in Q1 2018 alone.

Financial metrics by mining product

2016 2017 Q1 2018 BitMEX  projection (Current prices)
Revenue by product – $m 
S9 (Bitcoin) 98.1 1,347.4 1,225.9
S7 (Litecoin) 106.3
L3 (Litecoin) 0.9 421.6 344.0
D3 (Dash) 411.6
T9 (Bitcoin) 34.9 84.2
A3 (Siacoin) 76.8
V9 (Bitcoin)
Other 3.3 9.3 9.1
APM Power 13.6 104.8 78.7
Total 222.2 2,329.0 1,829.7
Price – $
S9 1,429.0 1,257.0 1,719.0 499.0
S7 593.0 212.0
L3 1,315.0 1,685.0 1,404.0 209.0
D3 1,581.0 179.0 176.0
T9 1,031.0 991.0
A3 1,431.0
V9 145.0
APM Power 108.0 110.0 95.0
Gross profit margin
S9 58.8% 55.7% 69.9% (11.6%)
S7 58.6%
L3 21.2% 71.0% 44.6% (133.8%)
D3 76.2% (108.8%) (113.8%)
T9 19.9% 49.7%
A3 78.3%
V9 (34.5%)
Total 57.9% 58.9% 61.9% Loss
Volume (units)
S9 68,672 1,071,901 713,158
S7 179,315
L3 676 250,181 245,007
D3 260,313
T9 33,885 84,932
A3 53,703
APM Power 125,513 952,785 828,194
Total 374,176 2,569,065 1,924,993

(Source: Bitmain pre-IPO documents, BitMEX Research, Bitmain website)

Using the disclosed gross profit margin from 2017, we calculated the implied cost price of each machine. Assuming these costs remain unchanged (which may be unrealistic), we were able to calculate gross profit margins based on the latest prices on the Bitmain store. This analysis implies Bitmain are currently loss-making, with a negative profit margin of 11.6% for the main S9 product and a margin of over negative 100% on the L3 product. In reality costs are likely to have declined so the situation may not be as bad, however we think it is likely Bitmain are currently making significant losses.

These low prices are likely to be a deliberate strategy by Bitmain, to squeeze out their competition by causing them to experience lower sales and therefore financial difficulties. In our view, herein lies the key to one of the main driving forces behind the decision to IPO. A successful IPO may increase the firepower available to continue this strategy and eliminate an advantage rivals could have by doing their IPOs first.  

Another reason for these low prices and apparent losses may be that Bitmain has too much inventory on the balance sheet. As at March 2018 Bitmain had $1.2 billion of inventory on the books, equal to 52% of 2017 sales. Bitmain may therefore have had to suffer inventory write downs, which could have generated further losses in addition to the loss making sales.

Use of operating cash flow and balance sheet

The documents contain summary balance sheet data. On the positive side is that Bitmain has no debt and the company was highly cash generative in 2017. The negatives include:

  1. Large prepayments to TSMC, totalling almost $866m in 2017, which weaken Bitmain’s working capital situation;
  2. A large inventory balance, of around $1.2bn (over 50% of peak annual sales) illustrating overproduction;
  3. A large portfolio of altcoins, with a cost base of $1.2 billion which represents the primary use of Bitmain’s cash flow.
Balance sheet – US$ million 2016 2017 Q1 2018 BitMEX projection (Current value)
Cryptocurrency
Bitcoin Cash 673.5 887.5      558.7
Bitcoin 69.1 216.1 148.2      153.1
Litecoin 2.2 49.0 51.2         56.1
Dash 103.0 103.4         55.0
Ethereum 0.6 0.8           0.3
Other adjustment (40.0) (336.7) (18.7)            –  
Total coin assets     31.3      705.5     1,172.4      823.2
Fixed assets    54.0 355.7 175.7
Other   2.4  2.7   3.0
TSMC prepayment     42.7      866.0 666.0
Receivables              7.7   66.4 167.4
Inventory     61.9   1,034.1     1,243.8
Cash 18.2 60.6 104.9
Total assets 218.2   3,091.0     3,533.2
Liabilities      81.3   1,638.3 896.1
Net assets 136.9   1,452.7     2,637.1

(Source: Bitmain pre-IPO documents, BitMEX Research, Prices from Bitfinex)

(Notes: Projections based on prices as at 28 August 2018, coin holdings as at 31 March 2018)

One of the key assets of the company is its portfolio of cryptocurrencies, valued (on a cost basis) at almost $1.2bn as at March 2018. As at March 2018 this consisted of over 1 million Bitcoin Cash. The market value of the altcoin portfolio has fallen in value since Bitmain invested, with almost all the losses attributable to Bitcoin Cash, as the chart below shows.

Bitmains investment in cryptocurrency – change in value vs cost price – $ million

(Source: Bitmain pre-IPO documents, BitMEX Research, Prices from Bitfinex)

(Notes: Prices as at 28 August 2018, coin holdings as at 31 March 2018. Chart assumes coin holding do not change)

As the following chart below illustrates, the Bitcoin Cash investment itself is very significant, to the extent that the company spent around 69% of its 2017 operating cash flow on purchasing Bitcoin Cash. Although this could be an exaggeration, some of the Bitcoin Cash would have been inherited from pre-fork Bitcoin. The figures imply that around 71,560 of the 1,021,316 Bitcoin Cash coins could have been inherited in this way. 

Bitmain use of 2017 cashflow – $m

(Source: Bitmain pre-IPO documents, BitMEX Research)

The situation is even worse than the above indicates. Not only did Bitmain spend a majority of the 2017 cash flow into Bitcoin Cash, they also spent a majority of cash flow from their entire history of operations, into Bitcoin Cash. The documents show that Bitmain generated no cash flow in in 2016 and then only $25m in Q1 2018 (perhaps due to large TSMC prepayments).

Bitmain operating cashflow – $m

(Source: Bitmain pre-IPO documents, BitMEX Research)

In a sense of course none of this matters. Bitmain spent their own funds on risky assets and they knew the risks. For a public company the situation could be a different, with investors expecting the company to invest in core operations or return money to investors. Although perhaps our expectations for governance here are too high for Hong Kong.

Why are Bitmain doing the IPO?

In our view the primary motivating factor for the IPO is simply that Bitmain’s competitors are also planning on doing them and the industry is fiercely competitive, as Bitmain’s loss making prices indicate. Rival Canaan Creative are planning on an IPO and Bitmain are unlikely to let them obtain such a funding advantage. Bitmain’s IPO should deduct money from the pool of capital that could otherwise be invested in Canaan as well as the other miners and it is therefore a good complement to the strategy of lowering prices.

The other reason for the IPO may be to strengthen the balance sheet after investing the majority of the operating cash flow into Bitcoin Cash. Bitmain only had around $105 million of cash on the balance sheet as at March 2018, when this figure could have been nearer a billion dollars if the company hadn’t acquired so much Bitcoin Cash. At the same time the business does require a lot of cash, for example the large advance cash payments TSMC require, which reached a peak of $866m in 2017.

The debate over Bitmain’s technological advantage

Nobody can challenge the performance and scale of Bitmain’s operations Bitmain is losing its lead and has not increased the performance of its miners in over two years
  • It is true that Bitmain competitors have recently released more efficient mining machines than Bitmain, however this is only part of the picture. The figures show that in the past 27 months, Bitmain has delivered 1.9 million S9’s and 3.0 million mining machines in total. No competitor has the capability to deliver on anything like that scale. Rivals can at best deliver a few hundred thousand machines per annum
  • At the same time, although machines from rivals are more efficient, Bitmain’s S9 product is more reliable and has less variance with respect to the hashrate
  • For example, although the Dragonmint T1 product is more efficient, according to official figures. the hashrate variance is higher than expected, this is not acceptable for low margin mining farm operators, who need a predictable product for budgeting purposes. The S9 is the only product that has the necessary reliability
  • Bitmain is the largest player and is lowering prices, such that the other ASIC design companies are now under severe financial stress. Bitmain has already attracted investments from some of the top VC funds in Silicon Valley and the upcoming IPO will ensure Bitmain’s dominance for years to come
  • The Bitmain S9, a 16nm product, was released in December 2015, with an efficiency of around 110 W/TH. The company has not successfully innovated or improved its Bitcoin miner performance since then. This is over 2 and a half years ago
  • Since early 2017 Bitmain has tried to release at least three new more efficient Bitcoin mining chips, one at 16nm, one at 12nm and more recently 10nm in March 2018. Each of these releases failed, costing Bitmain hundreds of millions of dollars. Even TSMC themselves have mentioned that they think the Bitmain investment strategy is too optimistic, which may be part of the reason they insist on such large prepayments
  • These failed tapeouts have finally resulted in competitors producing better machines, today the Innosilicon T2 and ShenMA M10 are more efficient than the S9, with a 80W/TH and 65W/TH performance respectively
  • Bitmain has lost its technological edge as key staff, such as former director of design Dr Yang Zuoxing, have left. Dr Yang is said to have founded a rival mining firm which was sued by Bitmain for a patent violation 
  • Without the ability to innovate and produce better equipment, the only way Bitmain can generate sales is by lowering prices, until eventually the company loses its dominant market position
  • This desperate situation is why some claim that Bitmain tried to mislead investors into thinking it had received an investment from the government investment funds in Singapore. Although we have seen no compelling evidence of Bitmain misleading in the way suggested

The narrative surrounding Bitmain’s technical capabilities can be spun in either direction and as ever the truth may lie somewhere in the middle. However, one thing is clear, if these mining companies do go public, the picture should be far less murky going forwards and we think that could be a significant positive for the cryptocurrency community.

Conclusion

In a way some of Bitmain’s biggest mistakes, such as producing too many units and buying too many speculative altcoins in a bull market, are somewhat analogous to the typical behaviour of mining company management teams.  For instance gold mining firms often invest in high cost assets in bull markets and then fail to invest in quality low cost assets in bear markets. Perhaps it is not totally fair to blame these companies, the hedge funds and institutional investors who own the shares are often just as, if not more, at fault. Greed, fear and the emotions of market moves can affect us all. Therefore although Bitmain has made mistakes, in many ways they are not unusual or unexpected.

We are sure you have heard it before, but “cryptocurrency is here to stay”. In that environment we think Bitmain has the ingredients to be one of the great companies in the space. Bitmain can be a legendary crypto company, generating strong shareholder returns for decades to come, but in order to achieve this (and it’s a lot harder than it sounds) the Bitmain management team may need to improve their management of company resources. Once the company goes public, capital allocation decisions in this volatile and unpredictable market will be difficult enough, letting emotions impact too many investment decisions may not be tolerated.

 

Does Satoshi have a million bitcoin?

Abstract: We examine the extent to which one miner dominated Bitcoin in 2009. We review Sergio Demian Lerner’s 2013 analysis, where he discovered that the increase in the ExtraNonce value in the block can potentially be used to link different blocks to the same miner. We build on his analysis and conclude that although the evidence is far less robust than many assume, there is reasonable evidence that a single dominant miner in 2009 could have generated around 700,000 bitcoin. Although our analysis itself is weak and there is no perfect way of approaching this problem.

Bitcoin blocks mined in 2009 – ExtraNonce vs block height


(Source: BitMEX Research, Bitcoin blockchain)

The history of the debate over the dominant miner in 2009

Towards the start of April 2013, blockchain researcher Sergio Demian Lerner attempted to argue that Satoshi had mined a million bitcoin in 2009. The logic behind this assertion was that the hashrate throughout 2009 was at a low level, around 7 million hashes per second and this was said to be consistent with one miner being highly dominant. At the same time this hashrate was around the same to that which was present in Bitcoin’s first 14 days, which Sergio assumes may be a period in which Satoshi was the only miner. Many in the community were sceptical of Sergio’s claims. The scepticism seems to be based on the following:

  1. The 7 MH/second estimate is based on block timestamps and unreliable, nor is the sample size large enough
  2. There is no reason to believe Satoshi mined alone in the first 14 days
  3. Many individuals recalled mining themselves in the period
  4. Sergio’s assumptions about hardware were incorrect

It is likely that some people could have been biased in dismissing Sergio’s claims, since if Satoshi had mined a significant proportion of the early coins, in the eyes of some that could damage the monetary integrity of the system. However, in our view, the evidence Sergio initially presented was somewhat weak.

The ExtraNonce bombshell

Just a few days later, Sergio then posted a far more persuasive argument on his blog, with much stronger evidence that a single miner was dominant. This then eventually convinced many in the community and to this day many people believe Satoshi is likely to have mined around one million bitcoin.

Sergio’s evidence centred around something called the ExtraNonce. The ExtraNonce is not part of the Bitcoin protocol, in that it is not part of the consensus rules nor is there a formal specification about how to interpret the field. The ExtraNonce is an area in the Coinbase transaction which can vary after several hashing attempts to provide extra entropy for miners, once the standard nonce in the block header has been used up. As the image below illustrates, as the ExtraNonce changes, the impact works its way up the merkle tree into the block header (although in 2009 most blocks contained only the Coinbase transaction, as the network was not used for transactions.)

(Illustrative diagram of the structure of a Bitcoin block)

Sergio published the below picture, with the ExtraNonce on the y-axis and the blockheight on the x-axis (He incorrectly labeled the x-axis as time). The image shows that the ExtraNonce increase over time, in a series of slopes. Some of the slopes (in black) are said to be of a similar gradient, not to overlap and to go back down to zero once they reach a certain height. This is said to demonstrate that all the black lines belonged to one miner (potentially Satoshi) and that this miner now controlled almost a million Bitcoin. Although the technical points about the gradient of the slopes, the height and the lack of overlap may be quite difficult to appreciate and evaluate, the image itself is clearly very powerful and persuasive, in our view.

(Source: Bitslog)

The new BitMEX Research allocation of blocks to the dominant miner

We decided to repeat Sergio’s analysis, except our objective was to count the blocks mined by the apparent single entity and allocate all the blocks. The excercise was challenging, since the slopes interact with many other points. It is therefore impossible to do an accurate allocation. As a result, our analysis is far from perfect and we used a variety of methods, including statistical analysis, random number generators and even manual review to allocate some blocks. We will have made many errors and we do not claim our methodology is robust or scientific. However, as far as we are aware, this is the first attempt to allocate every block in 2009 as belonging to the apparent single entity or not. The below high resolution image below represents our allocation for every block in 2009.

Bitcoin blocks mined in 2009 – Allocation to the dominant miner – ExtraNonce value (y-axis) vs block height (axis)

(Source: BitMEX Research, Bitcoin blockchain)

Analysis of the allocation

Up to August 2009 we agree with Sergio’s conclusion.  There are 22 slopes prior to August, which all have both similar height and gradient (Around an increase in the value of the ExtraNonce by 4 per block found). At the same time these slopes almost never overlap. (The tiny amount of apparent overlap in some instances in less than 5 blocks and therefore may just be coincidence).

After August 2009 the pattern breaks down to some extent. The gradient of the slopes varies considerably (from 1.1 nonces per block to 10 nonces per block). At the same time the height of the slopes is inconsistent and there are many large gaps between them. Therefore although the image still looks compelling, the evidence that the miner is one entity is somewhat weak, in our view. We have presented results below, which include figures both pre and post August 2009.

Category Number of blocks Number of bitcoin
Allocated to the dominant miner 14,815 740,750
Weak allocation (After August 2009) 4,553 227,650
Total 19,368 968,400
Not allocated 16,920 846,000
Grand total 36,288 1,814,400

(Source: BitMEX Research, Bitcoin blockchain)

Debate over the strength of the analysis

Supporting the analysis Weaknesses of the analysis
  • The image is highly powerful, just looking at it illustrates there is a dominant miner. Although explaining it statistically may be challenging, the conclusion is clear.
  • Many of the slopes have the following characteristics:
    1. A similar gradient to each other
    2. Similar heights
    3. Slopes often start shortly after another slope has finished
    4. The slopes rarely overlap
    5. Many of the slopes are hundreds of blocks long
  • This is all too much to be a coincidence. Therefore the evidence that many of the blocks were mined by a single entity is highly compelling
  • Although the ExtraNonce analysis is interesting and revealing, when it comes to estimating the number of coins mined by the dominant miner, it is essentially useless. The methodology used when conducting the allocation involves maximising the number of blocks in each slope, this is required due to the lack of any other available mechanism for allocation. Therefore the number of blocks allocated to the dominant miner is grossly overestimated.
  • The analysis is built on a logical fallacy. In any period there is going to be at least one miner who has the largest share or the steepest rate of increase in the ExtraNonce. There are also going to be at least some types slopes which do not overlap. Grouping these slopes from potentially different miners together is misleading and potentially based on flawed reasoning.
  • Even if the slopes are similar, this could be because different entities had a similar setup. Each miner is not independent, in the sense that they are likely to be running the same software or could be using the same popular hardware, which could produce the same pattern.

Conclusion

In conclusion, although there is strong evidence of a dominant miner in 2009, we think the evidence is far less robust than many have assumed. Although a picture is worth a thousand words, sometimes pictures can be a little misleading. Even if one is convinced, the evidence only supports the claim that the dominant miner may have generated significantly less than a million bitcoin in our view. Perhaps 600,000 to 700,000 bitcoin is a better estimate.

None of the above says much about whether the dominant miner was Satoshi, although we know Satoshi mined block 9, which we have allocated to the dominant miner in our analysis. However this is in a slope of just 11 blocks, so it’s certainly not conclusive. Whoever the dominant miner was, it is of course possible the keys have been lost or discarded by now.

We will end with one famous quote from Satoshi to consider:

Why delete a wallet instead of moving it aside and keeping the old copy just in case?  You should never delete a wallet.

(Source: Bitcointalk)

Although, maybe we are giving that quote out of context…

 

The bitcoin flash crash to $0.01 in June 2011

Abstract: We look at the events surrounding the bitcoin price rally in June 2011 to $32 and the following temporary flash crash down to $0.01, on the MtGox exchange. We look at the incompetence of MtGox and examine the causes of the crash. We then look at the political battle and uncertainty which occurred in the aftermath of the crash.

Bitcoin price from May 2011 to 18 June 2011

(Source: YouTube, MtGox, BitMEX Research)

 

Click here to download the pdf version of this report

 

Overview

If one likes price volatility and scandals, the summer of 2011 was an exciting time for Bitcoin. Over the course of a few days, bitcoin plummeted in value from a peak of $32 to just $0.01 on the MtGox exchange, a trading platform based in Tokyo, which was dominant at the time. This was after a recent rally, with bitcoin trading at around $2 a couple of months earlier. The crash down to $0.01 is now a famous part of Bitcoin history.

In this piece, we look at the cause of the crash and its aftermath. Although the major exchange of the time, MtGox, was shown to the community to be largely negligent, which may not have been the best advertisement for Bitcoin. In our view the engaging nature of the events which occurred that summer, ironically made a significant contribution to the level of interest in the space.

MtGox security issues & the context of the event

There was significant uncertainty surrounding the hack at MtGox which caused the June 2011 price crash and the issues surrounding it were never fully explained. The Bitcoin community was riddled with rumours about whether MtGox was solvent and how much bitcoin was stolen.

Thanks to a report published in 2017 by Kim Nilsson, we now have a relatively strong understanding of what occurred in 2011 and the damage that this caused to MtGox.  Ironically, despite the huge impact on the market and the company’s reputation, in terms of MtGox’s solvency, this event was largely insignificant compared to other security incidents. For many however, a new window into MtGox was opened up, which illustrated a severe lack of monitoring systems, governance, controls and security measures.

The  table below lists some of the major security incidents at the MtGox exchange, with the June 2011 hack highlighted in green. This incident may have only directly cost the exchange 2,000 bitcoin, an inconsequential amount, compared to roughly 837,000 bitcoin of total losses.

List of known MtGox losses

Date Incident name Description USD lost BTC lost
20 Jan 2011 Liberty Reserve withdrawal exploit 50,000
30 Jan 2011 Liberty Reserve withdrawal exploit 2 A user supposedly withdrew US$2billion from their account which never existed. Although it seems no wire transfer actually occurred and therefore there may have been no losses
1 March 2011 Wallet theft 1 Hackers obtained the MtGox wallet.dat file from the server. This is believed to be the withdrawal transaction. As of 19 July 2018, the stolen 80,000 bitcoin has never been moved. 80,000
22 May 2011 Wallet theft 2 Somebody is believed to have accessed a wallet containing 300,000 bitcoin, which was kept unencrypted on a public drive. The thieves decided to return 297,000 bitcoin, keeping a 1% fee. The return transactions are believed to be for 280,000 and 17,000. 3,000
19 June 2011 Price crash to $0.01 Hacker gained access to Jed McCaleb’s administrative account, and sold bitcoins to crash the price, to withdraw as many bitcoins as possible within the US$1,000 per day limit. Other users who purchased bitcoin at low prices may have also withdrawn funds. 2,000
11 Aug 2011 Bitomat Took over the debts of Bitomat after the company deleted its private keys 17,000
Sept 2011 Database hacked A hacker gained write access to the database and inflated balances to withdraw funds 77,500
Sept 2011 Wallet theft 3

A hacker obtained the main wallet.dat file again and began withdrawing funds in October 2011.

MtGox appears not to have noticed this.

603,000
October 2011 Incorrect deposits The change from the above hacker’s withdrawal transactions were incorrectly booked as new MtGox deposits, totalling 44,300 bitcoin. This resulted in customers seeing new deposit balances in their accounts. In some ways the hackers therefore caused more damage to MtGox than the value of coins which were stolen. Some of these errors were corrected, so the net impact may be around 30,000 bitcoin. 30,000
28 Oct 2011 Destroyed bitcoin

A software bug caused funds to be sent in such a way that they could not be redeemed.

Example of such transactions can be found here & here

2,609
May & Aug 2013 US law enforcement seizures Federal agencies in the US seized funds from MtGox’s Dwolla account due to allegations the exchange was not complaint with US regulations. 5,000,000
May 2013 Coinlab dispute Coinlab sued MtGox in a dispute over a licensing agreement. 5,000,000
2011 to 2013 Willy Bot MtGox trading program designed to make up some of the above losses, but actually ended up making things worse. 51,600,000 22,800
Total 61,650,000 837,909

(Source: Cracking MtGox, BitMEX Research)

Overview of the events in June 2011

In the weeks leading up to 19 June, many users of MtGox were reporting that their accounts had been hacked. At around the same time a database of MtGox users, including an MD5 hash of their passwords (with an unclear/inconsistent salt policy) was leaked and made available. Many passwords were identified. Some traders used the same credentials at the rival exchange, Tradehill, who also experienced security issues. Despite this, MtGox did not suspend trading, a decision which many traders questioned.

On 19th June 2011 (3am on 20th June Tokyo time), there were large sell orders on the exchange and the price crashed from around $17.50 to $0.01 and trading continued at this level for several minutes before recovering. This lead to a high degree of uncertainty, with some assuming there may be a problem with the Bitcoin network.

It now seems likely that what actually happened was that a hacker may have obtained access to the account of Jed McCaleb, the founder of MtGox who sold the exchange to Mark Karpeles around three months earlier. This account appears to have retained administrative rights to the database and therefore the hacker was able to manipulate account balances and grant themselves a large number of bitcoins on the MtGox system. The hacker is the likely to have begun selling some of these coins.

Due to the poor management of MtGox, in our view it is unlikely that the company were aware of this, even in the aftermath of the hack, and therefore the explanations provided at the time of the events were incomplete or inaccurate.

The withdrawal limits

At the time, MtGox had a daily withdrawal limit of US$1,000, this applied to both bitcoin and USD (via Dwolla). This meant that the hacker (or any others who benefited from the hack by buying bitcoin at low prices), would be unable to benefit by withdrawing the funds, except within the US$1,000 limit. However, the US$1,000 bitcoin limit was based on the market price of bitcoin on the platform and since the price fell to $0.01, in theory the maximum each user could withdraw was 100,000 bitcoin, certainly not a small amount.

Fortunately, however, MtGox appeared to also have a bitcoin based withdrawal limit, that many users were unaware of. As the Mark Karpeles said at the time:

2011-06-20 00:16:43 MagicalTux the btc withdrawal limit saved us

(Source: IRC, Note: MagicalTux is the CEO & owner of MtGox, Mark Karpeles)

Mark then mentioned that only 2,000 bitcoin were withdrawn in the aftermath of the event, which was a relatively positive result for MtGox.

Got about 2,000 BTC out

(Source: IRC)

There was widespread scepticism about this number at the time, with many believing much more was stolen. Ironically, this 2,000 bitcoin figure now seems about right, although MtGox had lost far more in other incidents. However, due to the price crash and suspension of trading, this incident was very public at the time and resulted in the incompetence of the MtGox platform being exposed to the community.

The rollback debate

Many trades took place at the artificially low price of around $0.01 during the crash. Some traders & investors were unhappy at missing out on the price rally from around $1 to $32, and therefore had buy orders waiting in the system, all the way down the order book to $0.01. To them, this crash is exactly what they were waiting for. To the dismay of many of these traders, in the aftermath of the incident MtGox said they would reverse the trades which occurred during the crash:

The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST). One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins. Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.

(Source: MtGox)

After this announcement there was significant debate in the community as to whether the rollback should occur. Obviously many participants in the debate had a financial interest in the outcome and this was no doubt effecting their views. In many ways, there were some parallels between this rollback and the 2016 DAO “rollback” on the Ethereum network, with some similar arguments being made.

Supporting the rollback Opposing the rollback
  • Most traditional exchanges tend to roll back trades in exceptional circumstances, particularly if trades occur at extremely unusual prices. The prices in this instance were certainly extreme.
  • The bitcoin were stolen and therefore users should not benefit from stolen goods.
  • The bitcoin may never have existed and may only have been entries in MtGox’s database and therefore it may not be possible to deliver the coins.
  • MtGox should take responsibility and compensate all parties involved. In particular MtGox did not act appropriately in the weeks prior to this event when many users reported that their accounts were hacked and they allowed trading to continue.
  • MtGox had no policy with respect to the matter and should therefore honour the trades.
  • If MtGox reversed the trades in this case, then users may not trust them again.
  • Reversal is an arbitrary process, would MtGox reverse trades if a much smaller amount of money was stolen? This is one rule for the rich and another for the poor.
  • Although there are some examples of major traditional exchanges reversing trades in exceptional circumstances, there are examples where they have not done so.
  • Honouring the trades is more consistent with the no bailout, dog eat dog, 24×7 uptime, immutability type culture in the community, which was in some ways more prevalent at the time than it is today.

The community appeared to be split on this issue, with some even favouring a vote to decide.

The trader who bought 260,000 bitcoins for US$2,622

The day after the incident, a trader called “Kevin”, claims to have purchased around 260,000 bitcoins during the crash and was arguing that he should be able to keep the coins. As he explained:

I had around $3,000 USD in my MtGox account, from earlier sales I’d made. I looked at the market stats, and realized that there were tons of orders to buy BTC at $0.01 that would likely eat up any remaining bitcoins this seller had on the order. I figured if I put a buy order in for $0.0101, my order would execute first and I could buy a huge amount of bitcoins

(Source: Bitcointalk)

Kevin posted what he claimed to be the trade confirmation:

06/19/11 17:51  Bought BTC 259684.77 for 0.0101

Kevin then went on to explain the likely reason behind the price crash, which was that the seller was trying to manipulate the price down so that they could withdraw more coins within the US$1,000 limit. In our view this part of Kevin’s story is likely to be an accurate explanation for the price crash. This logic contradicts the claim from MtGox that the person who conducted the hack was also the buyer of the bitcoin.

I could place a reasonably sized sell order for $0.001, crash the market again, and withdraw probably all of the bitcoins, since they’d be valued at $0.001 each and would fit under the $1,000 USD limit. I also decided against this, when I realized that whoever placed the gigantic sell order was probably doing so for the exact same reason

However, some have doubted the accuracy of Kevin’s story, claiming the volume of trades he claims is not consistent with the MtGox feed. The feed appeared to show trading volume of only 55,000 bitcoins during the crash past $0.0101 and only 238,000 bitcoins traded in the period. Only 3,000 bitcoin seem to have been traded at the $0.0101 price. These figures are lower than those implied by Kevin, although Kevin’s trades could have been excluded from this data for a variety of reasons. The feed was also notoriously unreliable and it was not clear if there was a precise definition of some for the information in the feed. In our view, there is no reason to believe the whole truth of any of the parties involved in this incident, but Kevin’s explanation for the crash itself seems plausible to us.

MtGox price feed during the crash

(Source: BitMEX Research, MtGox. Note: Volume in bitcoin)

The proof of reserves

The MtGox exchange was down for several weeks and many users were becoming anxious about the solvency of the platform. There was uncertainty over the amount of bitcoin which were lost and users were concerned about a run on MtGox, eventually leading to the exchange going into liquidation and users losing funds. In an attempt to reduce some of these concerns, as the chat log and bitcoin transaction show below, MtGox attempted to prove it had access to a significant quantity of bitcoin, by conducting an onchain transaction on 18th July 2011.

IRC Chat log – 18 July 2011

(Source: IRC Logs)

(Source: blockchain.info)

At the time, the above action seemed to settle the nerves of many of the traders.

Conclusion

A few weeks after these events, after many false starts, trading at MtGox eventually resumed and the bulk of the trades were reversed. However, to this day, as far as we are aware, MtGox has not been able to provide a coherent explanation for what occurred. The lack of a consistent narrative from MtGox lead many to believe that MtGox had poor monitoring and controls of its systems and that the company was run negligently. Many concluded “never to trust MtGox again”.

Unfortunately, however, MtGox somehow continued to dominate the exchange ecosystem for another three years. However one views the conduct and transparency of some of the platforms and players in the ecosystem today, we can at least conclude that things have  significantly improved since 2011.

 

Tether: Puerto Rico financial data quarterly update

Abstract: Following our earlier research pieces on Tether, financial information from Q1 2018 has been released by the financial regulators in Puerto Rico, providing more evidence of the impact of Tether. In addition to this, a source close to Tether has confirmed to us that the speculation in our initial report is correct.

After our earlier speculation that Noble Bank in Puetro Rico was Tether’s primary reserve bank, a few months later in May 2018 Bloomberg released an article further substantiating our claims. As Bloomberg put it:

According to three people with knowledge of the matter, Noble Bank International, based in San Juan, Puerto Rico, took over banking duties for Bitfinex last year.

In addition to the above, BitMEX Research has also now spoken to people close to Tether, who have also confirmed the reliability of most of the claims in our February 2018 report. Our initial discovery was based on the disclosure of data from the financial regulator in Puerto Rico, who have recently provided the latest update, for the quarter ended March 2018. In our view, the data continues to support our initial speculation.

New Financial Data for Q1 2018

Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.5 billion, up 6.9% in the quarter. Total assets in the category were $4.1 billion, up 7% in the quarter. This moderate growth coincides with a the moderate increase in the volume of crypto-coin trading, which has likely resulted from the continued growth of the Tether balance and crypto-coin ecosystem, moderated by crashing crypto-coin prices in the quarter. In the quarter, the value of Tether in issue increased by 62.7% to $2.3 billion.

We have updated the chart below from the version in our earlier piece, which compares the Tether balance with the deposits in the banking category in Puerto Rico which contains Noble Bank.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

 

Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 85.8% to 91.0%. This also indicates crypto-coin or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)

 

In the quarter the regulator appears to have changed the name of the Tether balance, to “Deposits, money market investments and other interest-bearing balances” from “Cash in banks“. We do not view this as suspicious.

 

A brief history of Stablecoins (Part 1)

Abstract: In this piece we look over the history of distributed stablecoins, focusing on two case studies, BitShares (BitUSD) and MakerDAO (Dai). We examine the efficacy of various design choices, such as the inclusion of price oracles and pooled collateral. We conclude that while a successful stablecoin is likely to represent the holy grail of financial technology, none of the systems we have examined so far appear robust enough to scale in a meaningful way. The coins we have looked at seem to rely on “why would it trade at any other price?” type logic, to enforce price stability to some extent, although dependence on this reasoning is decreasing as technology improves.

Overview

Distributed stablecoins aim to achieve both the characteristics of crypto-coins like Bitcoin (censorship resistant digital transactions) and the price stability of traditional financial assets, such as the US Dollar or gold. These systems are distinct from tokens such as Tether, where one entity controls a pool of US Dollar collateral, ultimately making the system centralised and thus susceptible to being shut down by the authorities.

Along with the somewhat related idea of distributed exchanges, distributed stablecoins have been referred to as the “holy grail” of financial technology, due to their very strong potential benefits. In our view the transformative nature of such a technology on society would be immense, perhaps far more significant than Bitcoin or Ethereum tokens with their floating exchange rates. Distributed stablecoins could have the advantages of Bitcoin (censorship resistance combined with the ability to transact electronically), without the difficulties of a volatile exchange rate and the challenge of encouraging users and merchants to adopt a new unknown token. Such a system is likely to be very successful and therefore it is no surprise that so many people have attempted to launch such projects:

List of stablecoin projects

Name Type Launch Date White paper link
BitShares (BitUSD) Crypto-collateralized 21 July 2014 White paper
Nu (NuBits) Crypto-collateralized 24 Sept 2014 White paper
Steem (SteemUSD) Crypto-collateralized 19 April 2016 White paper
Corion Non-collateralized 14 Oct 2017 White paper
MakerDAO (Dai) Crypto-collateralized 27 Dec 2017 White paper
Alchemint Crypto-collateralized Sept 2018 White paper
BitBay Non-collateralized Sept 2018 White paper
Carbon Non-collateralized n/a White paper
Basis Non-collateralized n/a White paper
Havven Crypto-collateralized n/a White paper
Seignoriage Shares Non-collateralized n/a White paper

The technical challenges involved in creating such systems are often underestimated. Indeed constructing a distributed stablecoin system, which is robust enough to withstand cycles or the turbulence and volatility linked to financial markets may be almost impossible. For instance perhaps most forms of fiat money, even the US Dollar itself, have not even achieved that, with credit cycles putting US Dollar bank deposits at risk. A stablecoin system which builds on top of the US Dollar is therefore never going to be more reliable than traditional banking, in our view.

In economics there is a concept of money supply, with risk and the potential inflationary impact increasing as the number of layers increase. One could add this stablecoin systems on top, as a new high risk layer:

  • M0 – Notes & coins plus deposits at the central banks
  • M1 – Money on deposit in a bank current account (including M0)
  • M2 – Money on deposit in a bank savings account (including M1)
  • M3 – Money in a money market account (including M2)
  • MZM – Money in all financial assets redeemable on demand (including M3)
  • MSC (Synthetic Crypto Money) – Money inside synthetic crypto stablecoin systems  (including MZM)

However advanced or sophisticated the distributed stablecoin technology is, we believe the token is likely to be less robust than the layers above it in the money supply tree.

In this piece we review some of the most prominent and interesting attempts at building these synthetic US Dollar type systems. BitUSD in 2014 and then a more recent project, MakerDAO (Dai).

 

Case study 1: BitShares (BitUSD) – 2014

Factbox
Coin Name BitUSD
Launch Date 21 July 2014
Crypto collateral Yes
Price oracle No

The first stable coin we will discuss is BitUSD, a stablecoin on the BitShares platform. BitShares was a delegated proof of stake (DPOS) platform launched in 2014 by:

  • Daniel Larimer (The primary architect behind EOS and Steem),
  • Charles Hoskinson (the former Ethereum Foundation CEO & Cardano architect), and
  • Stan Larimer (Daniel’s father).

BitShares is just one in a long line of decentralised autonomous corporation (DAC) type platforms released by Daniel Larimer, as the below image shows:

(Note: Daniel Larmier’s company Invictus Innovations launched a number of token/DAC platforms including Protoshares, Angelshares and BitShares. The black arrows represent Protoshares coin holders being granted tokens in the new chains, which Invictus Innovations promised to deliver on all new DAC platforms. Source: BitSharestalk)

 

BitUSD Marketing material

(Source: Introduction to BitShares Youtube video)

BitUSD System dynamics

Pools of Funds Description
Bitshares The native currency of the BitShares platform
Bitshares held as collateral Separate pools of Bitshares  held as collateral, used as backing for the stablecoin.
BitUSD The stable token, designed to track the value of the US Dollar

 

Groups of Participants Description
BitUSD holders Investors and users of the BitUSD stable coin. Holders of BitUSD are able to redeem the tokens for the Bitshares held in collateral.
BitUSD creators Those that create new BitUSD, by selling it into the market (creating new loans), by posting BitShares as collateral. This loan may be for a small period of time, after which it needs to be rolled over or have its collateral topped up to the initial margin level.
Traders Those exchanging BitUSD for Bitshares, and vica versa, on the platform’s own distributed exchange. There is therefore a Bitshares vs BitUSD market price.
Block producers Bitshares block producers/miners have a role of spending the BitShares backing BitUSD, something they are only entitled to do if the value of the BitShares is less than 150% of the value of the BitUSD it is backing (based on the BitUSD vs BitShares exchange rate on the system’s own distributed exchange). The miner can then uses the Bitshares to redeem/destroy the BitUSD. (After the launch the 150% margin level was increased to 200%)

 

Price Stability Mechanisms Price Direction Description
Investor psychology (Unclear/”Why not trade at $1?”) Both directions There does not appear to be a specific price stability mechanism in the BitUSD system. One can redeem and create BitUSD, however the price this transfer occurs at is determined by the BitUSD vs BitShares price in distributed exchange, which is not linked to “real USD”. In a way the price references itself. There is therefore no direct mechanism keeping the price of BitUSD at $1, but the argument put forward is “why would it trade at any other price?” In our view this logic is weak.
BitUSD redemption (indirect) Positive Should the value of the collateral currency (BitShares) fall, any BitUSD holder can redeem the BitUSD and obtain $1 worth of BitShares, assuming the market price of BitUSD is still worth $1 and there is sufficient BitShares held in collateral.

This stability mechanism protects the integrity of the system only in the event that the value of BitShares falls and the BitUSD market price remains at $1. It does not directly stabilize the price of BitUSD around $1, in our view. If the price of BitUSD deviates from $1, this mechanism may not help correct the price.

In our view, it is important to draw the distinction between a mechanism designed to protect the value of collateral and that of a mechanism which directly causes the price of the stablecoin to converge.

Weaknesses

Exposure to a fall in the value of collateral – BitShares was a new, untested and low value asset, and therefore its value was volatile. If the value of the token falls by 50% sharply, in a period spanned by one of the loans used to create BitUSD, there may be insufficient collateral and the peg could fail.

Lack of a price oracle – In our view one of the most controversial aspects of this design is the absence of any price oracle mechanism, providing the system with real world exchange rates. However any price oracle system is challenging to implement and may introduce several weaknesses and avenues for manipulation. We will talk more about this in part 2. In our view, the only real way around this may be that any stablecoin system may require a price feed from a distributed exchange, which can in theory publish a distributed price feed from real world US Dollar transactions. The distributed exchange in BitShares did not allow “real USD”. A distributed exchange system like Bisq, without a central clearing could in theory allow “real USD” prices and provide a distributed price feed.   Therefore stablecoins may eventually be considered as a layer two technology on top of liquid and robust distributed exchange platforms, should these systems ever emerge.

Manipulation – Trading volume in the Bitshares vs BitUSD market on the distributed exchange platform was low, it was therefore possible for block producers to manipulate the market by causing the value of Bitshares to fall relative to BitUSD, enabling them to obtain Bitshares at a discount.

Lack of any price stability mechanism – The main weakness of the system is the lack of any mechanism to move the price towards $1, other than the “where else would it trade?” logic.

Daniel Larimer’s defence of the system

In Daniel’s view, the mechanism of BitUSD creation is analogous to how USD are created in the economy, in that financial institutions lend them into existence.

It’s the same way dollars are created in the regular banking system. Dollars are learnt into existence backed by collateral, in the case of the current banking system the collateral is your house. In the case of our system its shares in the DAC itself.

(Source: Lets talk Bitcoin episode 129)

 

In a way Daniel is correct here, however as we explained in the introduction to this piece, these synthetic dollars are far less reliable than those created by more traditional banks, and can be considered as a whole new layer of risk, as they are even further away from base money. In addition to this, when obtaining a bank loan, the bank typically has a legal obligation to provide the customer physical cash should they demand it. While such an outcome for BitUSD holder is possible, its not a legal obligation for the creators of BitUSD. Although obviously banks typically do not have the cash in reserve to pay back their deposits, we think the fact they have a legal obligation to do so is an important distinction to draw when comparing BitUSD to US Dollar banking deposits.

In response to the supposed weakness of a lack of a price peg, Larimer argues in favor of his “hypothesis that the price feed is unnecessary” as follows:

It implements automatic margin calls, such that if the price moves against someone who is effectively short, it forces them to cover and buy it back in the market and that creates a peg. The market peg works on the premise that all market participants buy and sell based on what they think market participants will be buying and selling in the future. The only rational choice is to assume that it’s going to trade based on the peg in the future. If you don’t believe that they you have to decide on which way it’s going to go, up or down. And if you don’t have a way of saying you abstain from the market. If you don’t think it works you sell the shares and get out, as the systems going to fail in the first place. So its a self reinforcing market peg, that causes the asset to always have the purchasing power of the dollar.

(Source: Lets talk Bitcoin episode 129)

 

In our view this idea that a price of $1 is the “only rational choice” is a weak argument. It is basically saying that if the price is not $1, then what will it be? This logic may hold true for some periods, but it is not sustainable and will not scale, in our view.

Conclusion

The volume of BitUSD in existence was a lot lower than many had hoped, in some periods there was only around $40,000 in issuance. At the same time liquidity was very low and the price stability was weak, as the below chart illustrates. The main architect of BitUSD went on to propose a new stablecoin SteemUSD in 2017, this time including a price feed system. Therefore we consider BitUSD as an interesting early experiment, it did not achieve what was hoped nor did it build a robust stablecoin.

(Source: Coinmarketcap)

 

Case Study 2: MakerDAO (Dai) – 2017

Factbox
Coin Name Dai
Launch Date 27 Dec 2017
Crypto Collateralized Yes
Price Oracles Yes (indirect)

The next stablecoin we look at is Dai, which exists on the Ethereum platform. This system is highly complex, with four relevant pools of funds and six possible stability mechanisms. There are currently around $50 million worth of Dai in issuance and the peg seems to be holding up reasonably well.

System dynamics

Pools of Funds Description
Ethereum Ethereum is the native token of the Blockchain platform used for Maker & Dai
Pooled Ethereum Ethereum is placed in pools used as collateral for issuance of the Dai token. These are often referred to a collateralized debt positions (CDPs)
Dai Dai is an ERC-20 token that is generated by collateralizing pooled Ether. Dai is the stablecoin token, designed to be valued at $1.
Maker The Maker token is MakerDAO’s governance token. It is used to vote on various initiatives that pertain to the stability of the ecosystem. It is also mandatory to possess during the collateral unlocking process. During such a process, a stability fee is garnered from the user, where payment is accepted exclusively in Maker. Maker is also an ERC-20 token.

 

Groups of Participants Description
Dai Creators An individual who sends Ethereum to a smart contract, locking up Ethereum in exchange for Dai. These people are also known as CDP owners.
Dai Holder/User A Dai holder may or may not be a Dai creator. They may invest in or use the Dai stablecoin token.
Maker Token Holders Maker token holders vote on several functions and parameters of the MakerDAO system. They manage aspects such as stability fees and liquidation ratios, as well as having responsibility to nominate other groups.
Keepers These traders monitor the Dai collateral and if it falls to an insufficient level, purchase the collateral in an open auction, by spending Dai.
Oracles Price feed producers submit price information that is aggregated and used to select a given price for both Maker and Ethereum (but not Dai itself). These agents are nominated by MakerDAO token holders.

In order to prevent manipulation, there is a one hour lag between the price publication and when it impacts the system. In addition to this a median type mechanism is used to select the price, which involves ignoring the highest and lowest prices. In our view this may not prove to be robust enough if the oracles have a conflict of interest and try to engage in manipulation.

Global settlers This is another group nominated by the MakerDAO token holders. This group can unwind the entire Dai system, by giving Dai holders the right to redeem their collateral at a fixed price.

 

Price Adjustment Mechanics Price Direction Description
Dai Redemption Positive The primary stability mechanism is the ability, in theory, to redeem Dai for $1 worth of Ethereum. Redemption can only be conducted by CDP owners (unless there is insufficient collateral). If the price of Dai falls, CDP owners need to either use Dai they currently hold or buy it in the market, and then they can redeem/delete Dai for $1 worth of Ethereum based on the price feed provided by the price oracles.
Dai Creation Negative To complement the Dai redemption process, the mechanism to prevent the price of Dai climbing too high, is the ability of Ethereum holders to create new Dai, by placing Ethereum inside of CDPs.
Target rate (Not active) Both directions There is a “Target Rate Feedback Mechanism” (TRFM), which appears to be another price stability mechanism in the system. However, it is not yet active nor have several specifications of the mechanism been worked out yet.

The the idea is that a target rate is set by the MakerDAO token holders. The target rate is essentially a spread which applies to the creation or redemption of Dai, designed to correct the price.

CDP liquidation (indirect) Positive There is a mechanism by which traders/keepers can redeem the Ethereum collateral held by another CDP. This can only occur if the value of this collateral falls to an insufficient level to backup the Dai, in this case 150% of the value of Dai. This should incentivise CDP owners to keep topping up their CDPs to ensure there is a large buffer of Ethereum.

This is a necessary mechanism to ensure the integrity of the system and ensure the value of the collateral is always sufficient. However it is not clear if this directly keeps the value of Dai at $1. This mechanism can be thought of as a building block on the stability mechanism, which merely ensures the level of collateral is sufficient. Other redemption systems are needed to make this meaningful, in our view.

Global Settlement Positive This mechanism can be triggered at any time. The triggering essentially gives all Dai holders an option to convert back to a fixed value of Ethereum, worth $1 according to the oracle price feed, at the time of the triggering (or whatever price is possible given the total level of collateral in the system). The difference between this and normal redemption, is that the price is fixed and its open to all Dai token holders and not paired to a particular CDP.

The idea is that this mechanism can be used as a threat against CDP holders, to ensure they keep redeeming Dai in the event the price falls, rather than holding out for an even lower price.

Global settlement can also be used in the event of bugs or other emergencies.

MakerDAO token issuance (indirect) Positive MakerDAO token holders act as the buyer of last resort. If the collateral (pooled Ethereum) in the system were to drop below 100% collateralization, MakerDAO is automatically created and auctioned on the open market to raise additional funds to collateralize the system. Hence, if the system becomes undercollateralized, Maker holders absorb the damage.

Again this mechanism protects the value of collateral, but does not directly help the price of Dai converge to $1, in our view.

Analysis of the core stability mechanism – Dai redemption

The primary stability mechanisms appear to be the ability of CDP owners to redeem if the price of Dai is too low and for people to create new Dai if the price is too high. For example if the price of Dai falls to 80 cent, CDP owners could purchase Dai in the market and redeem it, unlocking $1 worth of Ethereum and making a nice profit. This is how the system should work under normal circumstances.

The above appears to be a robust stability mechanism which should keep the price of Dai at or near $1. However, the theory may only work if CDP owners expect the price of Dai to correct back to $1. If the price of Dai has fallen to 80 cent, CDP owners may be reluctant to redeem if they expect the Dai price to fall further to 60 cent, as such a price would enable them to make even more profit. There is no guarantee that once the price reaches 80 cent, it won’t continue to fall.

Therefore the stability mechanism could depend somewhat on the power dynamics between two groups, Dai owners and CDP owners. These two groups are essentially trading against each other in the market, Dai owners are selling of Dai and CDP owners are the potential buyers. If the power balance shifts towards CDP owners, such that they are well capitalised, patient, collaborative and determined, this group could outmaneuver the Dai token holders, drive the price down, and then buy it back and make a large profit. This may seem unlikely, but in our view the stability mechanism may not work in all market scenarios. Although we consider Dai as superior to BitUSD, in some limited ways, the Dai peg relies on market psychology and investor expectations, in the same way as BitUSD. Therefore the Dai peg is also weak and unlikely to scale.

The global settlement system can mitigate the above risk. If CDP owners are successfully manipulating the price of Dai down too far, this could trigger global settlement. Dai holders would then get around $1 of Ethereum back. Therefore the threat of global settlement may keep the price of Dai up. However again the effectiveness of this threat depends on the determination of the various groups, the CDP owners, MakerDAO token holders and global settlement activators.

Conclusion

We consider Dai to be one of the most sophisticated and advanced stablecoins systems which has been produced so far. In our view, when digging into Dai’s stability mechanisms, there is no one powerful mechanism which ensures stability. Instead we have a complex network of systems, which to some extent reference each other and use circular logic.  One could claim this complexity was created to obfuscate the lack of a strong and clear stability mechanism, but it is more likely to be an indication of an experimental trial and error type approach to the design of the system.

Therefore the system is still reliant on investor expectations and psychology, although to a lesser extent than the BitUSD. While the stability systems in place could work, at least for a while, we think they are not robust enough to withstand market turmoil or some types of power imbalances between Dai holders and CDP owners. Therefore, the search for the holy grail continues.

 

Bitcoin Economics – Deflationary Debt Spiral (Part 3)

Abstract

This report is the third in a three part piece on Bitcoin economics. In the first piece, we looked at common misconceptions with respect to how banks make loans and the implications this has on the ability of banks to expand the level of credit in the economy. We analysed the inherent properties of money which ensure that this is the case and evaluate the impact this could have on the business cycle. In part two, we considered why Bitcoin might have some unique combinations of characteristics, compared to traditional forms of money.  We explained the implications this could have on the ability of banks to engage in credit expansion. In this piece (part three), we examine the deflationary nature of Bitcoin and consider why this deflation may be necessary due to some of Bitcoin’s weaknesses. We also look at how Bitcoin could be more resilient to some of the traditional economic disadvantages of deflation than some of Bitcoin’s critics may think.

 

Click here to download the pdf version of this report

 

Bitcoin’s deflation problem

One of the most common critiques of Bitcoin and related crypto-coin systems, is the supply cap (in the case of Bitcoin 21 million) and the associated deflationary nature of the system, which could be damaging to the economy. Critics have argued that history has taught us that a finite monetary supply can be a poor economic policy, resulting in or exacerbating, economic crashes. Either because people are unwilling to spend appreciating money or because the real value of debt increases, resulting in a highly indebted economy. Bitcoin proponents are often called “economically naive”, for failing to have learnt these economic lessons of the past.

In this third piece on Bitcoin economics, we explain that the situation may be more complex than these critics think, as Bitcoin is fundamentally different to the types of money that came before it. There may be unique characteristics about Bitcoin, which make it more suited to a deflationary policy. Alternatively, limitations or weaknesses in Bitcoin could exist, which mean that too much inflation could have negative consequences not applicable to traditional forms of money. In our view, these issues are often overlooked by some of Bitcoin’s economic critics.

A selection of quotes about Bitcoin’s inflation problem

The supply of central bank notes can easily expand and contract. For  a  positive  demand  shock  to  bank  notes  (shifting  from  consumption/investment  to money: i.e. it is a  deflationary  shock),  the  central  bank increases money  supply  by  buying  securities and  foreign  currencies.    For  a  negative  demand  shock  to  bank  notes,  the  central  bank absorbs money in circulation by selling securities and other assets.  In case of [Bitcoin], the latter operation is not included in its protocol. That is  to  say,  the  cryptocurrency  protocol  usually  includes  the  currency  supply  rule,  but  does  not  have  a  currency  absorption  or  write-off  protocol. Can we reduce this irreversibility?

– Mitsuru Iwamura (“Can We Stabilize the Price of a Cryptocurrency?: Understanding the Design of Bitcoin and Its Potential to Compete with Central Bank Money”) – 2014

 

The point is that by not building in an inflation, of say 2% per annum in the global supply of Bitcoins, you almost doom it as a currency, because people will start hoarding it, knowing that it’s going to be worth more next year than it is this year

 –  David Webb (51 minutes into the video) – 2014

 

More broadly, a hard supply cap or built-in deflation is not an inherent strength for a would-be money. A money’s strength is in its ability to meet society’s needs. From my perspective, Bitcoin’s built-in deflation means that it does a poorer job than it might at meeting society’s needs. Maybe I will be proven wrong. We shall see.

 –  The Economist (“Bitcoin’s Deflation Problem”) – 2014

 

The currency’s “money supply” will eventually be capped at 21m units. To Bitcoin’s libertarian disciples, that is a neat way to preclude the inflationary central-bank meddling to which most currencies are prone. Yet modern central banks favour low but positive inflation for good reason. In the real world wages are “sticky”: firms find it difficult to cut their employees’ pay. A modicum of inflation greases the system by, in effect, cutting the wages of workers whose pay cheques fail to keep pace with inflation. If the money supply grows too slowly, then prices fall and workers with sticky wages become more costly. Unemployment tends to rise as a result. If employed workers hoard cash in expectation of further price reductions, the downturn gathers momentum.

 – The Economist (“Money from Nothing”) – 2014

 

Our current global system is pretty crap, but I submit that Bitcoin is worst.  For starters, BtC is inherently deflationary. There is an upper limit on the number of bitcoins that can ever be created (‘mined’, in the jargon: new bitcoins are created by carrying out mathematical operations which become progressively harder as the bitcoin space is explored—like calculating ever-larger prime numbers, they get further apart). This means the cost of generating new Bitcoins rises over time, so that the value of Bitcoins rise relative to the available goods and services in the market. Less money chasing stuff; less cash for everybody to spend (as the supply of stuff out-grows the supply of money).

 –  Charlie Stross (“Why I want Bitcoin to die in a fire”) – 2013

 

Nevertheless, there is still the 21m limit issue. If the limit is reached, the future of Bitcoin supply has to go down the path of fractional reserve banking, since only re-lending existing coin, or lending on the basis that settlement can one day be made in Bitcoin — a la conventional banking practice — can overcome the lack of supply

 Izabella Kaminska – Financial Times (“The problem with Bitcoin”) – 2013

 

 

So to the extent that the experiment [Bitcoin] tells us anything about monetary regimes, it reinforces the case against anything like a new gold standard – because it shows just how vulnerable such a standard would be to money-hoarding, deflation, and depression.

–  Paul Krugman (“Golden Cyberfetters”) – 2011

 

While Bitcoin has managed to bootstrap itself on a limited scale, it lacks any mechanism for dealing with fluctuations in demand. Increasing demand for Bitcoin will cause prices in terms of Bitcoin to drop (deflation), while decreasing demand will cause them to rise (inflation). What happens in each of these cases? Let’s start with deflation, because right now demand for Bitcoin is on the rise. What do people do when they think something’s value will be higher tomorrow than it is today? Well, they acquire and hold on to it! Who wants to give up money that’s constantly rising in value? In other words, rising demand causes demand to rise further. Irrational exuberance at its finest. Deflation begets deflation, ad infinitum, or at least until something breaks.

The Underground Economist (“Why Bitcoin can’t be a currency”) – 2010

 

Deflation and the deflationary debt spiral

Many economists have been debating the advantages and disadvantages of inflation for decades. Nevertheless, this primary point of contention is one of theory; economists, from differing schools of thought have a variety of views on the topic.  It is fair to say that the current economic consensus is that deflation is an undesirable economic phenomenon, while moderate inflation of around 2% per annum is desired. Those with Austrian school leanings, who oppose centrally managing inflation towards a certain positive target, tend disproportionality to support Bitcoin and gold’s somewhat deflationary nature.

One of the primary drivers for the negative view on deflation appears to be the 1929 great depression and the idea of a deflationary debt spiral. The theory is that during a period of economic recession and deflation, the real value of debt increases. Such an increase compounds the misfortunes of an already weak economy. Economist Irving Fisher is often credited with formulating this theory, as a response the financial crises of 1837, 1873 and the 1929 great depression.

Then we may deduce the following chain of consequences in nine links:

  1. Debt liquidation leads to distress setting and to
  2. Contraction of deposit currency, as bank loans are paid off, and to a slowing down of velocity of circulation. This contraction of deposits and of their velocity, precipitated by distress selling, causes
  3. A fall in the level of prices, in other words, a swelling of the dollar. Assuming, as above stated, that this fall of prices is not interfered with by reflation or otherwise, there must be
  4. A still greater fall in the net worths of business, precipitating bankruptcies and
  5. A like fall in profits, which in a “capitalistic,” that is, a private-profit society, leads the concerns which are running at a loss to make
  6. A reduction in output, in trade and in employment of labor. These losses, bankruptcies, and unemployment, lead to
  7. Pessimism and loss of confidence, which in turn lead to
  8. Hoarding and slowing down still more the velocity of circulation. The above eight changes cause
  9. Complicated disturbances in the rates of interest, in particular, a fall in the nominal, or money, rates and a rise in the real, or commodity, rates of interest.

Evidently debt and deflation go far toward explaining a great mass of phenomena in a very simple logical way

 – Irving Fisher (1933)

 

Is deflation as bad as these critics claim?

To the extent that critics accuse Bitcoin supporters of being economically naive, they may not always be entirely correct or they could be missing some nuances. Firstly, one does not need to be an Austrian economist to question whether deflation (supply cap) is always undesirable. Deflation could be bad in some circumstances, but it may depend on the characteristics of the economy and the type of money used in society. The social sciences are not like maths or computer science, nobody really knows the right answer to a high degree of certainty and opinions in the academic community change over time. Furthermore, economic circumstances can change over time, which can result in a different set of dynamics, where different inflation policies are optimal. Therefore a hard rule, fixed for all time, such as “deflation is always bad”, may not be the correct philosophy. For example, maybe Fisher’s view on inflation was correct for the economy in the 20th century, however by 2150 technology may have fundamentally changed to such an extent, such that another inflation policy may be more appropriate for society.

Bitcoin has different characteristics and the deflationary debt spiral argument may be less relevant

As we explained in part 1 and part 2 of this piece, Bitcoin possesses properties which are fundamentally different to the traditional money used in the economy such as the US Dollar or gold backed systems. Traditional money, such as the US Dollar are based on debt, which is an inherent property of fiat money. Alternatively Bitcoin may have properties which make it resilient to credit expansionary forces, such that the money is not inherently linked to debt. Therefore in the event of an economic crash and deflation, in a Bitcoin based economy, the impact of increases in the real value of debt could be less significant than one may think. This could make the deflationary debt spiral argument less relevant in a Bitcoin based economy.  In our view, it is likely that many of the Bitcoin critics may have overlooked this point when evaluating the disadvantages of Bitcoin’s deflationary monetary policy.

Disadvantages of inflation unique to Bitcoin

In addition to Bitcoin having some potential advantages, which could make it more resilient to the disadvantages of deflation, Bitcoin’s critics may also have overlooked some of Bitcoin’s weaknesses, which may make it more vulnerable to inflation:

  • Arbitrary environmental damage – Another common criticism of Bitcoin is the environmental damage caused by the energy intensive mining process. Although as we explained in the second part in our series on mining incentives, this issue could be overestimated since miners have a uniquely high level of choice with respect to the geographic location of their mining operations. This flexibility could reduce environmental damage as miners may use failed energy projects rather than investing in new ones.  However, it is still important to note that, the negative environmental damage caused by Bitcoin does seem to be a significant negative externality.  Mining incentives are made up of transaction fees and the block reward (inflation). Therefore increasing inflation increases the level of environmental damage and increases the negative externality. If a 2% inflation policy is decided upon, this could mean at least 2% of the value of the system is spent “damaging” the environment per annum. The inflation policy decision is somewhat arbitrary and the more inflation is selected the greater the extent of environmental damage. There may even be parallels here with the existing financial system. The policy of central banks to stimulate the economy, to achieve their inflation targets, could also be said to cause an arbitrarily high level of environmental damage, at least in the eyes of some critics. Although the link between inflation and environmental damage in a Bitcoin based system is more direct and measurable.  Instead of continued inflation, in Bitcoin the block reward halves every four years until mining incentives are driven entirely by transaction fees. This means that the level of environmental damage will be driven by the market, in that it could represent the amount that users are willing to pay for security, rather than an arbitrarily high level of environmental damage which would be the result of an inflationary monetary policy.
  • Aligning the interests of miners and users – Miners are currently primarily incentivised by the block reward rather than transaction fees. This results in a number of potential problems in the ecosystem, for example perhaps the interests of miners and users are not well aligned. Miners could, for example, exclude transactions from blocks, against the interests of users. Miners may be less likely to take this kind of action if they are primarily incentivised by transaction fees, something Bitcoin’s deflationary policy ensures will eventually become reality.
  • Inability to generate coin value – The supply cap can be considered as a key selling point of Bitcoin for investors and is likely to have helped generate investor interest which may have been necessary to bootstrap the system. If a perpetual inflationary policy was chosen, Bitcoin may not have been able to succeed to the extent it has, even if the deflationary policy is inferior from an economic perspective.

The irony of this debate – economic criticisms are only relevant if Bitcoin is a tremendous success

Much of this discussion focuses on the economics of Bitcoin, assuming Bitcoin is widely adopted, such that the inflationary dynamics have an impact on society. In our view this is an unlikely outcome and perhaps should be considered even more unlikely by Bitcoin’s critics. In our view, Bitcoin may satisfy a useful niche, that of making both censorship resistant and digital payments, but it’s unlikely to become the main currency in the economy. Therefore the debate about Bitcoin’s deflationary nature should be considered as largely irrelevant anyway. Hence it is therefore somewhat odd that some critics use this as an argument against Bitcoin.

This point is similar to one Paul Krugman made in his 2013 “Bitcoin is Evil” piece. Although Mr Krugman is widely derided in the Bitcoin community, most notably for his 1998 comment that “by 2005 or so, it will become clear that the Internet’s impact on the economy has been no greater than the fax machine’s”, we consider the distinction he draws in the quote below as both accurate and sensible:

So let’s talk both about whether BitCoin is a bubble and whether it’s a good thing — in part to make sure that we don’t confuse these questions with each other.

Paul Krugman – “Bitcoin is Evil” – 2013

 

Perhaps Satoshi thought that having a finite supply cap and a deflationary bias, may help the system succeed, even if from society’s point of view, moderate inflation would be more utilitarian. From a system design perspective, producing a working payment system should be the priority, since a system which does not succeed, even if it’s hypothetically beneficial to society, is ultimately useless.

Conclusion

We conclude that rather than being driven by economic naivety, some Bitcoin supporters may have had a more nuanced understanding of the relationship between debt, deflation, the properties of money and credit expansion than the critics think. In contrast one could argue it’s the economic mainstream’s lack of understanding of the relationship between money and debt, and the potential ability of Bitcoin to somewhat decouple the two, which is the most prevalent misunderstanding. Indeed to many, Bitcoin’s ability to decouple debt from money and thereby result in a deflationary climate without the deflationary debt spiral problem is the point, rather than a bug.

However, even if Bitcoin has solved this economic problem, perhaps it’s naive to think Bitcoin would result in a more prosperous economic system. Bitcoin is a new and unique system, which is likely to cause more economic problems, perhaps unexpected or new ones. After all there is no perfect money. It just may not be correct to apply the traditional economic problems of the past, to this new type of money. Although it may be more difficult, identifying Bitcoin’s potential economic problems may require more analysis and a stronger understanding of the underlying technology.

Ironically, if one thinks these economic problems associated with deflation have a remote chance of being relevant, like the critics indirectly imply, that would mean Bitcoin has a significant chance of becoming widely adopted and hugely successful. In that case, perhaps the sensible thing to do is buy and “HODL”.

 

List of 44 Bitcoin fork tokens since Bitcoin Cash

Abstract: Although in 2018 Bitcoin may have somewhat moved on beyond this issue, in this sixth piece on consensus forks and chainsplits, we provide a list of 44 tokens which seem to have forked away from Bitcoin since the Bitcoin Cash split.

(Source: gryb25)

From late 2015 to the end of 2017, there was significant focus and analysis in the Bitcoin community about a chainsplits, finally resulting in the launch of Bitcoin Cash and then a plethora of other tokens. We have already covered some of topics related to these splits, in the five articles below:

In this sixth piece we list 44 Bitcoin forked tokens.

List of Bitcoin forked coins since Bitcoin Cash

Name URL/Source Fork Height
Bitcoin Cash https://www.bitcoincash.org 478,558
       Bitcoin Clashic http://bitcoinclashic.org (Forked from Bitcoin Cash)
       Bitcoin Candy http://cdy.one (Forked from Bitcoin Cash)
Bitcoin Gold https://bitcoingold.org 491,407
Bitcore https://bitcore.cc 492,820
Bitcoin Diamond http://btcd.io 495,866
Bitcoin Platinum Bitcointalk 498,533
Bitcoin Hot https://bithot.org 498,777
United Bitcoin https://www.ub.com 498,777
BitcoinX https://bcx.org 498,888
Super Bitcoin http://supersmartbitcoin.com 498,888
Oil Bitcoin http://oilbtc.io 498,888
Bitcoin Pay http://www.btceasypay.com 499,345
Bitcoin World https://btw.one 499,777
Bitclassic Coin http://bicc.io 499,888
Lightning Bitcoin https://lightningbitcoin.io 499,999
Bitcoin Stake https://bitcoinstake.net 499,999
Bitcoin Faith http://bitcoinfaith.org 500,000
Bitcoin Eco http://biteco.io 500,000
Bitcoin New https://www.btn.org 500,100
Bitcoin Top https://www.bitcointop.org 501,118
Bitcoin God https://www.bitcoingod.org 501,225
Fast Bitcoin https://fbtc.pro 501,225
Bitcoin File https://www.bitcoinfile.org 501,225
Bitcoin Cash Plus https://www.bitcoincashplus.org 501,407
Bitcoin Segwit2x https://b2x-segwit.io 501,451
Bitcoin Pizza http://p.top 501,888
Bitcoin Ore http://www.bitcoinore.org 501,949
World Bitcoin http://www.wbtcteam.org 503,888
Bitcoin Smart https://bcs.info 505,050
BitVote https://bitvote.one 505,050
Bitcoin Interest https://bitcoininterest.io 505,083
Bitcoin Atom https://bitcoinatom.io 505,888
Bitcoin Community http://btsq.top/ 506,066
Big Bitcoin http://bigbitcoins.org 508,888
Bitcoin Private https://btcprivate.org 511,346
Classic Bitcoin https://https://bitclassic.info 516,095
Bitcoin Clean https://www.bitcoinclean.org 518,800
Bitcoin Hush https://btchush.org 1st February 2018
Bitcoin Rhodium https://www.bitcoinrh.org Unknown
Bitcoin LITE https://www.bitcoinlite.net Unknown
Bitcoin Lunar https://www.bitcoinlunar.org Unknown
Bitcoin Green https://www.savebitcoin.io Unknown
Bitcoin Hex http://bitcoinhex.com Unknown

(Source: BitMEX Research, Forked coin websites, findmycoins.ninja)

Please note it is very important to handle these new fork tokens with caution. In particular, we would strongly advise you not to import your Bitcoin private key into any new fork token wallets without first spending the Bitcoin to a new output associated with a different private key after the token snapshot point, so that your Bitcoin is not at risk.

 

 

New Ethereum Miner Could be a Game Changer

Abstract

We look at Bitmain’s new Ethereum miner and notice that it may be less energy efficient than one might expect for an ASIC. We explore the possibility that this miner contains a new more advanced form of technology, which is less efficient than ASICs, but potentially partially immune to PoW algorithm changes. We then conclude that whether this particular Ethereum chip is capable of this or not, this type of technology may eventually end the era of anti-ASIC PoW changes designed to improve decentralisation, such that crypto-coin communities may have to accept the inevitability of ASICs.

Overview

Bitmain have recently launched a new Ethereum miner, widely believed to be an ASIC, and it is expected to ship in late July 2018. However, many in the Ethereum community oppose ASICs and prefer GPU mining, since GPU companies are primarily concerned with gaming rather than crypto-coins, which should mean that the hardware is distributed more widely and fairly, improving decentralisation. Therefore a risk to Bitmain could be that the Ethereum community decide to hardfork to change the PoW algorithm, which could devalue the Bitmain machines and result in a large wasted investment.

In this report, we speculate that Bitmain may already be one step ahead of the Ethereum community. Bitmain may have already learnt a lesson with Monero, two coins which recently conducted PoW changes, potentially resulting in large devaluations of Bitmain’s ASIC chips. Developing a custom chip requires a considerable financial investment and therefore we think Bitmain may have taken some countermeasures to avoid another loss. Bitmain could have designed a new type of mining chip, less efficient that ASICs, but immune to PoW changes. This could make an Ethereum hardfork PoW change mostly pointless.

The recent Monero anti-ASIC PoW change

At the start of April 2018 the Monero community decided to hardfork and change the PoW algorithm, in an attempt to “brick” ASICs and make Monero more GPU-friendly. Due to sharp increases in hashrate, illustrated by Figure 1 and 2 below, the Monero community believed that ASIC manufacturers had developed Monero ASICs, in secret, and were mining the coin.

As Figure 2 shows below, the rolling 90-day hashrate growth rate reached c. 300% in the early part of 2018 (based on 7-day rolling averages). Even after factoring in the sharp increase in value of the Monero coin, this is an extraordinary growth rate. After Monero developers announced plans for a hardfork, Bitmain began to sell Monero ASICs on their website, indicating that they could indeed have been mining in secret. After the PoW change, as Figure 1 shows, the Monero hashrate dropped off significantly.

After the hardfork, the Monero chain split into two, with the original rules coin being called Monero Original (XMO). Although this coin had a lower value than Monero, it had a higher hashrate, since there was little else for the Monero ASICs to mine. There was no replay protection implemented for the split, however Monero increased the ring signature limit, therefore one can split Monero and Monero Original by first initiating a transaction on the Monero Original chain with fewer ring signatures than are allowed on Monero (less than 7).

Figure 1 – Monero hashrate compared to Monero price

Source: Coinmarketcap, BitMEX Research

 

Figure 2 – Monero hashrate compared to Monero price – Rolling 90-day percentage growth of 7-day moving average

Source: Coinmarketcap, BitMEX Research

Note: In the 7 days following the PoW hardfork, the hashrate rolling average excludes the period prior to the hardfork

Bitmain’s new Ethash miner

As we mentioned above, Bitmain has recently launched a new Ethereum miner, which is expected to ship around late July 2018. Given the history with Monero and the fact that many in the Ethereum community, including those mining Ethereum at home on GPUs, are likely to be unhappy at a new Bitmain product, Bitmain may be concerned. One downside to the new miner could be increased miner centralization, but in addition to this, the product may also receive hostility from some in the Ethereum community due to their financial interests in the existing Ethereum miners, GPUs. Bitmain’s management is not stupid, and therefore in our view the company is likely to act with caution and may have taken measures to mitigate against some of these risks.

Figure 3 – Bitmain’s new Ethereum miner: the Antminer E3

Specifications:

  • Power consumption: 800W
  • Hashrate: 180MH/s

Source: Bitmain

The advertised specification of the product is disclosed above. As the table below illustrates, a back -of-the-envelope calculation could imply this new Ethereum miner is less efficient than one would expect if it was an ASIC, based on comparisons with the efficiency gain measured on some of the other ASICs related to other coins. For instance a Bitcoin ASIC is c. 521x more efficient than an FPGA, while the Monero ASIC is c. 88x more efficient than a GPU. In contrast the new Ethereum miner is only c. 1.4x more efficient than a GPU. This could indicate that the new Ethereum miner is not an ASIC at all, but merely a new device more efficient than the existing GPU miners. However, we appreciate that the below table is a crude approximation which ignores many crucial variables and factors, such as the memory-intensive nature of the Ethereum mining algorithm. But although the calculation is inaccurate, the figures can still potentially illustrate a point:

Figure 4 – Approximate miner efficiency calculations

Miner Hash rate (GH/s) Power (W) Energy per hash (J/GH)
Bitcoin (SHA256)
CPU 0.0005 100 200,000
High end GPU 0.5 300 600
FPGA 0.8 40 50
High end ASIC 14,000 1,340 0.096
Efficiency gain 521x
Ethereum (Ethash)
High end GPU 0.032 200 6,250
Antminer E3 0.18 800 4,444
Efficiency gain 1.4x
Monero (CryptoNight)
High end GPU 0.0000001 200 2,000,000,000
ASIC 0.000022 500 22,700,000
Efficiency gain 88x

Source: BitMEX Research, Bitmain
Note: Figures are approximations

Mining chip types & Vector processors (VPs)

As Figure 5 below illustrates, when Bitcoin launched in 2009, mining was conducted using CPUs. However, the architectures of GPUs and FPGAs are more efficient at processing repetitive hash operations. Therefore the network shifted, first to GPUs and then to FGPAs. In 2013, ASICs designed for specific hash functions emerged. Compared to CPUs, GPUs and FPGAs, ASICs are far more efficient at running a particular algorithm, however excluding this, ASICs are far less efficient or actually totally useless.

Figure 5 – Crypto-coin chip type timeline

Source: BitMEX Research
Note: The inclusion of Vector Processors (VPs) towards the end of 2018 is speculative

It might be possible that Bitmain has developed a new type of chip, a Vector Processor. The architecture of this chip could be designed for PoW hash functions in general, but not for a specific hash function. These chips could then be more efficient than GPUs and FPGAs, but less efficient than ASICs. The advantage over ASICs is that they could be, in some respects, immune to PoW changes. It is possible that the new Ethereum miner falls into this category of chip, although this is mostly speculation on our part.

Figure 6 – The evolution of crypto-coin chip types

Chip type Central Processing Unit (CPU) Graphics Processing Unit (GPU) Vector processor (VP) Application Specific Integrated Circuit (ASIC)
Example crypto-coins Bitcoin (BTC) – 2009 to 2011 Bitcoin (BTC) – 2012 to 2013
Ethereum (ETH),
Monero (XMR)

Ethereum (ETH) – 2018 onwards

Bitcoin (BTC) – 2014 to present,
Monero Original (XMO)

Manufacturers Intel,
AMD
NVIDIA,
AMD
Bitmain Bitmain,
Canaan Creative,
Ebang,
Innosilicon
Foundry

TSMC, Samsung,
Global Foundries, SMIC

TSMC, Samsung,
Global Foundries, SMIC
TSMC TSMC,
Samsung,
Global Foundries
Primary use Computing Gaming Crypto-coin mining Crypto-coin mining
Immune to PoW change Yes Yes Potentially No

Higher efficiency

 

It is possible that Bitmain’s new Ethereum miner is tailored for Ethash, in that the components inside the miner such as the electric circuits, power control devices, memory and control modules could all be specifically calibrated for mining Ethereum. However the chip itself, which is the area that requires by far the most financial investment, could be more general and not specifically designed for Ethereum. Therefore if Ethereum conducts a PoW change, it could be possible to direct the chips into a new device as they leave the foundry or perhaps even recover the chips from the old device put them into a new Ethereum miner. Although again, at this point we are speculating.

Artificial Intelligence (AI) technology

At TSMC’s latest set of quarterly results on 19th April 2018, Co-CEO Mark Lie said the following:

[Bitmain] is doing a lot of things on blockchain technology, like AI. They are doing very well. We expect them to slowly move to the AI area.

Source: Q1 2018 earnings call

“AI” is a term with many meanings. Although at this point the situation is unclear, it is possible that any new Vector Processor chips could be what TSMC mean by AI technology. Since any such chip may be able to switch between hashing algorithms, at a stretch, one could argue this falls within the scope of AI. It remains to be seen if the chip is merely programmable, like modern GPUs, or if there is a trick up its sleeve that could give it an efficiency gain vs. GPUs in most cases. If present, this advanced technological capability is likely to be seen as a major achievement for Bitmain. Such technology may also be even more expensive to develop and more specialised than the technology in ASICs, which could make the decentralisation problem even worse.

Ethereum hashrate growth – No evidence of deployment of the new chips

Despite the above, we have not yet seen any strong indications of the deployment of the new chips on the Ethereum network. As Figures 7 and 8 below indicate, Ethereum’s hashrate appears, broadly speaking, to be following a normal trend given the price volatility.

Figure 7 – Ethereum hashrate compared to Ethereum price and NVidia GPU sales

Source: Bloomberg, Etherscan.io, Coinmarketcap, Nvidia, BitMEX Research

 

Figure 8 – Ethereum hashrate compared to Ethereum price – Rolling 90-day percentage growth of 7-day moving average

Source: Bloomberg, Etherscan.io, Coinmarketcap, BitMEX Research

Conclusion

When discussing the possibility that Bitmain’s new Ethereum miner isn’t an ASIC and that the new chip may be somewhat immune to PoW changes, Vitalik Buterin told us:

I have a very similar impression myself

Despite what we have said above, most of the content in this article should be considered guesswork. However, even if we are wrong about this particular chip, we still think it is reasonably likely that at some point in the future, Bitmain or another company, will develop a general-purpose hashing chip, which is more efficient than GPUs for almost all hashing algorithms. At this point the era of anti-ASIC PoW changes could be over, with crypto-coin communities having to make a choice between two potentially unfavourable outcomes:

  1. Allowing ASICs, or,
  2. Allowing general purpose hashing chips, where technologies and production capabilities could be even more concentrated.

Unless of course proof-of-stake systems prove robust enough.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

Complete guide to Proof of Stake – Ethereum’s latest proposal & Vitalik Buterin interview

Abstract

In this piece we examine proof of stake (PoS) consensus systems.  We look at their theoretical advantages and weaknesses. We then analyse the specific details of some of the most prominent and novel PoS systems attempted thus far, where we learnt that some pure PoS systems becomes increasingly complex, to the point which they became unrealistic. We review the latest Ethereum proposal, which we think is a significant improvement compared to previous attempts and it could provide net security benefits for the Ethereum network. However, the system may still be reliant on proof of work (PoW), which is still used to produce the blocks and at this point it is not entirely clear to us if the PoS element of the process contributes to ensuring nodes converge on one chain.

Introduction

Before diving into the specifics of Proof of Stake (PoS), it’s important to clarify what one is trying to achieve when building these consensus systems. Essentially one is trying to construct a data structure with the following properties:

  1. No one entity controls the content of the data (distributed storage and verification of the data is not sufficient);
  2. The database can move forward, (Casper terminology: “Liveness”); and crucially
  3. Participants agree on the content of the data i.e. nodes have a mechanism to decide between conflicting valid chains (Casper terminology: “Safety”)

PoW uses the most accumulated work rule to decide between competing valid chains (fork choice rule). This is not only an apparent solution to criteria three above, but the PoW mechanism also inherently solves the block production and block timing issue. While total accumulated work is the fork choice rule, a block producer is also required to include an element of PoW in each block, a stochastic process, and therefore the issue of who produces each block and when each block is produced, is also be addressed by PoW.

PoS is the general concept of a fork choice rule based on the most accumulated stake (i.e. the chain with the most coins backing, voting or betting on it). However, unlike PoW, this does not necessarily directly address the issue of who produces each block or when blocks are produced. Therefore these issues may need to be addressed by alternative mechanisms. PoW is also a solution to the coin distribution problem, something which may also require an alternative solution in PoS based systems.

Theoretical overview of PoS

The byzantine generals problem

The Byzantine generals problem illustrates some of the  main challenges involved when attempting to construct a data structure with the properties mentioned above. Essentially the issue is about timing and how to determine which updates to the ledger occurred first. Actually if one third or more of the actors are disruptive, the problem is provably unsolvable, from a mathematical standpoint, as Leslie Lamport proved in 1982.

It is shown that, using only oral messages, [reaching agreement] is solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound two loyal generals

Source: The Byzantine Generals Problem (1982)

PoW can therefore be considered as an imperfect hack, which seems a reasonably strong Byzantine fault tolerant system, but certainly not a mathematically robust one. It is in this context, of imperfect systems, which one should analyse PoS alternatives, as like PoW, these systems will also have flaws.

In PoS there are two competing philosophies. One of which is derived from PoW. Coins based on this include Peercoin, Blackcoin and earlier iterations of Ethereum’s PoS proposals. The second philosophy, is based more on Lamport’s academic research from the 1980s and embraces the conclusion Lamport reached that a two-thirds majority is required to build a Byzantine fault tolerant system. Ethereum’s current iteration of the Casper proposal adopts this second approach.

Advantages of PoS

PoS is typically looked at in the context of PoW, as an alternative which solves or mitigates against negative externalities or problems inherent in PoW based systems:

More environmentally friendly

Perhaps the most widely cited advantage of PoS systems is the absence of the energy intensive process which PoW requires. If PoS based systems can achieve the same useful characteristics as PoW systems, environmental damage can be avoided. This is a significant positive for PoS, although as we discussed in our piece on Bitcoin’s energy consumption, the problem may be slightly overstated, due to the incentive to use lower cost or otherwise failed energy projects as a source of power, limiting environmental damage.

Stronger alignment of incentives

Another major problem with PoW based systems is that the interest of miners may not align with that of coin holders, for example miners could sell the coins they mine and then only care about the short term, not long term coin value. Another issue is that hashrate could be leased, with the lesee having little or no economic interest in the long term prospects of the system. PoS directly ties the consensus agents to an investment in the coin, theoretically aligning interests between investors and consensus agents.

Mining centralisation & ASICs

Another key advantage of PoS based systems is potentially improving decentralisation. PoW mining has a number of centralising forces which are not applicable to PoS:

  • ASIC production is expensive and centralised (In Bitcoin Bitmain has a high market share);
  • Chip foundries are expensive and centralised (TSMC, Intel, Samsung & SMIC are the only players with scale);
  • ASIC related technologies can potentially be patented;
  • There may be a limited number of cheap energy sources, with restricted access; and
  • Many aspects of mining can have economies of scale, such as maintenance costs and energy costs, resulting in centralisation.

General and economic weaknesses of PoS

An incomplete solution

As we alluded to above, Satoshi’s PoW systems appears to kill four birds with one stone:

    • Chain selection (the fork choice rule),
    • Coin distribution,
    • Who produces blocks, and
    • When blocks are produced.

PoS only appears to be a proposed solution to the chain selection problem, leaving the other problems open. Although these other issues could be less significant than the chain selection issue.

An “unfair” economic model

One of the most common criticisms of PoS systems is that they allocate new funds in proportion to the existing holdings. Therefore the “rich get richer” and it results in a few wealthy users holding a higher proportion of the wealth than the more egalitarian PoW alternative. If one invests in a PoS system at the start, you can maintain your share of the wealth, alternatively in a PoW system your wealth is diluted as new rewards are distributed to miners. Indeed, if rewards are allocated in proportion to the existing holdings, one could argue its not inflation at all and that the reward is economically equivalent to adding more zeros to the currency. Therefore one can even claim the reward system is pointless and does not provide an incentive at all. However this only applies if all users become PoS validators, while in reality some users will want to use the funds for other purposes.

Risk of a loss of funds

Another issue is that staking requires signing a message from a system connected to the internet. Therefore stakers are required to have a “hot wallet” which increases the risk that funds are exposed to theft from hackers. Although it may be possible to mitigate this downside by having a private key only entitled to stake for a short period of time, after which the balance reverts back to the owner. Although if there is a slashing rule (punishment for voting on two conflicting chains), a hacker could conduct action which destroys the funds even if this mitigation strategy is used. Another potential mitigation strategy could be the creation of specialist hardware for staking.

Technical & convergence weaknesses of PoS

Nothing at Stake

Core to the consensus problem is timing and the order of transactions. If two blocks are produced at the same time, PoW solves the problem by a random process, whichever block is built on top of first can take the lead and then miners are incentivised to build on the most work chain. PoW requires energy, a finite real world resource and therefore miners have to decide which chain to allocate this resource to.

In contrast this process in PoS based systems is not entirely clear. If two blocks are produced at the same time, each conflicting block can build up stake. Eventually one block may have more stake than the other, which could make it the winner. The problem here is that if stakers are allowed to change their mind to back the winner, such that the system converges on one chain, why would they not use their stake on multiple chains?

After-all stake is a resource inherent to the chain and not linked to the real world, therefore the same stake can be used on two conflicting chains. Herein lies the so called “Nothing at stake” problem, which we view as the most significant issue facing PoS.

The “Nothing at Stake” problem

The Nothing at Stake problem Stake does not add to the convergence of the system, since the same stake can be applied to multiple competing chains, which is a risk free way of stakers increasing their rewards. In contrast, in PoW based systems, energy is a real world finite resource and therefore the “same” work cannot be applied to multiple competing chains.
Defense 1 The issue can be avoided or mitigated against. The protocol can be adjusted such that if a staker uses the same stake on multiple chains, a third party can submit a proof of this to either chain, resulting in a punishment, such as the confiscation of the stake (slashing conditions). Alternatively instead of a punishment, the cheater could lose potential rewards or be excluded from the staker pool.
Response from PoS sceptic The above defence is inappropriate and punishes what may be legitimate or necessary behavior. For example if a staker receives a block first, while the majority receives an alternative block first, it may be legitimate for that staker to change their mind and switch to follow the majority. Indeed the process of changing your mind and switching to the majority to ensure the network converges is the point of the consensus system. If this behavior is punished, how does the system converge?

Either the economic value of the punishment is higher than the rewards for switching to follow the majority, or it isn’t. Therefore the nothing at stake problem means PoS systems can never make a contribution to system convergence and the idea is therefore fundamentally flawed.

Defence 2 The apparent dilemma above can potentially be  resolved in various ways. For instance:

  • Earlier proposals from Casper used multiple rounds of staking. Changing one’s mind in the early rounds can be legitimate and perhaps the punishment is small, while in later rounds the punishment for using the same stake in multiple competing chains increases, such that eventually users have a high degree of assurance over the finality of the system.
  • The most recent iteration of Casper aims to allow validators to change their minds, but only in “legitimate” scenarios and not when its “illegitimate”.
Response from PoS sceptic By adding multiple rounds or criteria in which validators can change their minds one is increasing the complexity of the system. This is merely adding layers of obfuscation to conceal the inherent weaknesses illustrated by the nothing at stake problem, without solving the fundamental issue.
Defence 3 No system is perfect, indeed it’s mathematically impossible to construct a perfect system and therefore the nothing at stake problem is not solved, however the measures identified above mitigate the problem, such that these theoretical issues are unlikely to apply in the real world.

The long range attack consensus problem

Another potential issue with PoS is the so called “long range attack” problem. This is the idea that attackers could, for instance, buy a private key which had a large token balance in the past and then generate an alternative history from that point, awarding oneself more and more rewards based on PoS validation. Due to the large amount of rewards given to the attacker, one could then generate a higher stake chain than the existing chain and a large multi year chain re-organisation could be performed.

The solution to this problem is checkpointing, which is the process of locking in a certain chain state once a certain stake threshold has been met, such that it can never be re-organised. Critics argue that this solution requires one to keep their node online at all times, since an offline node cannot checkpoint. Some claim that if one goes offline, the security model therefore degenerates to “ask a friend”, since one is dependent on asking others for their checkpoints. Although in the past the Bitcoin reference implementation included checkpoints, the purpose of these was to speed up the initial sync, although the impact of this could be said to result in an “ask a friend” security model.

However, in our view this is a matter of different priorities. If one wants each individual user to fully verify all the rules and the state of the system, then relying in these checkpoints is insufficient. Indeed, the Satoshi’s original vision appears to imply that the ability of nodes to be switched off and then verify what happened when was was gone is potentially important:

Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone

Source: Bitcoin Whitepaper

Although the ecosystem is expanding, many businesses and exchanges operate 24×7 and are therefore required to keep a node running all the time, and can therefore do checkpointing. There are strong incentives preventing them from allowing a large chain re-organisation. To many, this is sufficient security and the risks posed by the long range attack problem are therefore irrelevant or too theoretical.

Stake grinding

In a pure PoS system, stakers also need to produce blocks. These systems have often worked by selecting a sequence of authorised block producers randomly from a pool, where the probability is proportional to the stake. The issue here is a source of randomness is required inside the consensus system. If the blocks themselves are used for generating the entropy, stakers could try to manipulate the content in blocks in order to allocate themselves future blocks. Stakers may then need more and more computing power to try more and more alternative blocks, until they are allocated a future block. This then essentially results in a PoW system.

In our view, the stake grinding problem is less of a fundamental problem with PoS, when compared to significant issues like the nothing at stake problem. All that is required to solve this problem is a source of entropy in the network and perhaps an Ethereum smart contract like the RanDAO, in which anyone can participate, can solve this problem.

 

Case Studies – Peercoin & Ethereum’s Casper

1 – Peercoin – 2012

Overview

Peercoin is a hybrid PoW and PoS system, built on the idea of coin age. The fork choice rules is the blockchain with highest total consumed coin age.

Coin age is simply defined as currency amount times holding period. In a simple to understand example, if Bob received 10 coins from Alice and held it for 90 days, we say that Bob has accumulated 900 coin-days of coin age

Source: Peercoin Whitepaper

In Peercoin, some blocks were produced purely using PoW, whilst other blocks were produced using PoW where the difficulty adjusts based on the coin age destroyed by the miner in the transaction (the coinstake transaction as opposed to a coinbase transaction). “For example, if Bob has a wallet-output which accumulated 100 coin-years and expects it to generate a [PoS block] in 2 days, then Alice can roughly expect her 200 coin-year wallet-output to generate a [PoS block] in 1 day.

Analysis

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins in a coinstake transaction on multiple chains by ignoring the second conflicting chain. However this is not sufficient and can result in nodes diverging, if they receive the conflicting blocks in a different order.
Block production Solved by using PoW to produce the blocks
Long range attack This was a critical vulnerability for Peercoin, an attacker can simply save up coin age by not spending their coins and then launch a re-organisation attack.

This was solved by centrally broadcasting checkpoints several times a day. Peercoin was therefore a centralised system.

Stake grinding This may not have been an issue, since there was no selection from a validator pool as PoW was always required and coin stake altered the PoW target.

Conclusion

At the time Peercoin was an interesting early novel approach, however the proposal resulted in a centralised system, not able to match the properties of PoW.

2 – Ethereum – Caper full PoS system – 2015

Overview

This is a full PoS proposal, based on “consensus by bet” methodology.

  • Blocks are produced from a pool of block producers, a random number generator is used to select whose turn it is to produce a block and then the producer is given a time window in which they can produce a valid block.
  • There is a set of bonded validators, one must be in the set to make or take bets on blocks.
  • Validators can then make or take bets on block propositions, providing a probability each time, representing the return betters can make.
  • After several rounds of betting, as the probability approaches 1 or 99%, the block is considered final.

Source: Ethereum Blog

Betting strategy

According to the Ethereum blog, betting should occur using the following strategies by default:

  • If the block is not yet present, but the current time is still very close to the time that the block should have been published, bet 0.5.
  • If the block is not yet present, but a long time has already passed since the block should have been published, bet 0.3.
  • If the block is present, and it arrived on time, bet 0.7.
  • If the block is present, but it arrived either far too early or far too late, bet 0.3.
  • Some randomness is added in order to help prevent “stuck” scenarios, but the basic principle remains the same.

The default betting strategy had a formula (given below), to push the probability away from 0.5, such that the chain would move forward, with the probability expecting to either approach zero or one.

Let e(x) be a function that makes x more “extreme”, ie. pushes the value away from 0.5 and toward 1. A simple example is the piecewise function e(x) = 0.5 + x / 2 if x > 0.5 else x / 2

If a validator bets when the probability is 99%, the return is very small (a 1% return used as a measure from which the reward is calculated), in contrast a winning bet placed placed with odds of 0.5, represents a return of 100%, which results in a higher return from the rewards pool.

The fork choice rule then is the sum of all the weighted probabilities, which have crossed a certain threshold, say 0.99. For instance a chain of five blocks, each with a probability of 1 will represent a score of 5. Any validator who changes their mind after the 0.99 threshold has been crossed, can be punished (slashed) for staking on multiple chains. While changing your mind before the threshold is considered legitimate and there is no punishment in that scenario.

Analysis

In our view, this proposal is highly complex, which we consider as the main downside.

Weakness Summary
Nothing at Stake The protocol aims to prevent miners using the same coins to bet on multiple chains by using a punishment mechanism, in which validators would lose their deposit. In our view, this could harm the convergence of the system, although betting formula may move the probability away from 0.5, which is designed to help mitigate the issue.
Block production The RanDAO contract could be used to provide entropy to select the block producer. However, this only provides a time window in which blocks could be produced, it is possible there is a lack of consensus over whether the block was produced within the time window or not, after which the betting process is supposed to resolve the dispute.
Long range attack The nodes checkpoint blocks once a certain probability threshold has been reached. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding The RanDAO contract may solve the stake grinding issue

Conclusion

The proposal was not adopted by Ethereum. In our view the proposal was never complete, as some parameters and aspects of the system lacked a specification. Although the consensus by bet approach was interesting, it seemed too complex and there were too many uncertainties. This approach illustrates the difficulties involved when constructing full PoS systems and how when one tries to address the weaknesses, it just results in more and more complexity, until the system becomes unfeasible.

3 – Ethereum – Latest version of Casper – The hybrid PoW/PoS System – 2018

Overview

The current Casper proposal represents a change in philosophy or a pivot, compared to some of the earlier PoS systems. It returns to the academic work of Lamport in the 1980s and Lamport’s theorem that these systems work if and only if two-thirds of agents in the system are honest. Therefore the current version of Casper is less ambitious than before. PoS is no longer used to produce blocks or decide on the timing of blocks, which is still done by PoW miners. The PoS system is used as a checkpointing process. In our view, this proposal is superior to the more complex earlier iterations of Casper.

The system works as follows:

  • The PoS system is only used every 100 blocks, to provide an extra layer of assurance over PoW, as a checkpointing system.
  • Participants in the PoS process send their Ether into a “validator pool”.
  • Every 100 blocks validators put their stake behind a checkpoint block, whilst also referencing a previous checkpoint block. If two-thirds of the funds in the validator pool support a proposal, the block is considered “justified”.
  • Once a block is justified, it can be used as a reference for future votes. Once two-thirds of the stake use a justified block as a reference, this justified block is considered finalised and this finality takes precedence over PoW.
  • Validators votes are only valid 12 confirmations after the last checkpoint block.
  • If the two thirds threshold is not met, the chain continues to progress based entirely on PoW.
  • If stakers do any of the following banned behaviors, in return for a small 4% fee, a third party can submit a proof of this, such that the cheater loses their entire stake/deposit (slashing):
    1. Votes for multiple conflicting blocks at the same height.
    2. Votes for multiple conflicting blocks at different heights, but using conflicting reference blocks, unless the new reference block has more height.

The Ethereum reward structure will be adjusted, such that PoS validators also receive a share of the rewards, in addition to the PoW miners. As far as we can tell, the details of this new allocation have not been decided yet.

Analysis

The latest iteration of Casper is a significant improvement from earlier versions, in our view, primarily because of lower levels of complexity and greater reliance on PoW mining.

In theory, there are only three problems with the new proposal:

  1. Over one third of the stakers refusing to participate – in which case we are just back to a PoW based system
  2. Stakers changing their mind after finality such that more than two thirds supports an alternative chain – the long range attack problem
  3. Stakers reaching two-thirds majority support for a lower PoW chain than the current leading PoW chain, a new way of causing a re-organisation. We view this as the most significant downside of this proposal.

Core to the assumption behind this system is that its PoW which drives the chain forwards and that the PoS system only comes into play, once the PoW miners have decided on a chain, PoS votes are not even valid before 12 miner confirmations. Indeed, if the two thirds majority cannot be achieved then the chain continues on a PoW basis.

Therefore, we conclude, that the core characteristic of this latest Casper proposal is that the PoW happens first, and only after this does PoS potentially provide an extra assurance against a chain re-organisation, orchestrated deliberately by a hostile PoW miners. PoW therefore still provides computational convergence, with the PoS mechanism defending against the threat of a human/politically instigated miner re-organisation. Therefore although PoS provides this safety, as point three above indicates, it also provides extra risk, therefore its not clear if there is a net benefit.

Weakness Summary
Nothing at Stake Validators can vote on multiple chains, but not at the same height. This is designed to allow validators to change their mind, but only for “legitimate” reasons.

For the hybrid version of the model, the convergence issue may be solved by relying on PoW mining.

Block production PoW miners produce blocks and therefore there is no issue related to selecting the block producer.
Long range attack Once two-thirds of the stake in the validator pool has used a block as a reference for voting, nodes finalize the block and there cannot be a re-organisation. The long range attack problem remains for periods in which nodes are switched off.
Stake grinding PoW miners produce blocks and therefore there is no stake grinding issue.

Other potential unresolved issues

In the event of a contentious hardfork and chainsplit, if the new chain alters the format of the validator checkpoint votes, two-thirds of the validators could conduct destructive re-organisations on the original chain, while avoiding punishment (slashing) due to the new voting format. Validators could therefore destroy the original chain, while still moving forward on a new chain of their choice. The system could therefore be less resilient to being shut down.

Exclusive BitMEX Research Interview with Vitalik Buterin on the latest Casper proposal

Question 1 – Even though the PoS system may provide more assurance than before, prior to the 34% voting threshold being reached, re-organisation risk may be higher, since a re-organisation can occur in more ways, both via PoS and via PoW. Are you concerned about the negatives of this?

I would say no. There are plenty of reasons to believe that it should not negatively impact stability. The pre-finalization chain scoring rule is “highest finalized epoch + total difficulty * epsilon”. There is a paper here that points out that any “monotonic” chain scoring rule is a Nash equilibrium; our scoring rule is clearly monotonic so it’s a Nash equilibrium. Both miners and validators use the chain scoring rule, so miners and validators would both naturally help the chain grow, not try to revert it. Casper FFG was deliberately designed in this way, to “play nice” both with “chain-based” intuitions of consensus as well as BFT-theoretic concepts of finality.

 

The only way in which “re-organisation risk may be higher” is either:

 

  • If validators are more likely than miners to be majority-dishonest
  • If the Casper-specific code has bugs

We accept that if either of these are true then Casper FFG can add risks.

Question 2 – How do you expect users and exchanges to behave? Should exchanges modify their behavior before crediting deposits, for example 2 confirmations plus 34% of validator votes?

If I ran an exchange I would do something like “wait 12 confirmations for deposits up to $10k, and finality for anything higher”

Question 3 – Will there be an overall confirmation score metric, combining both the impact of PoW and PoS, which exchanges can use?

I suppose it’s possible to create one. Here are a few distinct stages of confirmation that I can think of:

  • A transaction has been included into a block, which is the head
    • which is the Nth ancestor of the head
    • which is an ancestor of a checkpoint C which is an ancestor of the head. Validators have started voting on C.
  • Validators have justified C.
  • A child of C, C’, exists, and validators have started voting on C’ to finalize C
  • The child of C’ has >1/3 votes. At this point, at least one validator needs to actually be slashed for the transaction to be revertedC is finalized.

Conclusion

This latest PoS proposal is the best proposal so far, in our view. We think it may be adopted by Ethereum and it could make a net positive contribution to the security of the system. However, the system remains reliant on PoW mining, at least at the interim stage. PoW is relied on to resolve any Byzantine faults first, before the PoS process occurs. Therefore the system relies on PoW for both block production and for the crucial property of ensuring the system converges on one chain. Although PoS mining may mitigate some risks (hostile PoW miners), it is unclear if it makes a net contribution to convergence or security. Critics of PoS could therefore argue that any rewards redistributed from PoW miners to stakers unnecessarily dilutes system convergence and security.

Although we think the current proposal could work, the nothing at stake problem could still be a significant challenge. The jury is still out on whether this new mechanism solves this problem. Therefore despite the plan to use this proposal as a stepping stone, as part of a gradual shift towards a full PoS system, this could be more difficult to achieve than some in the Ethereum community think.

 

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

 

Bitcoin price correlation: Record high against the S&P 500

Abstract: We look at the price correlation between Bitcoin and some traditional financial assets since 2012 and notice that the correlation with stocks in the last few months has reached record high levels, although it remains reasonably low in absolute terms. We conclude that a crypto-coin investment thesis of a “new non-correlated asset class” may therefore have some merit, although correlations may increase if the ecosystem expands. Due to the current correlation with stocks, Bitcoin may no longer offer downside protection in the event of a financial crisis, which some people may expect.

Overview

We calculated the 180-day rolling daily percentage price-change correlation between Bitcoin and a variety of traditional financial assets since 2012. As the chart below demonstrates, the correlation never really significantly escaped the -0.2 to +0.2 range, which is a reasonably low level.

Bitcoin price correlation versus various traditional assets – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Bitcoin vs. the S&P 500 and gold

Focusing on just the S&P 500 index and gold, it appears as if Bitcoin has experienced several periods of correlation.

  • During the Bitcoin price rally in March 2013, which commentators at the time suggested was partially caused by the Cypriot financial crisis, the Bitcoin price correlation with gold increased and remained somewhat elevated until the January 2014 Bitcoin price crash.
  • During the 2016 Bitcoin price rally, a moderately strong gold-price correlation returned again and gold and Bitcoin both had a strong year. This indicates that the same underlying economic factors and political uncertainty (the economic slowdown in China, Brexit, and the election of President Trump) may have contributed to price movements of both assets during this period.
  • During the recent Bitcoin price rally, things appeared somewhat different, with the price correlation between Bitcoin and stocks reaching record levels (almost 0.25). In our view, Bitcoin appears to have obtained some “risk-on” characteristics in this rally. Increased levels of liquidity available to investors and the amount of enthusiasm for new technology, may be driving price movements in both stocks and Bitcoin, to some extent. Therefore Bitcoin may be less likely to provide protection in the event of a financial collapse or fall in equity markets, something traditionally considered one of Bitcoin’s potential strengths. In addition to this, the price correlation with gold recently became slightly negative.

Bitcoin price correlation between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Statistical significance

The R-squared between Bitcoin and other assets in the chart below is low, peaking at only 6.1% with the S&P 500 during the recent price rally. In addition to this, we have not been able to prove the statistical significance of any daily price-change correlation between Bitcoin and any traditional asset using any robust methodology. Scientifically speaking therefore, this article is speculative.

Bitcoin price R-Squared between the S&P 500 index and gold – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Recent price movements

Although it’s difficult to make any conclusions based on robust statistical methodology, due in part to the limited number of data points, a chart of the Bitcoin price versus the S&P 500 in the last few months shows a strong positive relationship, which is difficult to totally ignore.

Bitcoin price compared to the S&P 500 index. (Source: BitMEX Research, Bloomberg)

Indeed, as Bloomberg pointed out with the graph below, the peak of the Bitcoin price actually coincided with the peak forward earnings valuation ratio in the S&P 500. This comparison may be somewhat spurious, since the stock market actually peaked at the end of January (while Bitcoin peaked in December) and earnings estimates reset to higher levels for the year ending December 2018 at the end of 2017.

Bitcoin price compared to the S&P 500 index’s forward P/E ratio. (Source: Bloomberg)

Ethereum and Litecoin

We also looked at the rolling Bitcoin daily price-change correlation between Ethereum and Litecoin. The price correlation between these coins and Bitcoin is obviously far higher than for traditional assets and it is statistically significant. During the massive crypto-coin rally in 2017, the price correlation to Bitcoin fell dramatically to the 0.1 level, as altcoins traded against Bitcoin and moved more independently. After the price correction started in 2018, price correlations have began to climb as the coins seem to move together again.

  • Litecoin — The correlation normally tends to be high, at around the 0.5 level. The price correlation dipped to around 0.2 in 2015, when there was not much Litecoin price action.
  • Ethereum — After Ethereum launched, the system was reasonably small and exposed to some unique risks, such as uncertainty surrounding its launch and the model of giving funds to the founding team. Therefore its price correlation with Bitcoin started low before eventually reaching levels similar to Litecoin.

Bitcoin price correlation between Ethereum and Litecoin – daily price percentage change over a rolling 180-day period. (Source: BitMEX Research, Bloomberg, Bitstamp)

Conclusion

Crypto-coin proponents sometimes mention that crypto coins are a “new non-correlated asset class” that can provide a hedge for traditional portfolio managers. These traditional portfolio managers are then expected to allocate a weighting in their portfolios for crypto-coins, which may cause further price appreciation.

It appears that Bitcoin has been a reasonably non-correlated asset class throughout its history. During the recent rally to a valuation of hundreds of billions of dollars, however, correlations — and, crucially, correlations to risk-on assets — started to increase.

Although there is some merit to the hypothesis of crypto-coins not correlating with traditional assets, if crypto-coin prices remain elevated or increase further and become a significant part of the global financial system, higher correlation with traditional assets may become inevitable.

Whether crypto coins are a “new” asset class and whether this matters is another topic. It’s not clear if there is significant merit merely to being new; more importantly, perhaps, is if crypto-coins offer anything unique.

 

Update: SegWit transaction capacity increase compared to Bitcoin Cash

Abstract: In September 2017, we wrote a piece on the SegWit capacity increase. Here, we provide an update on SegWit adoption with six more months of transaction data. We also compare the transaction throughput to that of Bitcoin Cash, an alternative capacity-increase mechanism.

SegWit vs. Bitcoin Cash

The SegWit upgrade to the Bitcoin protocol occurred in August 2017. After this, users had the option of upgrading their wallets and using SegWit, which provides the benefits of about 41% more scale (assuming no other users also upgrade).

Around the same time, Bitcoin Cash provided an alternative mechanism for increasing capacity, in which one also needs to upgrade to a new wallet and adopt a new transaction format to get the benefit of more transaction throughput, although a main difference between this and SegWit’s approach is that Bitcoin Cash resulted in a new coin.

The transaction volumes of Bitcoin Cash and the new SegWit Bitcoin transaction format have been reasonably similar. Since the launch of Bitcoin Cash, 6.1 million SegWit transactions have taken place, only 20.1% more than the cumulative number of Bitcoin Cash transactions. These figures are remarkably close — although supporters of the SegWit capacity-increase methodology could claim that Bitcoin Cash had a one-month head start and that the Bitcoin Cash chain has lower transaction fees so that a comparison is not appropriate. Adjusting for the one-month head start, SegWit has 31.5% more cumulative transaction volume than Bitcoin Cash, larger than 20.1% but still reasonably close. Of course, its possible that at some point either or both of these figures could be manipulated.

Although the data suggests that SegWit transaction have been adopted slightly faster than Bitcoin Cash, resulting in more transaction volume, Bitcoin Cash advocates could argue that the Bitcoin Cash token is more about a philosophy of larger capacity in the long term, rather than the speed of the actual increase in transaction volume in the short term. Therefore Bitcoin Cash supporters can still claim that Bitcoin Cash will eventually have more transaction volume than Bitcoin, once adoption of the coin increases.

Cumulative transaction volume since the launch of Bitcoin Cash. (Source: BitMEX Research, Bitcoin blockchain, Blockchair for Bitcoin Cash data)

As these charts indicate, there was a sharp spike in Bitcoin Cash transaction volume when it launched; in contrast the SegWit upgrade was more gradually adopted. This is likely to be related to the investment flows and excitement of the new Bitcoin Cash coin, which may have driven short term adoption, as some of the spikes in the chart illustrate. Three months after the launch of Bitcoin Cash, on 31 October 2017, SegWit transaction volume overtook Bitcoin Cash and has remained in the lead ever since.

Daily transaction volume. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

The chart below shows that the adoption of SegWit has continued to grow since August 2017, perhaps increasing in steps as large corporate entities switch to SegWit. Adoption currently hovers around 30% as a proportion of the number of transactions, although the adoption rate only measures around 22% as a proportion of block space, which is possibly a more important metric.

Percentage of transactions that use SegWit. (Source: BitMEX Research, Bitcoin blockchain, Blockchair)

SegWit has begun to meaningfully impact system-wide capacity, potentially reducing fees and benefitting even users who choose not to upgrade to the new transaction format. However, the transaction fee market is still immature and, in our view, transaction prices are likely to remain volatile going forward.

Conclusion

Adoption of both the new transaction format for SegWit and Bitcoin Cash has been reasonably slow. At the same time, as our earlier piece shows, adoption of new consensus rules can also be gradual. This illustrates why it may be important to construct network upgrades in the least disruptive way possible, perhaps an upgrade mechanism which is safe even if users and miners do not upgrade at all.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

Tether: New financial data released by Puerto Rico

Abstract: Following our earlier research piece on Tether a few weeks ago, further financial information has just been released by Puerto Rico. The new data supports our speculation that Noble Bank could be Tether’s primary reserve bank and that the region may be a major cryptocurrency centre.

Over the weekend, the Commissioner of Financial Institutions of Puerto Rico released aggregate financial-system data for the calendar year ended 2017. Bank deposits in the International Financial Entities (IFE) category, which includes Noble Bank, were $3.3 billion, up 248% in the quarter ended December 2017. Total assets in the category were $3.8 billion, up 161% in the quarter. This extraordinary growth coincides with a large increase in value of cryptocurrency assets, which has likely resulted in large cash inflows into cryptocurrency-related banks.

Over the same period, the value of Tether in issue has increased by 215% to $1.4 billion. This new data supports the thesis in our recent piece on Tether, in which we speculated that Noble Bank is Tether’s primary reserve bank.

We have updated the chart below from the version in our earlier piece, with an initial data point for the end of 2017. It illustrates the sharp growth in bank deposits in the IFE category in Puerto Rico, coinciding with the recent cryptocurrency boom.

Puerto Rico’s IFE aggregate deposits versus the Tether balance in millions of USD. (Source: IFE Accounts, BitMEX Research, Coinmarketcap)

Cash as a percentage of total assets (an indication of full-reserve banking) also increased in the quarter, from 72.2% to 85.8%. This also indicates cryptocurrency or Tether-related activity, as we explained in the previous piece.

Puerto Rico’s IFE aggregate cash balance as a percentage of total assets. (Source: IFE Accounts, BitMEX Research)

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.