The Lightning Network

Abstract: In this piece, we explain the motivation behind the creation of the Lightning Network and why its scaling characteristics are superior to what we have today, potentially resulting in a transformational improvement. We describe some of the basic technical building blocks that make Lightning possible. We then examine some of its limitations, including the downsides of inferior security compared to transacting on-chain and why this makes Lightning potentially unsuitable for larger-value payments.

(Source: flickr.com)

The motivation behind the Lightning Network

Blockchain-based payment systems typically work in a “broadcast to everyone” mode, in that when one makes a payment, one needs to broadcast the transaction to all participants in the network.

Nodes in such a system must:

  • store the transaction indefinitely,
  • verify the transaction, and
  • relay the transaction.

Miners, meanwhile, are required to engage in an energy-intensive competitive process to determine if the transaction makes it into the ledger, just in case a conflicting transaction occurs.

There isn’t even special treatment for the recipient of the payment. For example, if one buys a coffee using Bitcoin, the transaction is broadcast to the entire Bitcoin network without prioritising propagation of the transaction data to the coffee shop or the coffee shop’s payment processor. Many consider this process to be inefficient. If the objective is to build a payment system used by millions of people across the globe, this method does not seem logical.

The old “broadcast to everyone” announcement method at sporting events, during Arsenal’s 3-3 draw at home to Sheffield Wednesday in May 2000. Prior to the widespread adoption of mobile phones, stadium announcers broadcast messages for individuals over the public-address system to all those in attendance. Mobile phones have made this process faster and more efficient, as messages can be sent directly to the intended recipient.

The Lightning Network represents an improvement in efficiency and uses a more logical payment-network structure. Instead of broadcasting a transaction to everyone, the transaction can be sent more directly to the payment recipient. Only when parties to the transaction are dishonest does one need to resort to the cumbersome process, which distributed censorship-resistant systems require to maintain consensus. In this way, one can achieve performance and efficiency almost equivalent to that of direct communication between the parties over the Internet, while retaining some of the security characteristics of Bitcoin’s blockchain.

However, building such a payment system, in which all parties can always revert to the blockchain and reclaim their funds if there is a problem, is complex and has some significant risks and limitations.

Lightning’s basic technical building blocks

Unidirectional micropayment channel. (Source: BitMEX Research)

The diagram above depicts the traditional way to set up a basic unidirectional payment channel. Although setting up the channel involves broadcasting a transaction to everyone, once the channel is set up, multiple payments from Bob to Alice can occur by simply sending data from Bob to Alice, avoiding a broadcast to the entire network. The payment process can be repeated again and again until the funds in the channel, in this case 1 BTC, have been exhausted.

In theory, the above channel is secure for the following reasons:

  • If Bob tries to renege on his payment, all Alice needs to do is sign and broadcast to the network transaction P1, which Bob signed when he initially made the payment. As long as this gets confirmed before the one-week locktime in transaction B, Alice safely receives her 0.1 BTC regardless of what Bob does.
  • If Alice refuses to sign anything in order to frustrate Bob, all Bob needs to do is wait one week for transaction B to become valid, and he is then able to move the money from the channel to himself by broadcasting transaction B, which Alice has already signed.

This process is more secure if transaction A cannot be malleated by a third party (the TXID changing), otherwise Bob could have created transaction B only for it to become invalid as transaction A changes, thereby enabling Alice to hold the funds hostage indefinitely.

According to an e-mail that Satoshi sent to Bitcoin developer Mike Hearn, this basic structure was Satoshi’s idea:

One use of nLockTime is high frequency trades between a set of parties. They can keep updating a tx by unanimous agreement.  The party giving money would be the first to sign the next version.  If one party stops agreeing to changes, then the last state will be recorded at nLockTime.  If desired, a default transaction can be prepared after each version so n-1 parties can push an unresponsive party out.  Intermediate transactions do not need to be broadcast.  Only the final outcome gets recorded by the network.  Just before nLockTime, the parties and a few witness nodes broadcast the highest sequence tx they saw.

(Source: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-April/002417.html)

How the Lightning Network actually works

This micropayment construction can be considered the core building block for the Lightning Network, which is essentially a network of these payment-channel-like constructions. Payments find a path along channels which are already directly connected to each other until they reach the final recipient.

The channel construction used in Lightning builds on this basic structure with more advanced and complex technologies. The above construction is unidirectional, while in order to be useful, payments need to be made in both directions. For example, one can think of making payment channels bidirectional by constructing two channels between Alice and Bob, each in the opposite direction. More precisely, Lightning uses Poon-Dryja channel construction. This has lower liquidity requirements than simply setting up a network of unidirectional payment channels in opposite directions, which would require twice the amount of funds to be locked up inside the channel. However, Poon-Dryja channel construction has significant weaknesses compared to the other approach. Poon-Dryja channels require each party to sign a new transaction every time the channel is updated (a payment is made) while a unidirectional channel only requires the sender to sign when the channel is updated.

The old locktime feature can be replaced with more advanced functions:

  • Check locktime verify (BIP65) can prove that the output cannot be spent until a certain date rather than ensuring a particular spend of the output is invalid until a certain date, which is what locktime does.
  • Relative locktime (BIP68) can replace a specific end date with a date relative to the corresponding output. This can allow payment channels to remain open for indefinite periods, with a closure transaction triggering a time window during which the other party has a finite period of time (e.g., two weeks) to broadcast their reclaim transaction and recover the funds.
  • Hashed timelock contracts (HTLC) can require the receiver of a payment to provide a string that hashes to a certain value by a certain date or returns the funds to the payer. This same hash can be used to trigger other payments in the channel network, enabling payments to be made across a chain of channels.

The resulting Lightning Network and its advantages

The Lightning Network should then, in theory, allow all participants in the network to make near instant and cheap transactions in all directions by finding a path among the nodes. This therefore avoids broadcasts to the Bitcoin network, as long as there are no problems, and results in a scalable network. The architecture even allows microtransactions and improves the privacy of payments.

Channels can stay open indefinitely due to the relative-locktime feature and there should be no counterparty risk; if anyone tries to steal funds through a hostile channel closure, the other participants to the transaction will have a significant time window in which to issue their own redemption transaction and get their money back.

Network functionality and user experience

A big unknown is how people and businesses will actually use the network, and commentators have different visions. Some see the Lightning Network as eventually being ubiquitous for small payments, with complexities handled in an automated way. Others more sceptical of Lightning typically envision the various components of the network requiring more of a manual construction when the system is used and a poor user experience plagued by unexpected channel closures and periods of Lightning Network downtime.

Sceptical view of Lightning Ambitious view of Lightning
Channel setup In order to set up a Lightning channel, a user must manually create a new expensive on-chain transaction. Setting up a Lightning channel will be a seamless process built into existing wallets and systems. When receiving a payment or purchasing Bitcoin, the funds need to go somewhere. Funds could immediately go into a Lightning channel as they are received and therefore setting up the channel requires no additional steps or costs.
Channel closure Once the payment is complete, one needs to close the channel, with a manually created, expensive on-chain transaction. There may be no need to close the channel and users can keep their wallet funds in channels indefinitely or for long periods of time.
Network routing Routing is likely to be a significant problem, since finding a short path between parties is a difficult problem to solve algorithmically. If no route is found, the user and merchant will have to engage in the cumbersome process of selecting an on-chain transaction by manually changing the payment process.

1. The existing P2P network already requires a network topology and the relaying of messages, with nodes typically having eight connections. The Lightning Network topology is simply an extension of that.

2. Routing is not a significant problem, since even in massive networks the average number of steps in a path between users is small.

3. Even if there is a problem with routing, a payment could simply be made on-chain without the user even noticing the difference.

4. A small number of large channel operators can prevent routing problems.

Centralisation of payment channels The network will centralise around a few large hubs as this is the most efficient model. This centralisation increases the risk of systemic channel failure, which is when a few large channels fail, resulting in a simultaneous mass exodus from payment channels and on-chain congestion, ensuring that some are unable to exit the channels before expiry.

Economic incentives act against centralisation; anyone can set up a node as there are low barriers of entry. In addition, there is an incentive to undercut other nodes by charging lower fees.

Even if the network does centralise around a few large hubs, the Lightning Network still provides a useful and interesting system. Bitcoin already has a few large entities such as Coinbase that take custody of a large amount of funds.

Under Lightning, the entities do not have custody of funds and merely act to relay data used for payments.

Liquidity Payment channels will have insufficient liquidity and therefore the scope of payments will be limited. Payments of any reasonable size can almost instantly drain the liquidity of an entire channel, such that Lightning payments will need to be suspended. Users will be incentivised to run Lightning nodes and provide liquidity in order to receive fees. The network will be used for small payments, far smaller in value than the maximum channel capacity, ensuring sufficient liquidity.
Requirement to be online when receiving a payment With an on-chain transaction, all a sender needs is a payment address to make a payment; the recipient does not need to be online. In contrast to this, as explained above, a recipient in Lightning will need to sign a reclaim transaction before receiving a payment. This significant limitation means that recipients are required to keep their private keys exposed in a hot wallet. This makes Lightning impractical in many scenarios, such as making high-value payments, at ATMs, at in store PoS systems, or paying those with limited Internet connectivity. Although a recipient is required to be online to receive a payment, this does not result in significantly different dynamics to most on-chain payments, since if the recipient is not online, they don’t know about or cannot verify the payment anyway. It is also not necessary that the user or device directly receiving the payment needs to store the private keys. For example, an in-store PoS terminal or a crypto ATM machine could receive the signed redemption transaction over the Internet from the firm’s HQ prior to receiving payments, communication that is necessary when making payments anyway.
Potential requirement to monitor the channel Lightning Network participants may be required to monitor payment channels and then take action by a certain deadline in order to safeguard their funds. For example, a hostile reclaim transaction could trigger the start of a period in which the other party must also issue a reclaim transaction to protect their funds, before a certain deadline. This is a significant burden on users. Channels do not need to be monitored at all times, as this depends on the window provided by the relative locktime. Channel-monitoring services (watchtowers) could mitigate this risk by monitoring channels on behalf of users: these services could either warn users in the event of a hostile reclaim transaction or could issue reclaim transactions themselves, if they were pre-signed and supplied beforehand by the users.

In reality, the truth may lie somewhere between these two visions, with the network potentially moving to the more ambitious vision over time. What this disagreement appears to come down to is that Lightning sceptics see it as a complex, incomplete, and impractical payment system based on the channel-construction system alone. Proponents see Lightning more as a scalable building block for a second layer on top of Bitcoin’s blockchain, which will eventually be supplemented by wallets, payment protocol systems and channel-servicing companies, resulting in a simple and seamless user experience. Ultimately, wallets may be able to communicate with each other and then automatically, dynamically decide which payment methodology is best, on-chain or the most practical method via Lightning, without the user even knowing or caring.

The increased security risks of Lightning

  • Requirement to be online when receiving a payment: As explained above, before receiving a payment, the recipient needs to sign a reclaim transaction so that the sender knows they can reclaim their funds in the event of hostile channel closure or a refusal to sign. Therefore, to receive money requires a hot wallet, meaning that private keys are potentially exposed if a security incident occurs.
  • Requirement to monitor the channel: Lightning Network participants or watchtowers may be required to actively monitor the payment channels. This could place a burden on users or watchtowers and potentially reduces the security of funds inside a channel relative to Bitcoin stored on-chain. There is a risk of missing a reclaim-transaction deadline, either due to a failure to appropriately monitor the channel or perhaps because of on-chain network congestion.
  • Miners could censor channel-closing transactions: 51% of the hashrate may have the ability to steal funds from Lightning users by censoring a channel-closure transaction, in which the miner is the other party. Although the potential consequences of this type of attack are already devastating without Lightning, the Lightning Network potentially offers hostile miners a slightly larger attack surface.

While each of these three factors alone may not be significant, the need to potentially expose one’s private keys to the Internet when receiving payments, the risk of a hostile channel closure, and the risk of miners censoring channel-redemption transactions combined result in significantly inferior security — although all these risks can be managed to some extent.

There is a risk that lazy or poorly informed users keep too much money in a channel and funds are lost or stolen due to one of these failure scenarios. There is also the risk that price volatility results in users keeping more funds in payment channels than they would otherwise have intended.

Conclusion

The Lightning Network does appear to potentially offer significant and transformational improvements with respect to scalability. As a result, transaction speeds and transaction fee rates should dramatically improve, without impacting the underlying security of the core protocol. Crucially, however, the inferior security properties of Lightning payments may make the Lightning Network unsuitable for larger payments (or, at least, it may be irresponsible to use it for larger payments). Speculation and investment flows, which require these larger payments, currently appear to be the major driving force in the cryptocurrency space, with the volume of retail payments being relatively small in comparison. Because of that, Lightning may not be as big a game changer as some imagine, at least in the medium term. While enthusiasts appear likely to adopt this technology quickly, widespread adoption may take considerable time.

Mining incentives, part 3: Short term vs. long term

Abstract: In this third piece on crypto mining incentives, we look at the different time periods miners may choose to maximise profits: in the short term or long term. We draw analogies with related concepts in traditional mining, such as high-grading. In corporate finance circles, there are rumours of potential IPOs for crypto miners, which could mean management focus shifts to the short term, as these groups may unfortunately need to justify quarterly earnings to investment analysts. We then look at the implications of this on potential network issues, such as replace by fee (RBF), AsicBoost, and the blocksize limit.  Whether one likes it or not, we think full RBF is coming.

Bitmain crypto-mining farm in Inner Mongolia: photograph (above) and satellite image (below). Bitcoin mining is no longer for only for  hobbyists. (Source: Google Maps satellite image)

Overview

In September 2017, we wrote two pieces on mining incentives. Part 1 focused on the mining cost curve and compared it to the dynamics of the cost curve in traditional mining while part 2 looked at circumstances in the energy industry that could result in attractive opportunities for crypto miners, concluding that failed or otherwise uneconomic energy projects may be best suited for Bitcoin mining.  In November 2017, we wrote about miners chasing short-term profits in the Litecoin vs. Dogecoin hashrate wars of 2014 and how this was repeated again with Bitcoin Cash, as the hashrate oscillated between coins due to miners attempting to maximise short-term profits rather than make decisions based on ideological support for their favoured coins.

This piece looks at the possibility that miners will focus on short-term profit maximisation (perhaps even next-block profit maximisation) or on promoting the long-term viability of the system by enacting policies designed to improve the end-user experience, thereby potentially increasing long-term profits. The level of competition in the industry, as well as the level of profitability, can alter decisions to pursue short-term and long-term profit maximisation. Higher levels of competition and lower profit margins may result in a more short-term outlook. Each strategy could have implications for Bitcoin, replace-by-fee transactions, AsicBoost, or the blocksize-limit policy.

Mining is becoming less ideological and more commercial. At the same time, the intensity of competition may increase in the coming months and years. We predict full RBF will become prevalent in Bitcoin mining, as miners seek to maximise short-term profits.

Long term vs. short run

Most businesses want to maximise profits and Bitcoin mining is likely to be no exception.  In the past, perhaps, some miners were hobbyists or idealists, but this era appears to have ended — profits are now seen as a main driver as the industry grows and becomes more commercial. However, profit maximisation can be more complex than one may think. Strictly speaking, investors should select projects which maximise discounted returns, and evaluating the difference between profits today and profits tomorrow — the discount rate — is often a challenge.

Analogy with traditional mining: High-grading

In traditional mining, high-grading is the practice of harvesting a higher grade of ore in a way that wastes or destroys lower grade ore, reducing the overall return of the mine. This destructive process reduces the total value of the ore body by making some ore inaccessible or literally destroying it in favour of access to higher grade ore. Mining management teams may engage in this process due to short-term pressure — for example, to boost short-term profit margins to satisfy shareholders, to generate cash flow to satisfy debt holders, or to achieve their own performance-linked bonuses. Management teams might conceal this  conduct from the public or from investors.

High-grading often occurs during prolonged periods of price weakness of the relevant commodity, when profit margins are low, debt levels are high, and there is considerable pressure on management teams. Randgold CEO Mark Bristow has said:

The question is, are the companies going to re-cut their business long-term at a lower gold price, or are they going to re-cut their short-term business hoping they’ll be rescued in the long term by the gold price? That second one is called high-grading and it’s a disaster.

The diagram below depicts the plan for a high-grading open-pit mine. An initial plan for a larger mine (scenario A) captures more of the total ore but the alternative plan (scenario B) increases the grade of the ore mined, while permanently destroying or removing access to some high-grade ore, which is potentially detrimental to the long-term interest of mine owners.

(Source: Exploration Alliance)

Revising a mining plan due to changes in discount rates, costs, or commodity prices can of course be entirely legitimate in some circumstances, but high-grading has negative connotations and is normally associated with reducing the value of assets in an inappropriate manner.

Although there is no direct link between high-grading and crypto mining, the concept demonstrates that when mining teams are under pressure, they can make short-term decisions that destroy long-term shareholder value. This is particularly relevant in the listed space, where shareholders may have less control, less information, or more of a short-term focus.

Mining profitability

Whether miners make these destructive short-term-focused decisions or not often depends on the level of profitability, which can be determined by the price of the underlying commodity. If the price of the commodity or crypto asset falls, a miner who is no longer profitable may be faced with three options:

  • Operate at a loss — This could make a contribution to fixed costs.
  • Suspend operations — In traditional mining, this could reduce the supply of the commodity and thus increase its price. In crypto mining, on the other hand, this could lower the difficulty, increasing profit margins for the remaining miners.
  • Modify mining policies — In traditional mining, this could be a modification to the mining plan such as, for example, a switch to high-grading. In the case of crypto, it could be engaging in full RBF, overt AsicBoost, or, in the event of an unlimited blocksize limit, clearing the memory pool to scoop up all the fees, despite the negative impact this could have on pricing in the transaction fee market, destroying industry prospects.

In general, lower profitability can increase the pressure on management teams and lead them to make more short-term decisions — for example, to pay down debt if they are under pressure from banks or to return to profitability if they are under pressure from shareholders. Higher-margin companies may have more freedom to focus on the long term and may be able to invest for the future.

Industry concentration

In addition to profitability, another factor to consider in crypto mining is the level of concentration in the industry.

Mining pool concentration over the last six months. (Source: BitMEX Research, Blockchain.info)

The above chart illustrates the level of concentration among mining pools, but one could also analyse the level of concentration in the industry by looking at chip production or the control of mining farms. With respect to chip production, we estimate that Bitmain may have a 75% market share in Bitcoin.

The policies of a miner with a large market share may have a significant impact on Bitcoin, which could impact the value of the entire system. In contrast, the policies of each small miner with a low market share may not have much impact on the system as a whole. Among the small miners, this threatens to become a tragedy of the commons if policies that are best for the system as a whole are not those that are most beneficial for each small individual miner. For instance, a small miner with a 1% market share can opt to engage in action that increases profits but damage the prospects of the whole system if all miners were to engage in the same action. Why would the small miner choose not to conduct the activity, since that miner’s 1% market share will not make much difference on its own.

In addition, the level of competitive intensity may also matter. If miners are ruthlessly competing for market share, they may be more focused on doing whatever it takes to improve profit margins to win business.

Replace by fee

Replace by fee (RBF) is a system that enables the replacement of a transaction in a miner’s memory pool with a different transaction that spends some or all of the same inputs, due to higher transaction fees. A variant of this feature was first added by Satoshi, who later removed it. Bitcoin Core then added in an opt-in version of the technology, where users must specify that the transaction can be replaced when making the transaction.

RBF has always been controversial, both the full version and the opt-in version, with detractors claiming that it reduces the usability of Bitcoin by undermining zero-confirmation transactions. Supporters of RBF claim, among other things, that miners will eventually adopt full RBF anyway, as it boosts short-term profits by selecting transactions with larger fees, even though it may harm long-term profitability by reducing the utility of the system, which could lower the Bitcoin price. Again, it’s sometimes seen as a “tragedy of the commons” problem. Opponents of RBF may counter this by saying miners have more of a long-term focus, and therefore RBF advocates are solving a theoretical game-theory problem that may not apply.

Certain industry characteristics encourage short-term profit-driven motives and therefore full RBF:

Short-term profit: Full RBF more likely Long-term profit:  Full RBF less likely
A period of falling Bitcoin prices A period of rising Bitcoin prices
Lower profit margins Higher profit margins
Lower levels of industry concentration Higher levels of industry concentration
More intense competition and rivalry among miners A less intense competitive environment and collaboration among miners
Publicly owned mining companies Privately owned mining companies
Profit-driven miners Ideologically driven miners

Unlimited blocksize limit

As anyone following Bitcoin knows, the blocksize debate is a complex issue. One angle is the interrelationship between the fee market and mining incentivisation. Supporters of larger blocks sometimes argue that a fee market would still work with an unlimited blocksize, while “smaller-blockers” often dispute this point.

An element of this argument is related to whether miners focus on the long term or the short term, just like for RBF. Supporters of an economically relevant blocksize limit claim that without a limit, miners may focus on maximising short-term profits and scoop up all the fees, resulting in low fees and insufficient mining incentives. “Larger-blockers” retort that miners will have more of a long-term focus and would not take such action, as it would damage the long-term viability of the system, and therefore their businesses.

History of the “death spiral” argument

In some ways, this short-term versus long-term incentive discussion, or the “death spiral” argument, goes right to the genesis of the blocksize debate, back in in April 2011, which is when Mike Hearn wrote this at Bitcointalk:

The death spiral argument assumes that I would include all transactions no matter how low their fee/priority, because it costs me nothing to do so and why would I not take the free money? Yet real life is full of companies that could do this but don’t, because they understand it would undermine their own business.

One day earlier, Hearn had written that “the death spiral failure mode seems plausible” but he apparently changed his mind after thinking about the issue further.

Some larger-blockers have somewhat shifted views in recent years to a pro-mining philosophy of chasing short-term profits, perhaps because a large miner, Bitmain, ironically has been one of the most prominent advocates of larger blocks. Most larger-blockers appear have shifted the narrative to other valid points, although, as explained above, this “short term versus long term” line of thought can be considered the genesis of the blocksize debate and part of the reason for the initial division in the community.

There is no right or wrong answer to these questions. Whether miners have a short-term focus or long-term focus depends on many factors, including profitability and market share. The industry may go through cycles of shifts between long-term and short-term focus depending on conditions in the industry. This phenomenon is visible in traditional mining, driven by commodity price cycles that impact industry conditions.

Changing times: Short-term profit focus will be king

The Bitcoin community is rapidly transforming from a cohesive group of people with a shared vision working together to build a revolutionary technology to a larger community of competing profit-driven factions, and the change is almost complete. It may have seemed unrealistic a few years ago to assume that miners would be primarily driven by short-term profit maximisation, but this has increasingly become accepted as the norm, certainly after the hashrate swings caused by Bitcoin Cash’s EDA.

Mining is a business: TSMC has reported that one crypto-mining business may be spending US$1.5 billion per annum on chips, and growing. In some corporate-finance circles, rumours are circulating that large mining pools or chip producers could shortly conduct an IPO, something almost unimaginable a few years ago. This could put management of the mining pool in the unfortunate position of needing to justify operating profit margins to investment analysts and shareholders each quarter.  At the same time, many expect the mining industry to become more competitive this year, with new companies launching competitive products.

In this new world, RBF behaviour and the fee market “death spiral” failure mode seem more and more inevitable. Perhaps early fee market and RBF advocates were too obsessed with unrealistic and complex game theory, and maybe were too early, when a better tactical decision could have been to focus on the user experience before adopting RBF and full blocks. Bitcoin has changed, and short-term profit maximisation is the new mantra.

We predict that many miners will engage in full RBF and even overt AsicBoost (which can also boost profits) in the coming years as they do all they can to maximise short-term profits. Whether one likes it or not, it’s coming….

A complete history of Bitcoin’s consensus forks

Abstract: In this piece, we list 19 Bitcoin consensus rule changes (or 18 as an accidental one “failed”), which represents what we believe to be almost every significant such event in Bitcoin’s history. At least three of these incidents resulted in an identifiable chainsplit, lasting approximately 51, 24, and six blocks, in 2010, 2013 and 2015, respectively.

(Source: gryb25)

Terminology

Term Definition
 Chainsplit A split in the blockchain, resulting in two separate chains, with a common ancestor. This can be caused by either a hardfork, a softfork, or neither.
 Consensus rule changes
 Hardfork

A loosening of the consensus rules on block validity, such that some blocks previously considered as invalid are now considered valid.

Existing nodes are required to upgrade to follow the new hardforked chain.

 Softfork

A tightening of the consensus rules on block validity, such that some blocks previously considered as valid are now considered invalid.

Existing nodes do not necessarily need to upgrade to follow the new softforked chain.

Note: These terms are believed to have originated in April 2012 and formalized in BIP99 and BIP123.

List of Bitcoin consensus forks

Date Activation Block Number BIP Number or Software Version Description Type Outcome
28 July 2010 n/a1 0.3.5 OP_RETURN disabled, fixing a critical bug which enabled anyone to spend any Bitcoin. Softfork No evidence of any issues during this upgrade.
31 July 2010 n/a1 0.3.6 OP_VER and OP_VERIF disabled.3 Softfork Some users had trouble upgrading and it was recommended that nodes should be shut down if they could not be upgraded.2
The addition of the OP_NOP functions, although perhaps there was no usage of OP_NOP prior to this point. Hardfork
1 Aug 2010  n/a1 0.3.7 Separation of the evaluation of the scriptSig and scriptPubKey.  Fixing a critical bug which enabled anyone to spend any Bitcoin Potentially a non-deterministic hardfork No evidence of any issues during this upgrade
15 Aug 2010 74,638 0.3.10 Output-value-overflow bug fix following a 184.5-billion Bitcoin spend incident. The 0.5 BTC that was the input to the transaction remains unspent to this day. Softfork A chainsplit occurred.  Around five hours after the incident, a fix was released, client 0.3.10. It is believed that 51 blocks were generated on the “bad chain” before the “good” chain retook the PoW lead.
Disabling OP_CAT, which removed a DoS vector, along with the disabling of 14 other functions. Softfork
7 Sept 2010 n/a1 0.3.12 Adding the 20,000-signature operation limit in an incorrect way. This incorrect limit still exists. Softfork No evidence of any issues during this upgrade.
12 Sept 2010 79,400 n/a

Adding the 1MB blocksize limit.

The “MAX_BLOCK_SIZE = 1000000” commit occurred on 15 July 2010, which was released in the 0.3.1 rc1 version of the software on 19 July 2010. The commit enforcing the 1MB rule occurred on 7 September 2010, activating at block 79,400. On 20 September 2010, Satoshi removed this activation logic, but kept the 1MB limit.

Softfork No evidence of any issues during this upgrade.
15 March 2012 171,193 BIP30 Disallow transactions with the same TXID, unless the older one was fully spent. In September 2012, the rule was applied to all blocks, apart from 91,842 and 91,880, which violate the rule. Softfork This was a flag-day softfork. There is no evidence of any issues.
1 April 2012 173,805 BIP16 Pay-to-script hash (P2SH) allows transactions to be sent to a script hash (address starting with 3) instead of a public-key hash (addresses starting with 1). Softfork 55% activation threshold, over blocks in the seven days prior to 1 February 2012. Miners did not upgrade fast enough, so the evaluation point was delayed until 15 March.  Users running 0.6.0 rc1 who did not upgrade for the delay activated the softfork early and got stuck on block 170,060 when an invalid transaction, according to their nodes, was mined.    After activation, problems were caused as the remaining 45% of miners produced invalid blocks for several months after the softfork
24 Mar 2013  227,835 BIP34 Requires the coinbase transaction to include the block height. Softfork 95% activation threshold. A successful rollout occurred.
11 Mar 2013 225,430 0.8.0 This was an unplanned hardfork caused by the migration from Berkeley DB to LevelDB, which accidentally removed an unknown 10,000-BDB database lock limit. This caused a chainsplit on 11 March 2013, although the software which caused the error was released 20 days earlier on 20 February 2013. The change was reverted as the Bitcoin economy and miners switched back to 0.7.2 rules. No change in the consensus rules A chainsplit of at least 24 blocks occurred, with the 0.8.0 chain having a maximum lead of 13 blocks. A successful double spend also occurred. The original rules chain eventually re-took the PoW lead.
18 Mar 2013 n/a1 0.8.1 This was a temporary softfork, introducing a new rule requiring that no more than 4,500 TXIDs are referenced by inputs in a block. This rule is stricter  than the 10,000-BDB lock limit. The rule expired on 15 May 2013, a flag-day hardfork. Softfork There is no evidence of any issues.
15 May 2013 or 16 Aug 2013  252,451 or earlier BIP50 In August 2013, a block may have been produced that violated the original 10,000-BDB lock limit rule, which was relaxed on 15 May 2013. Hardfork There is no evidence of any issues.
4 July 2015  363,731 BIP66 Strict DER signature upgrade means Bitcoin is no longer dependent on OpenSSL’s signature parsing. Softfork 95% threshold over a 1,000-block period. A chainsplit occurred, lasting six blocks, as some miners signaled support for BIP66 but had not upgraded and were SPY mining. The new softfork rules chain eventually took the lead.
14 Dec 2015  388,380 BIP65 Check Lock Time Verify enables funds to be locked until a specific time in the future. This is Bitcoin’s first new function. Softfork Successful rollout using a 95% threshold.
4 July 2016  419,328 BIP68
BIP112
BIP113

Relative lock-time enables a transaction output to be banned for a relative amount of time after the transaction.

CheckSequenceVerify.

Median time-past removes the incentive for a miner to use a future block timestamp to grab more transaction fees.

Softfork Successful rollout using 95% versionbits signaling.
23 July 2017   477,800 BIP91 This temporary softfork makes signaling for the SegWit upgrade mandatory. Softfork Softfork successfully activated with an 80% miner threshold over a 336-block period, although only a tiny minority of users enforced BIP91 rules, which have since expired.  Therefore, the risk of a chainsplit was elevated in this period.
01 Aug 2017  478,479 BIP148 This temporary softfork makes signaling for the SegWit upgrade mandatory for a two week period following 1 August 2017. Softfork Flag-day softfork appeared to succeed with no issues, although only a minority of users enforced BIP148 rules, which have since expired. Therefore, the risk of a chainsplit was elevated in this period.
24 Aug 2017  481,824 BIP141
BIP143
BIP147
The segregated-witness (SegWit) upgrade. Softfork Rollout using 95% versionbits signaling.
The year 2262  13,440,000 BIP42 Fixed a 21 million coin supply cap bug.  The software was upgraded in April 2014 to fix this bug, but the new rule does not apply until the 23rd century. Softfork The softfork is not applicable yet.

(Sources: BitMEX Research, GitHub, Bitcoin blockchain)

Notes

  1. With the exception of the 1MB blocksize limit, prior to the 2012 BIP16 softfork, there was no activation methodology, so if the fork occurred smoothly without a chainsplit, there is not necessarily a specific block height or date on which the consensus fork occurred.
  2. “If you can’t upgrade to 0.3.6 right away, it’s best to shut down your Bitcoin node until you do.” — Satoshi Nakamoto
  3. Prior to the removal of OP_VER, each software upgrade could potentially be considered a non-deterministic hardfork and these have been excluded from this list. If the definition of hardforks does include this, then it’s a somewhat pedantic definition.
  4. There are no consistent definitions used in the above table because, for example, a different definition of the date on which the fork occurred may be more relevant in each incident, depending on the circumstances.
  5. Others have mentioned that changes to the P2P protocol can also be considered hardforks if they make previous software releases unusable, since they can no longer connect to the network. Strictly speaking, however, these do not relax the rules on block validity and one could sync old nodes by setting up a relay of intermediary versions of the software. These changes are excluded from the above list.
  6. Some consider BIP90 a hardfork, but since it only relaxed rules related to softfork activations that happened in the past, it does not share many of the characteristics or risks normally associated with consensus forks. Using the same logic, the block checkpoint scheme can also be considered as softforks.
  7. In July 2010, the chain selection rule was altered to shift to most accumulated work from the number of blocks. Technically, this is not a change to block validity rules; however, this change does share some of the risks associated with consensus rule changes.

Was the 2013 incident a hardfork?

In our view, on balance, the increase in the BDB lock limit a few months after the 11 March 2013 chainsplit was a hardfork. The rule in question was a 10,000-BDB lock limit, which was increased. The rule was relaxed on 15 May 2013 in software version 0.8.1, which was released on 18 March 2013. A block exceeding this limit may finally have been produced on 16 August 2013 so one can define the date of the hardfork to be either 15 May 2013 or 16 August 2013.

Some have argued that this may not have been a hardfork for a variety of reasons, including that this rule was “quasi-non-deterministic” or that one could manually change the BDB config settings. Indeed, due to the non-deterministic nature of the lock limit, perhaps it is theoretically possible one could have a local system set up such that the old BDB lock limit has never been breached. Therefore, one could declare that there has “never been a hardfork” in Bitcoin, following a strict definition that requires a hardfork to be deterministic or perhaps even directly related to Bitcoin data such as transactions or the block header.

When discussing this incident, Bitcoin developer Gregory Maxwell said:

Sort of a mixed bag there, you can actually take a pre BIP-50 node and fully sync the blockchain, I last did this with 0.3.24 a few months ago. It just will not reliably handle reorgs involving large blocks unless you change the BDB config too. So it’s debatable if this is a hard fork either, since it’s quasi-non-deterministic. There were prior bugs fixed where older versions would get stuck and stop syncing the chain before that too… So I think by a really strong definition of creating a blockchain which violates the rules mandated by prior versions we have never had a hardfork.

Chainsplit incident of July 2015

In the list of consensus rules changes above, there are three incidents that caused identifiable chainsplits. The most recent of these occurred on 4 July 2015, during the BIP66 softfork upgrade.

Immediately after the activation of BIP66, there was a six-block orphan chain created because a miner produced an invalid block that was not recognised as invalid by some other mining pools, because they were not validating new blocks.

In this case, some miners signalled support for the BIP66 softfork but hadn’t actually upgraded their nodes to validate; one could say miners were “false flagging”. If the miners had been validating blocks, they would have discovered the block was invalid and rejected it. Instead, some miners built on top of the invalid block and a chainsplit occurred.

A diagram illustrating these six blocks and the chainfork is displayed below.

Graphical illustration of the July 2015 chainsplit. (Source: Blockchain.info http://archive.is/WqGRp and http://archive.is/LHlF7)

Note: After the publication of this piece, an alternative list of consensus versions was published on the Bitcoin Wiki.

Disclaimer

Whilst many claims made in this piece are cited, we do not guarantee accuracy.  We may have made errors or accidentally omitted consensus rule changes from the list.  We welcome corrections.

Bitcoin Gold: Investment flow data

Abstract: A few weeks ago, we published a piece on Bitcoin Cash and how one can analyse transaction data on the two blockchains involved in the split to draw conclusions about the potential investment flows between the two chains. Here is a similar analysis of Bitcoin Gold.

Bitcoin Gold overview

Bitcoin Gold (the BTG token) is a Bitcoin chainsplit token, similar to Bitcoin Cash. Anyone who held Bitcoin on block 491,406 (which occurred 24 October 2017) was allocated an identical amount of Bitcoin Gold. Some exchanges allowed customers to trade their Bitcoin Gold from this date based on customer balances at the time of the fork. However, the Bitcoin Gold blockchain itself did not appear to become usable until 14 November 2017, 21 days after the snapshot point.

Bitcoin Gold appears to aim to improve mining centralisation by switching the hashing algorithm from SHA256 to Equihash, which is currently more GPU-friendly than the ASIC-dominated SHA256.

Allocation of BTG to coin founders

Although the Bitcoin Gold project team does not always appear to want to make this fact well known, 100,000 coins were created then allocated to the team members. This consists of the block reward for 8,000 blocks, which with a block reward of 12.5 BTG amounts to 100,000 coins.

Based on the current spot price of BTG of US$450 per coin, this balance is worth approximately US$45 million. In the eyes of many, this seemingly unnecessary allocation is likely to damage the integrity of Bitcoin Gold. Bitcoin Cash, for example, did not have such an allocation. One could argue that Bitcoin Cash’s initial difficulty-adjustment mechanism also allowed an unusually large number of coins to be created in the initial period following the fork, although this seems somewhat fairer than what Bitcoin Gold did, as anyone could have mined the Bitcoin Cash tokens and they were not directly allocated.

Total coins spent

As of 20 December 2017, 2.61 million BTG have been spent at least once. In comparison, 4.7 million BTC have been spent since the snapshot point and 2.4 million BTC have been spent since Bitcoin Gold transactions became possible. Similarly, 4.1 million Bitcoin Cash was spent over an equivalent number of days following that token’s fork point.

The 2.61 million BTG that has been spent represents about 15.8% of all BTG. This is likely related to the level of divestment from Bitcoin Gold, mainly because this 2.61 million BTG is higher than a comparable first-time spend in Bitcoin over the same period.

Millions of coins of Bitcoin Gold (BTG) and Bitcoin (BTC) spent at least once since the chain split compared to the BTG price. (Source: BitMEX research, Bitcoin blockchain, Bitcoin Gold blockchain, Bitfinex price data)

Daily Bitcoin Gold spend for the first time

The average daily spend for the first time on Bitcoin Gold is falling slightly, compared to the initial period after the launch. In the last 10 days, the average daily spend for the first time was 44,000, compared to around 110,000 in the first 10 days.

Bitcoin Gold spent for the first time since the split (in daily millions) compared to the BTG price (Source: BitMEX research, Bitcoin Gold blockchain, Bitfinex price data)

Security incident

The official Bitcoin Gold GitHub repository may have been hacked for 4.5 days from 21 November to 25 November 2017, when the official website pointed to a malicious wallet. According to an announcement from the Bitcoin Gold team, the hacked wallet allowed the malicious entity to access funds sent to new Bitcoin Gold addresses provided by the wallet. Bitcoin was not affected as existing private keys were not compromised. It is not clear exactly what happened, but the Bitcoin Gold team claims that at least 80 BTG were stolen. Given the severity of this incident, the impact could have been far worse.

This incident illustrates why it’s important to handle these new fork tokens with caution. In particular, we would strongly advise you not to import your Bitcoin private key into these new fork token wallets without first spending the Bitcoin to a new output associated with a different private key after the token snapshot point, so that your Bitcoin is not at risk.

Public companies with exposure to the crypto space

Abstract:  The prices of crypto-related assets like Bitcoin have skyrocketed in recent months and many speculative investors understandably appear to want upside exposure to the space. However, the risk of a downwards correction is high, in our view. In this piece, we look at a potentially lower-risk method of obtaining upside by presenting a selection of listed equities which have some exposure and businesses in other areas.

Overview

The price of Bitcoin is up over 1,600% YTD, while many alternative coins such as Ethereum and Litecoin have appreciated in value to an even greater extent, leading, in our view, to significant downside price risk. For example, potentially another four-year cycle of weak prices could be driven by the Bitcoin halving schedule. Existing investors in the space may wish to take some profits but still retain some upside exposure, and new investors in the space may wish to obtain some upside exposure while mitigating some of the downside risks.

Here is a list of public companies with some business segments driven by crypto-related areas, which may benefit from further crypto price appreciation but which have other businesses that could mitigate the downside risks. Before investing in any of these, you should obviously do more research on your own: the information below is intended only as an introduction to the companies.

Stock Website Comment
 

 

http://www.tsmc.com Potentially a solid investment opportunity, with a strong high-margin business and good crypto upside linked to the core business.
http://www.alchip.com More work may be required to determine the significance of the crypto-related business.
 

 

https://www.gmofh.com Could be an interesting investment, although the crypto exchange is new and currently small in scale.
 

 

http://www.globalunichip.com Strong ASIC design business, however the stock is expensive.
 

 

https://www.gmo.jp Possible lack of focus on one crypto area.
 

 

https://www.overstock.com Possible lack of focus on one crypto area.
 

 

https://squareup.com Not clear if this business model has strong earnings power.
 

 

https://www.ig.com Crypto trading may just cannibalize the existing clients.
 

 

https://www.plus500.com Crytpo trading may just cannibalize the existing clients.
http://www.garage.co.jp The link to crypto is weak.
 

 

http://premiumwater-hd.co.jp The link to crypto is weak and it’s not clear how shareholders may benefit from an ICO.
 

 

http://www.cmegroup.com Crypto business may not be significant.
 

 

http://www.cboe.com Crypto business may not be significant.
 

 

http://www.sbigroup.co.jp A link to the “fake Satoshi”  may be worrisome.

A slightly more detailed look into the companies

TSMC

Investment conclusion:

  • Investing in TSMC is likely to be a good way of obtaining some moderate upside exposure to crypto while significantly mitigating or eliminating the downside risk.

Overview:

  • This Taiwanese company is the world’s largest semiconductor foundry. TSMC is a pure play, focusing entirely on integrated-circuit fabrication.
  • According to the most recent quarterly earnings call, the crypto-mining-related business is $375 million per quarter, which represents 5.1% of group sales. However, with crypto prices continuing to appreciate, it is likely that this business segment is growing very fast.

Investment case:

  • TSMC has extremely high profit margins, with an EBITDA margin of about 66% expected in 2017. In our view, the company is likely to be able to achieve similar margins in the crypto business.
  • With current crypto prices, miners and ASIC designers are likely trying to make very large orders with TSMC, which could mean significant sales growth next year. If the crypto prices increase significantly, orders in 2018 could be very strong. If one is  convinced 2018 is going to be a big year for crypto, TSMC could be a relatively less risky way of obtaining such exposure.
  • Crypto mining is a challenging and competitive business, and much of the profit could end up at the company supplying the key equipment. TSMC is well positioned to benefit regardless which mining company becomes dominant. As Mark Twain once said, “When everyone is looking for gold, it’s a good time to be in the pick and shovel business.”
  • TSMC also pays a healthy dividend, yielding c3.1%. The company has never cut its dividend and this should support the share price if the market weakens.
  • TSMC is very focused on the core business as a semiconductor foundry and will not be distracted by investing in other blockchain related areas like ICOs or Ripple. In our view, companies with focus tend to perform better over the long term.

Investment risks:

  • TSMC are believed to currently have only one crypto-mining client, Bitmain, so there is significant customer concentration risk.
  • The company has high exposure to Apple (APPL US) and the iPhone.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Alchip

Investment conclusion:

  • Alchip may merit further investigation to establish the significance of the crypto business.

Overview:

  • Alchip is a Taiwanese ASIC design and manufacturing company, of smaller scale than GUC (mentioned below).
  • We do not know how significant crypto mining is for this company. A page in a recent company presentation explained some of the Bitcoin-mining-related products and in 2015, the company completed the first mining 16-nm tap out for the now defunct KNC miner.

Investment case:

  • This company is less well known and therefore the upside from strong crypto growth in 2018 could be significant.

Investment risks:

  • The scale of the company’s Bitcoin business is not known.
  • The earnings track record is unreliable, with the company making loses in 2016.
  • The order outlook is said to have poor visibility relative to some other companies.
  • The stock is up 171% YTD, indicating the crypto exposure may already be reflected in the valuation.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

GMO Financial Holdings

Investment conclusion:

  • GMO Coin may become a successful crypto exchange in Japan due to the company’s existing infrastructure and expertise. Therefore, GMO Financial could represent an interesting investment opportunity.

Overview:

  • GMO Financial are a listed subsidiary of GMO Internet, with GMO Internet owing 80.8% of GMO Financial. Therefore, the shares are not very liquid.
  • This business includes a retail FX platform as well as the new GMO Coin exchange, which is 58% owned by GMO Financial.
  • The crypto-mining business and ICO will not occur within this subsidiary, but will occur at group level inside GMO Internet.

Investment case:

  • GMO Financial offers more direct exposure to the crypto-exchange business than the parent. The exchange business is reasonably new and therefore has considerable growth potential.
  • The FX trading-platform business is the largest retail platform in Japan, therefore GMO Financial may already have the infrastructure and expertise to build a successful crypto exchange.
  • The exchange plans to offer a leveraged product shortly.

Investment risks:

  • We have not been able to identify any trading-volume data at GMO Coin, therefore the market share is likely to be low. However, a recent company presentation indicates that growth is strong.
  • The company does publish monthly volume data for the non GMO Coin exchange businesses.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Global Unichip

Investment conclusion:

  • Valuation ratios appear reasonably expensive and the stock price may already reflect the benefits of crypto.

Overview:

  • Global Unichip (GUC) is a Taiwanese fabless ASIC design company. TSMC holds about 34% of the shares in GUC, and the chairman of GUC also has a role at TSMC China.  However, TSMC’s technology library is open to other competing fabless companies.
  • Crypto-mining-related sales are believed to account for around 20% of GUC sales in 2017, and this is likely to grow significantly in 2018, in our view.

Investment case:

  • At 20%, the crypto business is a significant part of sales. The mining business could become more competitive in 2018, making ASIC design key. If crypto prices increase in 2018, GUC is likely to perform well.

Investment risks:

  • The stock price is already following crypto markets to some extent, with the shares up over 300% in USD this year. There is significant downside risk if crypto markets collapse but this is still less risky than actually holding crypto tokens.
  • The stock is expensive on a forward EV/EBITDA of 34.7x.
  • GUC is also reliant on machine-learning/AI areas for growth in addition to crypto.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

GMO Internet

Investment conclusion:

  • GMO Internet appears to lack focus in their crypto endeavors, therefore GMO Financial may represent be a better investment opportunity.

Overview:

  • GMO Internet is a group of Japanese companies based in internet infrastructure and digital payments. The main business lines of the company are online credit-card transaction processing, domain-name services, and SSL certificates.
  • In October 2017, the company announced the launch of a Bitcoin-mining business and a potential ICO.
  • The company also has a subsidiary called GMO Coin, a crypto exchange.

Investment case:

  • GMO offers broad exposure to different areas in crypto, ICOs, mining, and the operation of exchanges.
  • The core business of SSL certificates is enjoying strong growth, with sales up about 90% in 2017.

Investment risks:

  • The company is entering competitive fields and GMO appear to lack focus by trying many different areas at the same time. They may not succeed in all ambitions.
  • GMO plans to launch a 7-nm mining chip next year, which may be ambitious, especially as Bitmain is likely to be a strong competitor and it’s not clear who GMO’s mining-chip manufacturing partners are.
  • The effective ownership of the exchange business (GMO Coin) is low, at only 46%.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Overstock

Investment conclusion:

  • The company may lack focus in the crypto space and the stock may already be rallying as a result of the crypto exposure.

Overview:

  • Overstock is an American e-commerce company focused on furniture and bedding.
  • For several years, company CEO and founder Patrick Bryan has enthusiastically supported Bitcoin. This may stem from his anti-Wall Street stance, which itself grew after several prominent investment banks and hedge funds were accused of targeting Overstock with a naked short selling campaign in 2005. Bryan was eventually mostly vindicated after winning a payout in a settlement of the issue.
  • Overstock first accepted Bitcoin payments in 2014 and became involved in several projects, including the Counterparty platform in 2014 and then the tZERO platform, which first launched Overstock stock as an instrument in 2016 and is currently building a distributed ledger system.

Investment case:

  • Overstock offers broad exposure to the space.

Investment risks

  • Like many of the companies mentioned in this list, Overstock seems to lack focus and is experimenting with various crypto related ideas.
  • The shares are up 214% YTD, partly as a result of the crypto theme.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Square

Investment conclusion:

  • The crypto story may already be well understood by the investment community and there may be considerable downside risk due to the valuation rating.

Overview:

  • Square is a digital-payment-solutions company based in the US.
  • Square recently announced the launch of a new product that allows users to buy and sell Bitcoin on a mobile application.

Investment case:

  • The new Bitcoin application has received positive feedback since the launch for its ease of use.

Investment risks:

  • The stock is very expensive based on traditional valuation metrics.
  • The Bitcoin application does not offer users the ability to send payments on the Bitcoin network by itself.
  • It is not clear if the business model of buy/sell Bitcoin inside a mobile application is profitable.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

IG Group

Investment conclusion:

  • A strong crypto business may cannibalise earnings from other areas, so the crypto-related upside may be limited.

Overview:

  • IG Group is a UK-based CFD and spread-betting-platform company.
  • Due to their high volatility, crypto-related trading products are offered and are likely to be contributing to earnings as the volatility of other products is lower.

Investment case:

  • IG is one of the largest and strongest CFD companies in the retail space.

Investment risks:

  • One of the big challenges for the company is the regulatory environment in the UK and Europe. The retail leveraged trading industry is under close scrutiny by regulators.
  • While the crypto business may perform well, it’s not clear that this will result in new clients or whether IG’s existing clients will merely enjoy trading and switch to whichever product offers volatility.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

PLUS 500

Investment conclusion:

  • Similar to IG, Plus 500’s stronger crypto sales may cannibalize earnings from other areas.

Overview:

  • Plus 500 is a UK-based online retail trading platform.

Investment case

  • Plus 500’s technology platform lets it roll out new instruments faster than many of its peers, so it may be able to capitalise on new trends faster in the volatile crypto space.
  • Plus 500 trades at a discount to IG, due to IG’s stronger reputation and longer track record. However, customer retention at Plus 500 is improving and there is increased focus on loyal, higher-value customers rather than on speculative clients who may lose all their money and leave.

Investment risks:

  • Regulation and possible stricter rules related to CFDs are a major risk, just like for IG.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Digital Garage

Investment conclusion:

  • One could consider a pair trade, long Digital Garage and short Kakaku.com, although the link to a real crypto business seems insignificant and unlikely.

Overview:

  • Digital Garage is a Japanese technology investment fund, with the primary asset being a price-comparison website called Kakaku.com (2371 JP).
  • Digital Garage also has an investment in the blockchain-infrastructure company Blockstream.
  • In theory, one could go long Digital Garage and short Kakaku.com to increase exposure to Blockstream.

Investment case:

  • Blockstream has rolled out a satellite product, broadcasting Bitcoin blocks all over the world.

Investment risks:

  • Blockstream’s business model appears unclear. The company seems focused on technology and infrastructure rather than on commercialisation and therefore may not be able to generate earnings.
  • The link to Blockstream is very limited.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Premium Water Holdings

Investment conclusion:

  • The link to the crypto space may be too weak.

Overview:

  • Premium Water is a high-growth mineral-water delivery company in Japan, delivering water to the home and office markets.
  • According to page 10 of the COMSA whitepaper, the company will conduct an ICO, perhaps to raise funds to invest in business expansion. COMSA is a Japanese centralized ICO solutions company that recently conducted a token sale themselves.

Investment case:

  • It is possible that the company could raise a significant amount of funds in an ICO and there is a chance that existing shareholders may benefit from this.

Investment risks:

  • It is not clear how existing shareholders will directly benefit from the ICO, if at all.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

CME Group

Investment conclusion:

  • Crypto is not likely to be a significant earnings driver.

Overview:

  • CME Group operates an institutional derivatives exchange that deals with futures contracts and options. The instruments are related to interest rates, stock indexes, FX, and commodities.
  • The company recently announced the launch of Bitcoin futures contracts.

Investment case:

  • Financial speculation appears to be one of the main activities Bitcoin is used for and the launch of a Bitcoin product could therefore lead to significant volume growth for the CME.

Investment risks:

  • The Bitcoin product is new and it is not clear whether there will be significant demand relative to the CME’s other products.
  • On a forward EV/EBITDA of 21.0x, the stock is already reasonably expensive.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

CBOE

Investment conclusion:

  • Crypto is not likely to be a significant earnings driver.

Overview:

  • CBOE operates an institutional financial-options-trading platform. The main instruments are related to FX and stock indexes.
  • The company recently announced the launch of Bitcoin futures contracts.

Investment case:

  • Similar to the CME, financial speculation appears to be one of the main activities Bitcoin is used for, and the launch of a Bitcoin product could therefore lead to significant volume growth for CBOE.

Investment risks:

  • The Bitcoin product is new and it is not clear whether there will be significant demand relative to CBOE’s other products.
  • On a forward EV/EBITDA of 24.4x, the stock is already reasonably expensive.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

SBI Holdings

Investment conclusion:

  • A partnership with “fake Satoshi”, Craig Wright, is a significant concern. We do not recommend investing in SBI.

Overview:

  • SBI Holdings is a Japanese financial company whose main business is the domestic online stock-trading platform. SBI can be considered a peer to GMO.
  • SBI holdings appears enthusiastic about the crypto space. The company has a crypto fund, with investments in Ripple, R3, Orb, Coinplug, Wirex, Veem, and bitFlyer (source).
  • SBI plans to make further investments, including into Bitcoin mining. SBI also has a blockchain consulting business, including advising on ICOs.

Investment case:

  • SBI Holdings offers broad exposure to many areas in the space.

Investment risks:

  • SBI recently announced a strategic partnership with nChain, the company run by Wright, known inside the Bitcoin community as the “fake Satoshi”. This may indicate that SBI has limited knowledge about the crypto space or that the company may be wasting shareholder funds, by partnering with Wright.
  • SBI also appears to lack focus in its blockchain strategy.

Valuation metrics:

(Source: Bloomberg, BitMEX Research)

Other listed crypto-related names

Ticker Name Market cap (million USD) 2017 YTD return (USD) Description Blockchain pure play
Japan
4751 JP Cyberagent 4,814 50.0% Operates a media website, Ameba, and provides an advertising agency, foreign-exchange-trading website, and PC and mobile content. Potentially preparing for its own cryptocurrency exchange. No
3774 JP Internet Initiative Japan 841 16.2% Provides Internet connection services for businesses. Preparing Bitcoin services. No
6172 JP Metaps 365 (24.6%) Develops  advertising  platforms for smart phones. Potentially preparing for its own cryptocurrency exchange. No
3825 JP Remixpoint 322 359.9% An electricity retail business, energy-saving consulting. and used-car business.  BITPoint Exchange business. No
2315 JP CAICA  231 (7.7%) Provides information-systems solution services for financial and telecommunication industries. Issues a cryptocurrency “Caica”. No
3696 JP Ceres   216 34.8% Provides Internet marketing services.  Operates CoinTip service. No
3853 JP Infoteria 177 47.6% Provides software development based on XML.  Issues a cryptocurrency “Zen”. No
8732 JP Money Partners    133 (18.0%) Provides foreign-exchange transactions.  Alliance with the Kraken exchange. No
3807 JP Fisco  125 22.4% Provides financial information.  Exchange and deal with MonaCoin. No
8704 JP Traders Holdings   120 (8.7%) Provides financial services through Internet and call centers. Quoinex exchange business. No
3121 JP MBK  102 36.7% Provides loans and investments services for firms and real estates in Japan and China. Invested in BTCBOX exchange No
3808 JP OKWave   43 36.6% Q&A community website OKWave. Potentially preparing for its own cryptocurrency exchange. No
Taiwan
2377 TT Micro-Star 2,058 5.6% Also known as MSi. Manufactures and markets motherboards, graphics cards, and other computer peripherals. No
2376 TT Gigabyte Tech 1,102 28.8% Manufactures and markets computer motherboards No
3515 TT AsRock 296 100.6% Develops, designs, and retails motherboards No
2399 TT BioStar Micro 84 70.5% Manufactures and markets computer motherboards and interface cards No
6150 TT TUL Corp 68 312.3% Develops, manufactures, and markets graphics  cards, multimedia products, and interface cards No
United States
NVDA US Nvidia 116,085 80.2% Designs, develops, and markets graphics processors and related software. No
AMD US AMD 9,928 (9.3%) Manufactures semiconductor products. No
GBTC US Bitcoin Investment Trust 5,139 2,383.0% Trust invested exclusively in Bitcoin. Yes
RIOT US Riot Blockchain 275 732.7% Buys cryptocurrency and blockchain businesses, and supports blockchain-technology companies. Yes
SSC US Seven Starts Cloud Group 262 241.5% Provides artificial-intelligence, blockchain and fintech-powered digital-finance solutions No
MGTI US MGT Capital  204 475.3% Operates a portfolio of cybersecurity technologies. Yes
DPW US Digital Power 103 686.4% Designs, develops, manufactures, and markets switching power supplies for sale to manufacturers of computers and other electronic equipment. No
Canada
HIVE CN Hive Blockchain 636 n/a Operates as a cryptocurrency-mining firm. Yes
BTL CN BTL Group 197 991.7% Develops blockchain technologies. Yes
CODE CN 360 Blockchain 33 600.0% Invests in blockchain-based technology. Yes
Australia
DCC AU Digitalx 106 495.7% ICO advisory and blockchain consulting services Yes

(Source: Bloomberg, BitMEX Research)

Disclaimer

This piece does not constitute investment advice. You should do your own research before deciding to make any investments.

Update: Bitcoin Cash investment flow data

Abstract: In early September 2017, we published a piece on Bitcoin Cash (also known as BCash or BCH) and how one can analyse transaction data on the two blockchains involved in its split from Bitcoin to try to draw conclusions about the potential investment flows between the two chains. In this piece, we update the analysis with another three months’ worth of data.

Total coins spent

Bitcoin had an initial lead over Bitcoin Cash in total coins spent at least once since the fork but Bitcoin Cash caught up in early September. Since then, both coins have been approximately neck and neck.  As of 29 November 2017, 6.5 million Bitcoin and 6.3 million  Bitcoin Cash coins have been spent at least once since the fork.

Bitcoin Cash (BCH) and Bitcoin (BTC) spent at least once since the chainsplit. (Source: BitMEX research, Bitcoin blockchain, Bitcoin Cash blockchain, Bittrex price data)

Daily Bitcoin Cash spend for the first time

Although there have been several spikes, normally after a rally in the Bitcoin Cash price, the number of Bitcoin Cash coins spent each day (for the first time since the fork) continues to decline. In the last five days, the average daily first time spend has been just circa 19,000 per day, compared to lows of around 50,000 in August.

Bitcoin Cash coins spent for the first time since the split (daily). (Source: BitMEX research, Bitcoin Cash blockchain, Bittrex price data)

Transaction volume

There is not much change in the two chains’ relative transaction volumes, a more normal metric compared to our somewhat convoluted “first-time spend since the fork” metric. The total cumulative Bitcoin Cash transaction volume is 5.5% of Bitcoin’s since the fork.  Although this figure is increasing slightly, averaging 6.0% in the last 10 days.

Daily transaction volume of BCH and BTC. (Source: BitMEX research, Bitcoin blockchain, Bitcoin Cash blockchain, Bittrex price data)

Proportion of Bitcoin Cash coins spent

In the first four months of Bitcoin Cash, 38.5% of all coins that existed at the time of the fork have been spent at least once on the Bitcoin Cash chain. This is a remarkably high figure, considering many millions of coins are likely to have been lost forever years ago.

Proportion of Bitcoin Cash (BCH) spent vs. unspent since the chainsplit. (Source: BitMEX research, Bitcoin Cash blockchain)

Conclusion

The data above shows that, after just four months, there may have been considerable investment flows between the two coins. Many supporters of each coin may have already made their respective investment/divestment decisions, and the future of each coin may now be determined more on merit or utility rather than on the opinion of the holders at the time of the fork.

We would like to remind readers that there are many weaknesses with respect to this analysis, the main one being that a spend on the Bitcoin Cash chain does not necessarily relate to a divestment.

Bitcoin’s unique value proposition

Abstract: In this piece, we examine the question of “What is Bitcoin for?” We conclude that neither low-cost payments, censorship resistance, nor digital payments are particularly compelling on their own. However, combining censorship-resistant money with the ability to use money electronically results in an interesting set of characteristics.

Overview

There has been a significant amount of debate and discussion in the Bitcoin ecosystem about what Bitcoin is for. Should Bitcoin be a form of digital gold with a robust rule set and resilient network as the priorities or should Bitcoin primarily be considered a payment system focused on low transaction fees?

Of course most people would like Bitcoin to excel in both of these areas and in the long term, Bitcoin may be able to do so. However, the blocksize debate opened a schism in the community about which should be the priority in the short to medium run.

There are three key characteristics of money and payment systems:

  1. low transaction fees and fast transactions,
  2. censorship resistance, and
  3. the ability to transact electronically.

One could make various choices when deciding which type of money to use and the set of characteristics that each choice provides. We look at where Bitcoin should position itself, such that it may be able to provide a unique option.

1. Low transaction fees

Low transaction fees and usability have clearly been a key selling point of Bitcoin. Bitcoin has had lower transaction fees than many online international-banking transfer systems and Western Union, for example. A simple user experience is key to adoption, and there is a fear that if user adoption is too slow, Bitcoin may lose out to alternative payments solutions, either traditional centralised systems or alternative distributed proof-of-work-based tokens such as Ethereum.

Although Bitcoin is cheaper and perhaps easier to use than some centralised alternatives, in many cases, centralised alternatives are faster and cheaper than Bitcoin. For example, in many Western European countries, retail domestic interbank transfers are both free and instant. In China, Alibaba (BABA US) and Tencent (700 HK) are offering fast, simple, and cheap payment solutions. Tencent is said to be able to handle 200,000 transactions per second, far exceeding what Bitcoin can achieve.

Some may see these offerings as a risk for Bitcoin while others see this as a battle Bitcoin was always going to lose anyway. Yet fast and free payments are not currently available to everyone in the world so Bitcoin can still fill a useful niche. However, is it really sustainable to build Bitcoin based on the assumption that traditional payment-solution providers won’t ever provide instant and free payments?

A shop window displays various electronic payment options, including Alipay, WeChat Pay, and Apple Pay. (Source: BitMEX Research)

2. Permissionless and censorship-resistant money

Other members of the Bitcoin community prioritise other features ahead of low fees. This is often characterized as “censorship resistance”, but may actually refer to a range of related properties. The main aspects of these features are:

  • the ability to use the system without seeking permission,
  • the inability of the government or other authorities to block payments,
  • the inability of the authorities to reverse payments, and
  • resistance against the entire system being shut down.

However, just like the use case of low transaction fees described above, these characteristics are also not unique. Physical cash (notes and coins) also have these features, again making Bitcoin seemingly useless. Physical cash not only has these features, it has them to a far greater extent than Bitcoin. Cash also has additional features that Bitcoin cannot offer, such as the ability to transact when communication networks are unavailable or without a device such as a smartphone.

It should be mentioned that Bitcoin may have one interesting feature here that physical cash does not have: the censorship resistance of the rules of the monetary system as a whole. Bitcoin end users may have the ability to enforce all the rules of the system, which cannot be said for physical cash. This ensures some interesting properties, such as the supply cap of 21 million or preventing other inflationary policies — not available as options for physical cash.  In this respect, Bitcoin can be said to be most like “digital gold”, in regards to its monetary characteristics.

The use cases of censorship-resistant money

These censorship-resistant features are sometimes associated with illegal activity, the so-called black market or grey market. Although there are of course many legitimate use cases for censorship resistance — for example, a lack of trust in your partner in the transaction or the high costs associated with enforcing payments in multiple jurisdictions.

Black-market uses could include things like tax evasion, money laundering, illegal drug dealing, sexual services, the sale of illegal weapons, bribery, and organized crime. Grey-market uses may be legal goods and services sold in an unauthorized way. Grey-market transactions could include:

  • remittance to or from a country imposing some form of capital controls;
  • an individual subject to political oppression that restricts the use of their funds;
  • purchasing products or services from a lower price or alternative region without the consent of the regulator, manufacturer, or service provider, such as pharmaceuticals, consumer electronics, or media-subscription services;
  • donations to a politically sensitive cause;
  • the sale of cars without proper registration;
  • the unauthorized sale of copyrighted material such as textbooks;
  • computer software or digital content sold without the correct licence;
  • unauthorized transactions in stocks and shares in the OTC market;
  • participation in online gambling or poker without meeting regulatory requirements;
  • event tickets sold in violation of the terms printed on the ticket;
  • the sale of airline loyalty points in the secondary market;
  • using online e-commerce systems or in-store mobile-payment technologies, without being old enough to have the necessary banking relationships;
  • a female using online e-commerce systems in a cultural environment where its socially unacceptable for females to have banking relationships;
  • payments for basic services such as babysitting without registration for sales tax or employment;
  • payments to a babysitter who has inappropriate immigration status; and
  • payments from intelligence services to informants.

These examples may make this use case somewhat controversial and many may think there could be limited upside due to a lack of demand for these goods and services. In our view, there is significant demand for this type of use case, indeed some people estimate that these types of activities account for the majority of global economic activity, depending on how it’s measured.

Additionally, as we explained above, Bitcoin offers nothing new here. Physical cash already has the features that make it ideal for these scenarios and actually has superior qualities to Bitcoin in relation to censorship resistance. One key cultural difference is that physical cash is already deeply embedded in society, while Bitcoin is relatively new, making it potentially more controversial.

HSBC UK requires users to be over 18 years old to qualify for a credit card. Credit-card systems are typically used as the base layer for mobile payment technologies, and are therefore often inaccessible to those under 18 years of age, unlike cash which is permissionless. (Source: HSBC)

3. Electronic payments

As we enter the digital age, one characteristic of money trumps all of them: the ability to use money electronically, such that it can be used over the Internet or on a mobile device. Electronic communication systems have become integral parts of our culture and therefore the ability to use money electrically is an incredibly powerful feature.

However, Bitcoin certainly does not provide anything new here, either. Internet-based payment systems controlled by computer interfaces have existed for traditional currencies like the US dollar for years. Recently, the options available in this area are improving rapidly, with mobile payment systems gaining significant traction.

Evaluating the combinations of these three characteristics

After reading this far, one may conclude that Bitcoin has no unique characteristics whatsoever. This is true to some extent — but the key value proposition of Bitcoin is a unique combination of the above characteristics, namely to have both censorship resistance and an electronic transaction system. This subtlety can make the value proposition of Bitcoin difficult to understand, resulting in significant scepticism when one first comes across the subject.

The table below aims to illustrate the three key features discussed in this piece. We outline two alternative strategies for Bitcoin, one prioritising low transaction fees and the other prioritising censorship resistance. The analysis is oversimplified, assuming a binary choice between one or the other when the reality is far more nuanced, but it still makes a point.

When choosing to prioritise low fees, the boxes ticked in the table below are identical to those ticked for traditional electronic payment systems, which can already provide both low fees and electronic payments. However, a focus on censorship resistance ticks a unique set of boxes, meaning that Bitcoin provides a unique set of features that cannot be offered by any of the competing systems. No other monetary or payment system is able to offer both censorship resistance and electronic payments. Therefore, however vitally we value low transaction fees, the smart choice may be to prioritise the strategy that provides the most unique combination of characteristics. This could mean choosing censorship resistance rather than focusing on what appears to be the most immediately useful requirement.

Ability to offer low transaction fees Ability to offer censorship resistant type features Ability to transact electronically
Physical cash
Bank deposit/traditional electronic payment systems
Bitcoin (Priority: Low fees)
Bitcoin (Priority: Censorship resistance)

Of course, Bitcoin still needs to balance both the need for low fees and censorship resistance, and hopefully can achieve both, perhaps with new technology. In the medium or longer term, perhaps all three boxes in the above table can be ticked.

Conclusion

The point of Bitcoin is to provide characteristics traditionally only available when using physical cash, but in electronic form, suitable for the digital age: an “electronic cash system“. It’s a false dichotomy to believe we are facing a choice between a “digital gold” and a cash-type system. Bitcoin can be considered a hybrid of digital gold, physical cash, and traditional electronic payment systems.

 

Revisiting “The DAO”

Abstract: In this piece, we revisit “The DAO” and the events following its failure. We analyse what happened to the various buckets of funds inside The DAO, on both sides of the chainsplit that it caused. We identify US$140 million of unclaimed funds still inside what is left of The DAO.

Key points

  • The DAO hacker appears to control tokens worth approximately US$60 million.
  • There are currently around US$140 million of unclaimed funds still inside The DAO withdrawal contracts.
  • In June 2017, the USD value of unclaimed funds inside The DAO was higher than the value of the amount initially raised in May 2016.
  • After a 10 January 2018 deadline, around US$26 million of the funds may no longer be available to be claimed.

The DAO marketing material from May 2016

(Source: DaoHub)

Overview

In the early summer of 2016, a project called “The DAO” generated a substantial amount of excitement in the crypto space. DAO stands for Decentralized Autonomous Organization, and to the confusion of many, The DAO (as the group styled its name) consumed that entire moniker for itself. The DAO was to be an autonomous investment fund, investing in projects determined by the token holders. The fund was to be governed by a “code is law” philosophy, as opposed to the centralised top-down control mechanisms in traditional investment funds, where key individuals matter.  

Many believed this novel approach would lead to superior investment returns. Although it is a unique and potentially interesting approach, expecting strong investment returns at this point may be somewhat naive.

The fund raised Ethereum tokens worth approximately US$150 million at the time, around 14% of all the Ether in existence, with investors presumably expecting spectacular returns. The downside risk was expected to be minimal or even zero, since one was supposed to be able to withdraw one’s Ethereum from The DAO whenever one wished. In reality, doing so was a complex and error-prone process.

Problems with The DAO

As it turns out, The DAO was fundamentally flawed on several levels, as many in the Ethereum Foundation pointed out before the exploit was discovered.  For instance:

  • Economic incentives — The incentive model of the project was poorly thought out. For example, there was little incentive to vote “no” on investment proposals, since “no” voters became invested in approved projects. Those that did not vote did not become exposed to the project. Additionally, there was no stated mechanism for forcing successful projects to contribute profits back into The DAO.
  • Token viability — The creation of new projects would have ended up creating new classes of DAO tokens, such that each class was entitled to different risks and rewards. This meant that the tokens would not be fungible, an issue poorly understood by exchanges and the community.
  • Buggy code — The code did not always implement what was described or intended.  The smart-contract code did not appear to be adequately reviewed. The coders did not appear to fully grasp its language, Solidity, nor some of the states the contract could reach.

A few weeks after the conclusion of the token sale, a hacker found an exploit in the code that allowed them to access The DAO’s funds and drain some of it into a child DAO over which the hacker potentially had significant control. This led to an Ethereum hardfork, which was an attempt to prevent the hacker from controlling the funds and to return the funds to the initial investors. Since some in the Ethereum community were unhappy about this, it lead to the chainsplit between ETH and ETC.

The main groups and individuals related to The DAO

Network map of the main groups and the individuals involved in The DAO. There are other Ethereum foundation members with no association with The DAO, who are excluded from the diagram. Blue circles represent individuals;  yellow circles represent organisations. (Source: BitMEX Research)

 

Description People involved
DAOHub.org A DAO community website promoting The DAO, hosted by DAO.link. Felix Albert , Auryn Macmillan, Boyan Balinov, Arno Gaboury, Michal Brazewicz ,  Taylor Van Orden , Des Donnelly, Daniel McClure (source)
Slock.it Slock.it wrote the code for The DAO and the company was hoping to develop smart locks. Slock.it was expected to be financed by The DAO. Stephan Tual, Lefteris Karapetsas, Griff Green, Christoph Jentzsch, his brother Simon Jentzsch, Gavin Wood, Christian Reitwießner (source)
The hacker The exploiter of The DAO. Anonymous
DAO token holders (DTH)

Individuals from the general public who contributed to The DAO crowd sale or purchased DAO tokens on the open market.

22,873 account holders (source)
The DAO curators Third-party arbitrators separate from Slock.it who manage disputes or emergency situations arising from The DAO. Taylor Gerring, Viktor Tron, Christian Reitwießner, Gustav Simonsson, Fabian Vogelsteller, Aeron Buchanan, Martin Becze, Vitalik Buterin, Alex Van de Sande, Vlad Zamfir, Gavin Wood (resigned as a DAO curator prior to the exploit) (source)
Bity A Swiss based cryptocurrency exchange in partnership with Slock.it. The exchange publishes WHG announcements. (source) Alexis Roussel (source)
DAO.Link A Swiss-registered joint venture of Slock.it and Bity, which hosts the DAOHub website. Stephan Tual, Simon Jentzsch, Alexis Roussel (source)
Robin Hood Group (RHG) The original “white hat” group, which secured the majority of The DAO funds pre-fork.

Publicly: Alex Van de Sande, Griff Green, Lefteris Karapetsas

Stephan Tual claims: “individuals from the eth foundation, devs, security experts, ethcore, slock, etc.” (source)

Whitehat Group (WHG) The organisation that took ownership of ETC from the RHG.  The WHG has close ties to Bity. Only publicly known members are Jordi Baylina and Griff Green (source)
The Ethereum Foundation Non-profit foundation behind the creation of Ethereum. Many individuals including some of the founders of Ethereum (source)

The DAO timeline

In order to fully understand and account for the proper ownership of the funds, we must revisit the provenance of The DAO funds before, during, and after the hardfork.

Date Event Movement of funds
30 April 2016 The DAO crowdsale is launched. (Source: Slock.it)
25 May 2016 The DAO crowd sale concludes. ~11.5 million pre-fork ETH raised.
17 June 2016 The DAO is drained into a child DAO by the hacker.
(Source: New York Times)
~3.6 million pre-fork ETH drained to hacker’s child DAO.

A child DAO can be split from the main DAO as part of The DAO’s governance process, similar to a spin-off company.

The splitting process was exploited by the hacker using a recursive-call exploit, which drained more funds from the parent DAO than intended. The owner of a newly formed child DAO cannot withdraw those funds immediately but must wait for a voting period to end before securing those funds and being able to freely transfer them.

This voting period gave the Ethereum community a window of opportunity to attempt to reclaim the funds by attempting to exploit the hacker’s child DAO using the same vulnerability. This, however, might have resulted in perpetual splitting and a DAO war, whereby the funds would be stuck in limbo forever as long as neither the hacker nor RHG gave up. This process could be easily scripted so would not take much effort on either side.

One way to solve this would be the implementation of a softfork to censor the hacker’s transactions, preventing them from participating in this war and quickly allowing the funds to be recovered.

Date Event Movement of funds
21 June 2016
RHG begin “DAO Wars” and are able to to recover a majority of the funds. (Source: Reddit)
~8.1 million pre-fork ETH drained into the RHG’s child DAOs using the same vulnerability.
24 June 2016
DAO Wars softfork proposed to secure attacker’s ~3.6 million pre-fork ETH. (Source: Ethereum Foundation)
Would have censored transactions to prevent hacker from accessing their child DAO.
28 June 2016
Critical flaw discovered in DAO Wars softfork, which is then abandoned (Source: Hacking Distributed)

At this point, the RHG had managed to secure around 70% of the funds by exploiting other child DAOs, but in order to guarantee the ability to reclaim the remaining 30% (around 3.6 million pre-fork ETH), a hardfork was the only possibility. Moreover, the softfork proposal was found to have critical security vulnerabilities and was quickly scrapped.

Date Event Movement of funds
20 July 2016
Hardfork is implemented, effectively undoing the effects of The DAO hack and making DTH whole on the forked ETH chain. Implemented via two withdrawal contracts.
(Source: Ethereum FoundationThe Ethereum Wiki)
~11.5 million post-fork ETH returned to DAO withdraw contract, which can be claimed by DTH based on their current DAO token balances.
20 July 2016
ETC, the not-forked chain. continues to be mined.
The RHG and The DAO hacker will eventually have access to ETC in child DAOs.

After the fork, there are two chains in parallel universes: ETH, where the hack is undone, and ETC, where the hack remains. The RHG have still secured around 70% of the ETC, and could have continued the attack on the ETC chain using the aforementioned “DAO Wars” limbo strategy, but decide not to. To refund DTH on the ETH chain, a withdrawal contract is used, which DTH must call to claim their ETH.

Date Event Movement of funds
23 July 2016
ETC is listed on Poloniex; other exchanges follow suit. ETC/USD reaches a third of ETH/USD. (Source: Twitter) n/a
9 Aug 2016
The RHG hands ownership of the ETC funds to the WHG. The WHG receive funds in their ETC multisig wallet as the ETC child DAOs mature. (Source: Bity)
~8.1 million ETC secured by the WHG.
10 Aug 2016
Unannounced, WHG/Bity use Bity’s “verified money service business” account to attempt to tumble and swap 3 million ETC on four exchanges for ETH, BTC, and EUR. (Source: Bity)
Poloniex freezes 2.3 million ETC, Kraken trades but freezes 1.3 million worth of ETC, Bittrex trades and processes 82,000 ETC, and Yunbi trades and processes 101,000 ETC.
12 Aug 2016
After the majority of the tumbled ETC is frozen, WHG/Bity announce that they have decided not to sell the ETC for ETH, and instead will distribute ETC to DTH. (Source: Reddit)
Bity trade back BTC, ETH, and EUR into ~1.5 million ETC, bringing their balance back to ~8.1 million ETC.

Graphical illustration of the above transactions

(Source: Gliffy)

 

Date Event Movement of Funds
26 Aug 2016
Bity announce launch of the “whitehat withdrawal contract”. (Source: Bity)
n/a
30 Aug 2016
Bity announce that the first version of the whitehat withdrawal contract is published. (Source: Bity)
~4.2m ETC transferred from WHG to the withdrawal contract, ~0.6 million claimed by DTH.  DTH are entitled to receive funds based on their DAO token balance at the time of the hardfork, not the current token balance as is the case for ETH.
30 Aug 2016 Bity announce that second version of whitehat withdrawal contract is published. (Source: Bity)
~3.8 million ETC transferred from old contract to new contract.
6 Sept 2016
Bity announce that the remaining ETC (including that which was attempted to be traded on exchanges, and some from matured child DAOs) is transferred to the whitehat withdrawal contract. (Source: Bity)

~4.3 million ETC transferred from WHG exchange accounts and multisig into withdrawal contract.

During the time these trades were made, the price of ETC dropped in value relative to ETH, BTC, and EUR, causing the trade back into ETC to yield an additional 700,000 of ETC that was added to the whitehat withdrawal contract. The exact details of these on-exchange swaps were not made public.

Graphical illustration of the above transactions

(Source: Gliffy)

 

Date Event Movement of funds
6 Sept 2016
DAO Hacker moves the funds from his “dark child DAO”. (Source: Gas Tracker)
~3.6 million ETC Secured by Hacker
6 Sept 2016 DAO hacker donates some ETC to the ETC development fund. (Source: Gas Tracker)
1,000 ETC sent to ETC developer fund.
25 Oct 2016 to
7 Dec 2016
DAO hacker tumbles funds into many different accounts, potentially swapping to different currencies. (Source: Gas Tracker)
~0.3 million ETC tumbled by hacker.

At the time of writing, the hacker has not touched the vast majority of the drained ETC, and is sitting on a stash of 3,360,332 ETC worth US$58 million.

One feature of the whitehat withdrawal contract is that a limit is set for the ETC funds to be withdrawn (originally set to three months, expiring on 30 January 2017). Due to the large proportion of the funds that were not claimed within the given three months, this period was extended twice.

Date Event Movement of funds
30 Jan 2017
Bity extend the ETC whitehat withdrawal contract deadline to 14 April 2017. (Source: Bity)
n/a
14 April 2017
RHG extend the ETC whitehat withdrawal contract deadline to 10 January 2018. (Source: Reddit)
n/a
10 Jan 2018
ETC whitehat withdrawal contract deadline. ?

There have been no major events since; the vast majority of ETH funds have been withdrawn by DTH, as has the majority of ETC.

The unclaimed funds

As of 19 November 2017, approximately US$140 million in funds remains unclaimed, as the approximate breakdown below indicates.

Bucket ETH Unclaimed US$ million Percent
Claimed balances
ETH withdrawn by DTH 11,286,046 97.3%
Unclaimed balances
Unclaimed ETH in DAO Withdraw (source) 235,414 86.6 2.0%
Unclaimed ETH in DAO ExtraBalance (source) 76,204 28.0 0.7%
Unclaimed total 311,618 114.7 2.7%
Claimed & unclaimed
Total funds 11,597,664   100.0%

DAO-related funds on the ETH side of the fork, calculated at a USD/ETH price of $368. (Source: BitMEX Research, Ethereum blockchain)

 

Bucket ETC  US$ million Percent
Hacker funds
ETC retained by Hacker 3,642,408 66.6  30.1%
WHG Funds
ETC withdrawn by DTH (including donations) 7,035,319 58.2%
Unclaimed ETC (Source) 1,405,072 25.8 11.6%
WHG total 8,440,391   100.0%
Hacker & WHG funds
Total funds 12,082,799

DAO-related funds on the ETC side of the fork calculated at a USD/ETC price of $18.30. (Source: BitMEX Research, Ethereum Classic blockchain)

 

 

DAO-related funds on the ETC side of the fork. (Source: BitMEX Research, Ethereum Classic blockchain)

 

Unclaimed DAO balances over time for ETH and ETC. (Source: BitMEX Research, GitHub)

 

Unclaimed DAO balances over time, in USD. (Source: BitMEX Research, Coinmarketcap, GitHub)

 

As the chart above illustrates, at the Ethereum price peak in July 2017, the USD value of unclaimed Ethereum inside DAO withdrawal contracts was even higher than the US$150 million initially raised.

Withdrawal contract “gotchas”

Whilst the notion of a withdrawal contract sounds binding, all of the unclaimed funds are still in the control of the owners of those contracts.

Safety hatches

All three withdrawal contracts have “safety hatch” mechanisms, meaning the owners of these contracts have the ability to withdraw all of the funds at any time.

Whilst The DAO curators have not indicated this is planned, it may be tempting to appropriate these funds if it is deemed that no more withdrawals will take place. The WHG, in contrast, have designed their contract specifically to ensure this happens.

Whitehat deadline

The whitehat withdrawal contract also has a timeout system for when DTH are able to withdraw their funds. This deadline will expire on 10 January 2018 (although it has been extended twice before), so attempts to withdraw after this deadline may be denied.

What next for the US$26 million of unclaimed ETC?

The next obvious question is what happens to the unclaimed funds on 10 January 2018.

There are four clear options at present:

  1. Have WHG/Bity keep the funds as payment for their service, returning some of the ETC.
  2. Donate the funds to a charity or the “community”, perhaps the ETC, DTH, or ETH community.
  3. Extend the deadline again.
  4. Commit to allowing withdrawals indefinitely, as with the ETH withdrawal contracts.

An official response from Bity suggests that they may lean towards option two:

We feel that these funds should be donated to the DAO token-holders community where they originated from. After six months, we want to be able to donate these unclaimed funds to a community-wide effort, like a foundation supporting smart-contracts security. We want these funds to be used to develop the future of structures of decentralized governance, DAOs, and smart contracts. We will see what options are available at the time.

Of course, questions of who represents the DTH community will arise, and the transparency of spending the funds may come into question. Due to the anonymity of whoever is behind WHG, it may be difficult for the community to properly audit the spending of these unclaimed funds.

Additionally, this arbitrary deadline that prevents individuals from claiming funds that are rightfully theirs may result in future legal action. Given that, there is a possibility that WHG is only left with option 3 or 4, and will potentially allow ETC withdrawals to continue in perpetuity.

However, January 2018 will be over 18 months after The DAO, a long time in the crypto space. In addition to this, the price of both ETH and ETC has risen considerably since The DAO. Therefore, some DTHs may forget about their tokens in all the excitement and wealth generation, which is prevalent in the Ethereum ecosystem.

Disclaimer

Whilst many claims made in this note are cited, we do not guarantee accuracy. We welcome corrections.

The implications for Bitcoin of the new Bitcoin Cash difficulty adjustment mechanism

Abstract: In this piece we examine the potential impact of Bitcoin Cash’s new rolling 24 hour difficulty adjustment algorithm on the Bitcoin network.  We look at the possible implications of price movements of Bitcoin Cash, with respect to hashrate oscillations between the two coins.

 

Overview

In our last piece we looked over the history of coins sharing the same hashing algorithm and some of the potential problems related to swings in the hashate between the two respective coins.  In this piece we look more closely at Bitcoin and how it could be effected by changes in the price of Bitcoin Cash.

Bitcoin has a longer difficulty adjustment period than Bitcoin Cash, a two week adjustment windows, compared to the rolling one day period Bitcoin Cash now has.  Therefore, in the event of price movements changing relative mining incentives between the chains, Bitcoin will be slower to adjust and achieve the the 10 minute target time than Bitcoin Cash.  This could be a potential problem for the usability or integrity of the Bitcoin network.

 

A worked example of a Bitcoin Cash price increase

For this rest of this piece, broadly speaking, we assume miners have the objective of maximizing profits in the short term.  In reality miners may also consider other factors or have other objectives, for example, to see their favorite coin succeed, their hated coin fail, or they may try to maximize the long term value of their investment in coins and mining hardware, by focusing on maintaining network stability.

The following scenario applies to an increase in the price of Bitcoin Cash,  similar logic can be used for other price movements:

  1. There is stable equilibrium, where each coin is approximately achieving its 10 minute target time and the hashrate distribution is broadly speaking allocated in proportion to the relative price of each coin.
  2. The price of Bitcoin Cash increases.
  3. Bitcoin Cash then has higher mining profitability than Bitcoin and a significant amount of hashrate moves over to Bitcoin Cash.
  4. Within a day, Bitcoin Cash’s difficulty re-targeting mechanism quickly adjusts, such that the Bitcoin Cash block interval is around 10 minutes.
  5. Due to the higher difficulty on Bitcoin Cash, some of the hashrate moves back over to Bitcoin.  The Bitcoin block interval is longer than 10 minutes, since not all of the hashrate moves back over.
  6. Within around two weeks, Bitcoin’s difficulty re-targeting mechanism adjusts, and Bitcoin’s block interval reaches 10 minutes again.  More hashpower moves back over to Bitcoin, such that the hashrate distribution is approximately in proportion to the new relative price of the two coins, an equilibrium state.

The below table illustrates the above example with actual numbers.

 

Illustration of hashrate oscillation dynamics – Increase in the price of Bitcoin Cash

Initial state Immediately after the price increase After the Bitcoin Cash difficulty adjustment After the Bitcoin difficulty adjustment
Relative prices
Bitcoin 1.0 BTC 1.0 BTC 1.0 BTC 1.0 BTC
Bitcoin Cash 0.2 BTC 0.4 BTC 0.4 BTC 0.4 BTC
Relative mining profitability
Bitcoin 1.00x 1.00x 1.00x 1.17x
Bitcoin Cash 1.00x 2.00x 1.00x 1.17x
Expected hashrate distribution
Bitcoin 83.3% 0.0% 66.7% 71.4%
Bitcoin Cash 16.7% 100.0% 33.3% 28.6%
Expected block interval
Bitcoin 10 minutes n/a 12.5 minutes 10 minutes
Bitcoin Cash 10 minutes 1.7 minutes 10 minutes 10 minutes

Source: BitMEX Research
Notes: The above model is an over simplification and excludes several other stages of hashrate oscillations.  The table assumes hashrate is distributed according the relative price levels of the two coins.  Transaction fee dynamics are excluded.

 

Implications for the Bitcoin network

The above illustrates that the Bitcoin chain could experience block interval swings for longer periods than Bitcoin Cash, due to the longer difficulty adjustment window.  However, the data also shows that even a large fluctuation in the price of Bitcoin Cash, from 0.2 BTC to 0.4 BTC, only increases the expected Bitcoin block interval by 25% to 12.5 minutes, after the Bitcoin Cash difficulty adjusts.

These slower blocks may generate some additional transaction congestion on the Bitcoin chain.  Although, somewhat ironically, this particular problem is likely to be of greater concern to Bitcoin Cash supporters than a Bitcoin supporters.  Many long term Bitcoin holders may not be concerned by periods of 12.5 minute blocks, as they are looking ahead to the long term, while this issue should be resolved within around two weeks.  Although this may be disruptive to users in the medium term, in our view, it is unlikely Bitcoin Cash will maintain such high levels of price volatility for extended periods of time.  Therefore the above problem may not be a serious concern.

However, it is possible that price volatility and therefore hashrate oscillations could remain for extended periods of time.  If this is the case, although Bitcoin may deviate from 10 minute intervals for longer periods, the magnitude of the deviation could be larger for Bitcoin Cash.  This could therefore impact both coins in a negative way.  Should this occur, the eventual Nash equilibrium end game solution could be merged mining, as we discussed in the previous piece.  Although due to the current confrontational political climate, reaching such a solution could take a considerable amount of time and reconciliation.

 

Bitcoin Cash difficulty adjustment schemes designed to cause disruption

There may be some small elements within the Bitcoin Cash community who wish to disrupt the Bitcoin network. For example, some people may have attempted to combine the timing of a rally in the price of Bitcoin Cash with a sharp downward difficulty adjustment caused by the EDA, to drive miners to Bitcoin Cash and disrupt the Bitcoin network.

If the plan is to cause this kind of disruption, one potential idea could be to increase the difficulty adjustment period, for example to a two month window form a one day rolling period.  This would mean that following a sharp price rally of Bitcoin Cash, the difficulty of Bitcoin Cash would take longer to adjust than Bitcoin.  Therefore Bitcoin Cash could remain more profitable than Bitcoin for longer periods, potentially causing disruption and transaction congestion on the Bitcoin network.

However, a long difficulty adjustment window like this may contradict the Bitcoin Cash philosophy. A shorter difficulty adjustment period, larger blocks and lower block times improve usability, which is a key focus of Bitcoin Cash.  In contrast, longer difficulty adjustment periods, smaller blocks and longer block intervals, may improve resilience, which appears to be a key priority for the Bitcoin community.  Therefore Bitcoin Cash is unlikely to adopt such a policy, in our view.

Another issue with this longer two month difficulty adjustment window is that the level of disruption to Bitcoin Cash, relatively speaking, with respect to periods with fewer blocks, will be even larger than for Bitcoin.  Therefore this approach could be considered a lose lose type scenario.  As we expressed above, ultimately, the win win scenario could be something like merged mining.

The Litecoin vs. Dogecoin hash-rate wars of 2014 and implications for Bitcoin vs. Bitcoin Cash

Abstract: In this piece we look at the hash-rate oscillations between Litecoin (LTC) and Dogecoin (DOGE) in 2014. We compare it to the current Bitcoin (BTC) and Bitcoin Cash (BCH) hash-rate oscillations and  consider whether we can learn any lessons from history.

Overview

Although there are many crypto tokens, the number of proof-of-work tokens, with their own set of miners, is surprisingly small — so having two significant proof-of-work tokens that share the same hashing algorithm is quite rare. There appear to be three examples of significant hash-rate oscillations caused by this kind of setup:

Year Coins Hashing algorithm
2014 Litecoin (LTC) vs Dogecoin (DOGE) Scrypt
2016 Ethereum (ETC) vs Ethereum Classic (ETC) EtHash
2017 Bitcoin (BTC) vs Bitcoin Cash (BCH) SHA256

(Source: BitMEX Research)

A comparison of the 2014 Litecoin (LTC) versus Dogecoin (DOGE) hash-rate oscillations with the 2017 Bitcoin (BTC) versus Bitcoin Cash (BCH) oscillations may reveal some lessons.

In early 2014, Dogecoin enjoyed a sudden, meteoric increase in price (figure 1). Its mining incentives increased quickly and this attracted significant hash-rate. The consequences resembled those of Bitcoin Cash’s infamous emergency difficulty adjustment (EDA), which resulted in sharp drops in mining difficulty and made Bitcoin Cash’s mining incentives higher than Bitcoin’s for short periods. Both instances caused sharp swings in the hash rate and network distribution between the respective coins.

We will look back at the 2014 incident with the help of some charts of hash-rate oscillation to see what it has to tell us about the swings in hash rate between Bitcoin and Bitcoin Cash, which many are tracking on the fork.lol website.

Mining incentives vs. the difficulty adjustment

The hash-rate distribution between two tokens with the same hashing algorithm should, in theory, be allocated in proportion to the total value of mining incentives on each respective chain. Mining incentives can be thought of as the USD value of both expected block rewards and transaction fees in any given period of time.

Even when token prices, block rewards, and transaction fee levels are temporarily stable, within difficulty adjustment periods further oscillations can occur because miners may switch to more profitable tokens with lower difficulty until the difficulties of the two tokens achieve equilibrium.

Litecoin vs. Dogecoin in 2014

Dogecoin enjoyed a large price rally in early 2014 and then began to challenge Litecoin for the title of the highest hash-rate Scrypt-based token. Litecoin has a two-and-a-half-minute block target time and its difficulty adjusts every three and a half days. Dogecoin has a one-minute target time and at the start of 2014 had a four-hour difficulty adjustment period.

Figure 1: Litecoin (LTC) versus Dogecoin (DOGE) price chart for 2014 (in USD). (Source: Coinmarketcap, BitMEX Research)

The Dogecoin price increased much faster than Litecoin in the early part of 2014 although, as figure 2 shows, Dogecoin never really approached Litecoin’s market capitalisation. Despite its lower market capitalisation, Dogecoin’s higher inflation rate meant that miner rewards were often higher, and a majority of the Scrypt hash rate switched over to Dogecoin during some periods.

Figure 2: Litecoin (LTC) versus Dogecoin (DOGE) market capitalisation in 2014 (in millions of USD). (Source: Coinmarketcap, BitMEX Research)

Dogecoin’s hash rate exceeded Litecoin’s in late January 2014, as figure 3 indicates. The hash rate swung between the coins for roughly a month as miners switched back and forth.

 

Figure 3: Litecoin (LTC) versus Dogecoin (DOGE) hashrate chart – billion hashes per second – 2014. (Source: Litecoin blockchain, Dogecoin blockchain, BitMEX research)

When, in 2017, Bitcoin Cash had higher mining incentives per unit of time than Bitcoin, many miners switched to Bitcoin Cash, repeating the pattern of 2014. As figure 4 shows, miners followed the money back then too.

A key difference is that even after the difficulty found equilibrium, Dogecoin at times offered higher USD value of mining incentives. In 2017, in contrast, Bitcoin Cash’s incentive lead was always only driven by anomalies in the difficulty adjustment algorithm. Bitcoin always had higher incentives per block than Bitcoin Cash. The higher incentives of Bitcoin Cash came per unit time from its faster blocks and as soon as the difficulty returned to equilibrium, Bitcoin regained its position as the highest incentive SHA256 coin.

Figure 4: Litecoin (LTC) versus Dogecoin (DOGE) mining incentive (USD per day) versus hash-rate share in 2014. Transaction fees were not included in the mining-incentive calculation. (Source: Coinmarketcap, Litecoin blockchain, Dogecoin blockchain, Dogecoin Github, BitMEX Research) 

In order to calculate mining incentives for Dogecoin, we had to consider what occurred in 2014, including six changes to the block reward and two hardforks. These changes are outlined in the table of figure 5.

Date Block number Event type Expected block reward Comment
New Old
14 Feb  100,000 Mining-reward change  250,000 500,000 Random reward between 0 and 500,000 DOGE.
17 Mar  145,000 Hardfork 250,000 250,000 Difficulty retargeting period reduced to one minute from four hours. Randomness removed from block reward.
28 April  200,000 Mining-reward change 125,000 250,000
15 July  300,000 Mining-reward change 62,500 125,000
11 Sept  371,337 Hardfork Merged mining with Litecoin enabled.
2 Oct  400,000 Mining-reward change 31,250 62,500
14 Dec  500,000 Mining-reward change 15,625 31,250

Figure 5: Dogecoin (DOGE) 2014 event timeline. (Source: Dogecoin blockchain, Dogecoin Github, BitMEX Research)

As figure 5 indicates, on 17 March 2014, Dogecoin changed the difficulty adjustment algorithm, reducing the target time to just one minute (one block) in order to try and alleviate some of the disruption caused by the hash-rate volatility.

Merged mining

In September 2014, Dogecoin activated its merged-mining hardfork. Merged mining is the process by which work done on one chain can also be considered valid work on another chain. Dogecoin can therefore be thought of as an auxiliary blockchain of Litecoin, in that Dogecoin blocks contain an additional data element pointing to the hash of the Litecoin block header, which is considered as valid proof of work for Dogecoin.

The merged-mining system is considered the ultimate solution to the hash-rate oscillation problem, ensuring stability even in the event of sharp token-price movements.

Implications for Bitcoin Cash

The Bitcoin Cash community is unlikely to want to implement merged mining, perhaps for political reasons, in the medium term. Some in the Bitcoin Cash community see Bitcoin as an adversary chain, rather than one with which it should coexist peacefully. Allowing merged mining can be considered the ultimate peace arrangement between two chains. Initially, some in the Dogecoin community were also unhappy about merged mining, but the community eventually realized that it was the best solution to their hash-rate oscillation problem.

However, Bitcoin Cash has recently fixed the EDA issue, which we highlighted in early September as a potential problem. Perhaps the new one-day rolling difficulty adjustment, combined with better price stability, will solve the hash-rate oscillation problem, such that no more fixes are required. If this doesn’t solve the problem, perhaps alternative difficulty adjustment schemes could be tried before merged mining may slowly makes its way onto the agenda.

Trading Tip: Attempt to obtain free Bitcoin Cash on Bitfinex

Abstract: In this piece we explain a reasonably risky way to obtain free Bitcoin Cash (BCH) on the Bitfinex platform, by purchasing the BCC token.  This BCC token represents the Bitcoin Core side of the Bitcoin Unlimited futures contract.

 

Strategy overview

As we explained in our piece a few weeks ago, Bitfinex allow their customers to trade various Bitcoin chain split tokens, however as we explained some of these tokens have overlapping periods.

One of these tokens, Bitcoin Cash (BCH), launched in August 2017, we discussed this token in our earlier piece on the subject.  The launch of Bitcoin Cash occurred during the Bitcoin Unlimited futures contract period.  Therefore in theory, those who held BCC (the “Bitcoin Core” side of the Bitcoin Unlimited contract), had their Bitcoins locked up in this contract at the time of the Bitcoin Cash hardfork.  When this contract settles in December, holders of BCC may receive some Bitcoin Cash.

Bitfinex even eluded to this with the following statement:

CSTs with overlapping contract periods and other forking events may need to be adjusted to reflect the correct economics. We are aware the the BCC/BCU CSTs need retroactive adjustments to reflect BCH, as well as BTG, after the event tomorrow. Similarly, BT1/BT2 may need to be adjusted to reflect any BTG that accrues to the locked up BTC. We have a plan for this and may not be able to implement it immediately, but it is fair to our users and will be applied retroactively in a non-intrusive way. More details will follow on this next week.

Source: Bitfinex

 

Investment recommendation

Due to the recent price rally in Bitcoin Cash, with it currently trading at around 0.35 BTC, in our view, it may be a good idea to invest in the BCC token on Bitfinex, to try to obtain some exposure to Bitcoin Cash, without paying for it.

There are two ways of achieving this:

  1. Buy BCC in the market.  The current price of BCC is around 0.96 BTC and in theory the price could increase and trade at 1.0 (Or in theory BCC could even trade at a premium to BTC, although new units can be created if this occurs).
  2. Deposit BTC into Bitfinex and then split it into BCU and BCC.  Then one could hold the BCC to the settlement date and hopefully obtain the free BCH.

There are some risks to this trade, as we explain in the section below.  However, with the recent rally in the BCH price, in our view, the risk/reward balance is somewhat favorable.

 

Investment risks

  • Distribution coefficient – Although the Bitcoin Unlimited futures contract launched prior to BCH, the split tokens could be created both prior to and after the launch of BCH.  Therefore there may not be sufficient BCH in reserve to allocate to all BCC token holders.  A distribution coefficient may be required in order to adjust for this.  Actually some market participants may create new BCC in order to benefit from the trading idea mentioned in this piece, which would make any distribution coefficient less favorable to BCC investors.
  • Bitcoin Cash price – The market value of BCH could fall substantially prior to the Bitcoin Unlimited contract settlement date.
  • Bitfinex Policy – Bitfinex policy with respect to this matter is uncertain and could change.
  • Counterparty risk – The risk that Bitfinex becomes insolvent prior to the Bitcoin Unlimited contract settlement date.

 

Non Empty Smaller Block Data By Mining Pool

Abstract: In this piece we present data displaying the proportion of smaller blocks produced by the different mining pools, over time.  This follows on from our piece last week looking at empty blocks.

 

Smaller blocks overview

Following on from our analysis on empty blocks last week, some readers asked for a similar analysis to be conducted for non empty but smaller blocks, by mining pool.  For your consideration, we present some data trying to capture the proportion of smaller blocks by mining pool.  We are not unable to draw any interesting conclusions from this analysis.

 

Charts illustrating the proportion of smaller blocks by mining pool

 

Figure 1 – Blocksize bucket analysis by mining pool (in bytes) – 2017

Source: Bitcoin Blockchain, BitMEX Research, Blockchain.info (For mining pool name)
Notes:  Data up to 22nd October 2017. Mining pool with less than 800 blocks in the period is excluded

 

Figure 2 – Blocksize bucket analysis by mining pool (in bytes) – 2016

Source: Bitcoin Blockchain, BitMEX Research, Blockchain.info (For mining pool name)
Notes:  Mining pool with less than 800 blocks in the period is excluded

 

Figure 3 – Blocksize bucket analysis by mining pool (in bytes) – 2015

Source: Bitcoin Blockchain, BitMEX Research, Blockchain.info (For mining pool name)
Notes:  Mining pool with less than 800 blocks in the period is excluded.  BTCC Pool had many blocks with 2 transactions in this period

 

Figure 4 – Percentage of non empty blocks smaller than 10,000 bytes by mining pool – monthly

Source: Bitcoin Blockchain, BitMEX Research, Blockchain.info (For mining pool name)
Notes:  Mining pool with less than 250 blocks in the the month is excluded

 

Methodology

We chose 10 blocksize buckets:

  1. Less than 500 bytes
  2. 500 bytes to 5,000 bytes
  3. 5,000 bytes to 10,000 bytes
  4. 10,000 bytes to 25,000 bytes
  5. 25,000 bytes to 50,000 bytes
  6. 50,000 bytes to 75,000 bytes
  7. 75,000 bytes to 100,000 bytes
  8. 100,000 bytes to 250,000 bytes
  9. 250,000 bytes to 500,000 bytes
  10. 500,000 bytes to 1,000,000 bytes

The selection of the bucket boundaries was entirely arbitrary and therefore this could weaken the analysis.  Figure 1 appears to indicate that the 10,000 byte bucket may be most significant, due to the apparent spike for some miners in 2017.  Therefore non empty blocks less than 10,000 bytes were chosen as the range for the monthly chart, which is shown in figure 4.

 

Concluding remarks

As a reminder we do not believe any of the above data is strong evidence for covert ASICBOOST.  Others have argued that smaller or empty blocks by some mining pools could be considered as circumstantial evidence for covert ASICBOOST, without always providing data backing up these claims.  Our objective here was simply to produce charts illustrating the prevalence of these smaller blocks by mining pool.