Effective 14 July 2019 at 21:00 UTC, BitMEX will temporarily remove Kraken from its indices in response to Kraken’s scheduled downtime. This scheduled downtime is expected to last for 3-8 hours and will affect the 7 BitMEX indices as detailed in the table below. Kraken will be reintroduced once trading has resumed. We will announce their reintroduction 12 hours in advance.
All traders should be aware that the price of these indices may fluctuate substantially, and should exercise caution when trading these indices.
Following on from our 28 May 2019 announcement of a donation to the MIT Digital Currency initiative, we are delighted to announce a US$60,000 grant to Bitcoin Core contributor, Michael Ford (AKA fanquake). Michael has been a Bitcoin contributor since 2012 and has recently beenadded to the list of maintainers for the Bitcoin Core software project.
HDR Global Trading Limited (which owns and operates the BitMEX cryptocurrency trading platform) is proud to support Bitcoin development and engineering, aimed at improving Bitcoin’s robustness, scalability and privacy. The grant is non exclusive and requires Michael to work on Bitcoin Core. We are pleased to be Michael’s first financial supporter during his time as a Bitcoin Core maintainer.
Sam Reed, CTO and co-founder of HDR Global Trading Limited, made the following remark about the grant:
HDR Global Trading Limited, like all other companies in the cryptocurrency space, relies heavily on the (mostly-volunteer) work of coders dedicated to the mission and ideals of Bitcoin. This work is difficult, demanding, and often thankless. We believe it is the duty of corporations to give back to the projects from which they benefit – and from which their very business model stems. Without the millions of free man-hours from dedicated OSS developers powering everything from our operating systems, to our web servers, to our ops tools and Bitcoin itself, the BitMEX trading platform could not have been built. We don’t forget this gift. Therefore, HDR considers this grant, provided on a no-strings-attached basis, to be only a small part of an ongoing commitment to bolstering Bitcoin and other OSS projects for the benefit of all.
The event horizon has passed. With Libra, Facebook begins its foray into the digital asset industry. Before I begin my analysis, let’s get one thing straight; Libra is not decentralised nor censorship resistant. Libra is not a cryptocurrency. Libra will destroy all stablecoins, but who gives a fuck. I shed no tears for all those projects that somehow believed there was value in a an unheard-of sponsor creating a fiat money market fund that rode on a blockchain.
Libra could lay commercial banks and central banks low. It might reduce their usefulness to a dumb regulated warehouse for digital fiat money. And that is exactly what should happen to these institutions in a digital age.
Why Do Commercial Banks Exist?
Banks came about during a time of great danger for members of the human society. In feudal Europe you most likely worked dawn-till-dusk on the farm. Any meagre savings you or your feudal lord amassed were constantly under siege. Given that money was physical in nature, if you or your lord left the protection of the town, theft was likely.
Safety of assets has been the most important value proposition for traditional banks. They could store physical assets and records safely in their vaults. Therefore, governments and wealthy individuals stored money and assets with banks. Banks were and are engaged in a massive confidence game. That is why bank building edifices portray a certain fortified grandeur. In a generation, your assets will still be there, intact and ready for use.
Through their partnership with the government, banks obtain a license to issue credit and expand the money supply. They also rely on the legalised violence of the government to enforce contracts. Don’t pay the bank back, they will confiscate the encumbered asset. Should you defy the courts, a government goon will happily press boot to neck, and ensure your compliance.
In the last decade, human civilisation’s money and assets quickly transitioned from analogue to digital representations. Money and representations of ownership travel electronically rather than on the back of a horse. If assets and money are now digital, do we need institutions that provide physical rather than digital security?
As we have seen, commercial banks are terrible at securing digital information. Pick your large too-big-to-fail bank, and there will be a story about the “leakage” (euphemism for “we have no fucking clue how to safeguard your digital property”) of customer data.
Whoever has the customer, has the value
Previously banks held the most valuable information about customers. They had your whole financial history, and information about where you lived and what you bought.
In the past ten years, social media companies through voluntary actions of their users, amassed the most amount of personal information in human history. We share every detail of our lives on Facebook, Instagram, Google, Twitter, WeChat, LINE, Kakao Talk etc. We send billions of messages on centralised chat programs controlled by those same institutions as well. They now own the customer.
The modern consumer technology companies own billions of the wealthiest customers’ data. Previous to now, these companies made money on advertising and selling a product. But as with all businesses, once you are successful capturing customers, you start offering financial services.
Facebook has almost 2 billion daily active users. It makes complete sense to own the financial existence of their chattel. That is Libra.
Libra is a stablecoin backed by a basket of fiat currencies. The fiat currencies sit in a dumb regulated commercial bank. Libra allows a privileged few the ability to create and redeem Libra at its Net Asset Value (NAV). Libra rides on a blockchain where certain parties operate permissioned nodes. These parties included VC firms, technology companies, retail merchants, cryptocurrency exchanges, and most importantly commercial banks and credit card processors.
Libra may invest into short term government bonds, or into anything the Foundation board allows. The income earned is not passed onto the pleb Libra users, but the node operators and Libra investment token investors. The Foundation is the governing body of the Libra ecosystem. The members are selected based on the industries they represent, and their economic investment into the ecosystem.
Libra does not connect real-world identities to addresses. However, you can bet that converting assets into Libra will encounter KYC. And let’s be clear, any request from a government agency to freeze a transaction will be met with compliance. Therefore, do not use Libra to buy your mood-altering substance(s) of choice.
Impact on Consumers
Many of Facebook’s users reside in places with low financial services penetration. Imagine a world where a Filipina helper can purchase goods sold in Europe with Libra. She most likely does not have great banking services where she works as an overseas foreign worker. Therefore, purchasing goods from foreign countries over the internet is difficult. With Libra, there is no issue.
The merchant in Europe receives payment in a basket of fiat currencies they already deal with. This transaction can happen completely inside of one of Facebook’s social media properties like Instagram or Whatsapp.
Facebook or a new financial services company it creates, can issue loans at the point of sale denominated in Libra. A user can opt-in to allow Facebook to use all its data on the individual to compute a credit score. Using that credit score, Facebook will lend Libra at a rate to purchase goods from merchants selling on the Facebook platform. Voila, the poorest members of our global society can experience the joys of purchasing mass-produced Chinese knick-knacks on credit. Welcome to Pax Americana!
Impact on Commercial Banks
Commercial banks make money lending. They use retail deposits to make these loans. Unfortunately, in this digital age, they no longer have the best information set about these retail depositors. The social media companies do.
Therefore, the Facebook, Google, and Alibaba’s of the world can originate a loan cheaper and offer a lower interest rate than a commercial bank. Libra and the plethora of copycats to come, allow technology companies to use a digital fiat representation in their ecosystems to extend credit and offer all of the most profitable banking products at a much lower cost. These global tech behemoths have billions of free cash flow on their balance sheets to lend.
Commercial banks can become node operators or regulated warehouses for the reserve assets of the stablecoin in question. There is still economic value in both of these verticals, but consumer technology companies will now sell the most profitable financial products themselves.
Any bank should be on notice, Libra and its clones are existential threats to their business models. Many will cheer as banks’ profit centers are eviscerated. But maybe society is trading one devil for another.
Impact on Central Banks
Commercial banks are not needed at their current largesse in a digital economy. With Libra, Facebook is assuming the role of a central bank. The Libra reserve is managed by a third-party foundation. The reserve managers choose the fiat currency weights, and how funds are invested. Sounds a lot like the job scorecard of a central bank governor.
Consumer tech companies can now issue, from their own balance sheet, credit directly to consumers. The only difference with this model is that they, for now, are not able to actually create money like commercial banks. This is the flow:
1. Take retained fiat earnings, and exchange for Libra with an authorised primary dealer. 2. Lend Libra to your customer in exchange for a good or service you offer. 3. Obtain Libra + interest in Libra back from your customer. 4. Sell Libra in exchange for fiat with an authorised primary dealer.
The money supply does not expand. That is the one major divergence from how a central bank issues credit into an economy. Central banks’ lending in most cases increases the aggregate supply of money.
Why trust a few crusty old men and women to manage the monetary health of the global economy. Let’s trust Zuck!
I have no love lost for US Representative Maxine Waters’ idiotic statements and actions on the US House Financial Services Committee. But her and other government officials’ outbursts of concern are not driven by altruistic feelings towards their subjects, but rather a fear of the upending of the financial services industry that lines their pockets and keeps them in office. The speed at which government officials rushed to admonish Libra tells you there is some potential positive value to human society embedded in the project.
Libra and Financial Privacy
It is amusing to see how many people rushed to complain about the potential loss of financial freedom Libra could represent. This fear is misplaced, financial privacy is already non-existent, nor will it ever exist in a digital fiat money system. Whether it be Facebook, The Fed, or The PBOC, centralised electronic fiat money is coming – cash will be outlawed.
The great thing about the launch of Libra is that it forces those concerned about the loss of financial privacy to explore alternatives. Bitcoin and other cryptocurrencies will benefit as curious plebs contemplate how secure financial privacy in this new digital age.
Libra and the conversations it sparked, is the best news for Bitcoin. Two billion people will now embrace and potentially be frightened of a corporate overlord controlling their financial wellbeing. Curiosity is the best food for the Bitcoin bull market.
Through their investments in augmented and virtual reality, it appears that Facebook wishes to create a completely new digital world. Libra could be the financial mana that powers this virtual existence. Let’s hope that while we are vegetating in our haptic pods, our physical shells don’t get Zucked too hard. Please Zuck me gently, and Zuck me long time.
On 27 June 2019, we set a new record for crypto: >$1B open interest on XBTUSD, >$13B traded on XBTUSD, >$16B on all BitMEX products. Yet, Nouriel Roubini still believes that cryptocurrencies are a farce. Watch him face-to-face next week in Taipei’s Asia Blockchain Summit vs our CEO, Arthur Hayes.
Abstract: In a bold move, social networking giant Facebook, has challenged the traditional finance and ETF industry, with its “Libra coin”, or as we call it the “Libra ETF”. We note that there are many unanswered questions about Libra, which may lack transparency, when compared to traditional ETFs. Another key disadvantage of Libra is that unlike with legacy ETFs, investment income is not distributed to unit holders. We conclude that although Libra has significant disadvantages when compared to traditional ETF products, Facebook’s wide consumer reach with platforms such as Whatsapp and Instagram could give Libra a key commercial advantage.
(Facebook vs Blackrock – The battle for the ETFs)
The structure of Libra is analogous to the popular Exchange Traded Fund (ETF) model, where unit holders are entitled to the financial returns of a basket of financial assets. The units are tradable on exchanges and a select group of authorised participants are able to create and redeem units using the underlying assets.
As we pointed out in our February 2019 piece, the ETF industry has enjoyed considerable growth in the last decade or so, in particular in the area of fixed income (See figure 1 below). In June 2019, in a bombshell moment for the ETF industry and challenge for the established players such as Blackrock and Vanguard, social media and internet conglomerate Facebook, entered the game. In a direct challenge to Blackrocks’s “iShares Core U.S. Aggregate Bond ETF” (AGG), Facebook announced plans to launch a new ETF, the “Libra ETF”, also focused on fixed income and government bonds.
Figure 1 – Size of the Top Bond ETFs Targeting US Investors – US$ Billion
(Source: BitMEX Research, Bloomberg)
(Note: The chart represents the sum of the market capitalisations of the following bond ETFs: iShares Core U.S. Aggregate Bond ETF, Vanguard Total Bond Market ETF, iShares iBoxx $ Investment Grade Corporate Bond ETF, Vanguard Short-Term Corporate Bond ETF, Vanguard Short-Term Bond ETF, Vanguard Intermediate-Term Corporate Bond ETF, iShares J.P. Morgan USD Emerging Markets Bond ETF, Vanguard Total International Bond ETF, iShares MBS Bond ETF, iShares iBoxx $ High Yield Corporate Bond ETF, PIMCO Enhanced Short Maturity Strategy Fund, Vanguard Intermediate-Term Bond ETF, iShares Short-Term Corporate Bond ETF, SPDR Barclays High Yield Bond ETF, iShares Short Maturity Bond ETF)
Comparing the new ETF structure with the traditional space
In figure 2 below, we have analysed and compared the new innovative Libra ETF to a traditional ETF, Blackrock’s iShares Core US Aggregate Bond ETF (AGG). Our analysis shows that, although the Libra product is new, much of the relevant information, such as transparency of the holdings and frequency of the publication of the NAV, has not yet been disclosed.
The analysis also highlights that Libra may suffer from unnecessary complexity with respect to portfolio management. The fund appears to be managed by the Libra Association, which consists of many entities in multiple industries across the globe. These same entities are responsible for issuing the ETF and the list of companies is set to expand further. At the same time, the investment mandate is unclear. In contrast Blackrock’s fixed income ETF product has a clear investment mandate, to track the Bloomberg Barclays U.S. Aggregate Bond Index, which is managed independently of the ETF issuer.
Perhaps the most significant disadvantage of the Libra product, is that unit holders do not appear to be entitled to receive the investment income. This contrasts unfavourably with Blackrock’s product, which focuses on an almost identical asset class and has an investment yield of around 2.6%. Defenders of Libra could point out that the expenses need to be covered from somewhere and that the Libra’s expense fee is not yet disclosed. However, the ETF industry is already highly competitive, with Blackrock charging an expense fee of just 0.05%. This expense fee is far lower than the expected investment yield of the product, at around 2.6% and therefore the Libra ETF may not be price competitive, a key potential disadvantage for potential investors.
Figure 2 – Libra ETF vs iShares Core U.S. Aggregate Bond ETF (AGG) – Detailed Comparison
iShares Core U.S. Aggregate Bond ETF (AGG)
The Libra Association/Facebook
Bank deposits and government securities in currencies from stable and reputable central banks
Fixed income – Investment grade government and corporate bonds
Bloomberg Barclays U.S. Aggregate Bond Index
The Libra Association, based in Switzerland will manage the reserve. The investment mandate is not currently disclosed. The current members are as follows:
PayU (Naspers’ fintech arm)
Union Square Ventures
Creative Destruction Lab,
Women’s World Banking
James Mauro and Scott Radell, with a clear constrained mandate to track the index
Use of investment income
Unit holders are not entitled to investment incomeInvestment income will:
first go to support the operating expenses of the association — to fund investments in the growth and development of the ecosystem, grants to nonprofit and multilateral organizations, engineering research, etc. Once that is covered, part of the remaining returns will go to pay dividends to early investors in the Libra Investment Token for their initial contribution
Attributable to ETF unit holders
The Libra Association
will encourage the listing of Libra on multiple regulated electronic exchanges throughout the world
Creation/redemption basket size
Authorized Participants (entities able to create and redeem units)
Authorized resellers, not currently disclosed
Information about holdings and Net Asset value (NAV)
We have also analysed the two alternatives from a technical perspective. As figure 3 below indicates, the key difference is that control of Libra tokens may in part be managed by digital signatures. As long as no whitelist of addresses is implemented, this may provide some advantages:
A limited amount of censorship resistance
Relatively easy integration with cryptocurrency exchanges
However, as we mentioned in our Tether report in February 2018, history has shown that these characteristics can cause platforms to ultimately face a choice between implementing KYC or face being shut down by the authorities. Facebook has already censored politically controversial figures on its main platform, therefore it may appear likely the extent to which Libra ETF units are managed by public private key cryptography is significantly constrained or eventually becomes phased out.
Figure 3 – Technical and cryptographic considerations
iShares Core U.S. Aggregate Bond ETF (AGG)
Not applicable (An ETF does not require a consensus system)
Not relevant (Grouping records of ETF transactions into a chain of blocks linked together by hashing, is inconsequential for ETFs)
Control of units based on digital signature
The Libra Blockchain is pseudonymous and allows users to hold one or more addresses that are not linked to their real-world identity
Despite the key disadvantage, namely that Libra unit holders are not entitled to the investment income, many industry analysts are carefully examining the impact Libra could have on the traditional ETF industry and existing electronic payment systems.
While our comparison to ETFs is a bit tongue and cheek, it does highlight that the structure of the product has similar attributes to existing financial products. We therefore think it is an appropriate comparison, and if Libra wants to be competitive, it should emulate some of the governance and fee characteristics of traditional ETFs.
However, Libra could attract clients due to integration with platforms such as Facebook, Whatsapp and Instagram. If Libra does retain the property of allowing coins to be controlled by private keys, this is an interesting development and the coin is likely to gain share from tokens such as Tether. However, in our view, in the long run, it is likely Libra either disables this feature or makes it technically difficult, such that only a tiny minority of users have these “non-custodial” wallets. If that happens, Libra is nothing more than a high fee ETF.
During this period we continued to process order instructions and the trading engine was unaffected.
Due to this issue, data in a subset of data mirrors which service user REST API requests was left in an incomplete state. A side-effect of this was that some users observed stale open orders on the BitMEX website for orders which were already cancelled for a period of 90 minutes whilst data was being restored. Any API users that may be missing updates for this period can now backfill data via the REST API.
If you are experiencing order cancellation issues via the website, please refresh your web browser. We apologise for any inconvenience this interruption may have caused. If you have any further questions please contact Support via our contact form: https://www.bitmex.com/app/support/contact.
At 21:09:00 UTC 25 June, we released an update to our API layer that inadvertently started to count WebSocket subscriptions to certain tables against the request rate limit that had otherwise been exempt. This update may have impacted customers who heavily utilise the WebSocket API. Once the issue was identified at 00:19 UTC 26 June, we immediately rolled back the update to bring systems back to normal.
We apologise for any inconvenience this may have caused. To read more about which subscriptions are exempt from the request rate limiter, see our previous blog post for details.
Between 09:25:54 UTC and 09:44:30 UTC 24 June 2019 the orderBookL2, orderBookL2_25, orderBook10, and quote realtime websocket feeds for ETHUSD were in a degraded state. During this period, the state of the ETHUSD orderbook on these feeds was incorrect.
We were able to identify and resolve the root cause of the issue within a minute of detection. The issue was caused by a rare sequence of order events that triggered a bug in an optimisation of the orderBookL2 calculation which had been deployed to the production environment several hours earlier. This change has since been reverted.
There was no impact to orders in the trading engine itself – just the presentation of the calculated orderbook for ETHUSD downstream of the trading engine.
We have deployed additional automated feed validators to detect potential similar issues in the future and to alert us earlier.
Summary: We have observed an increased number of unauthorised attempts to access customer accounts. We would like to remind all customers and users to please protect your BitMEX and personal accounts by: using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all your accounts; and using a password manager.
Security has always been the number one priority at BitMEX. This is why we were the first platform to adopt a manual multi-signature cold wallet setup to protect customer funds. We are consistently reviewing our security protocols and improving our standards. We remain committed to continual improvement of our platform security and the security of our customers.
In 2016, following a large botnet credential reuse attack, we published a blog post highlighting the importance of using unique passwords on BitMEX. In addition, we recommended enabling 2FA. 2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.
This message was as true and relevant then as it is now: to protect your account, you should always use strong unique passwords, in combination with a multi-factor authentication solution and password manager.
More recently, we have witnessed an increased number of attempts to compromise or obtain unauthorised access to customer accounts. Enabling 2FA on your account is the best and easiest way to protect yourself from these attacks.
Furthermore, we have observed a continued increase in the sophistication and tactics utilised by financially motivated criminals. One example of this: rather than the attacker immediately executing a withdrawal request, we have observed attackers trading funds out of accounts by deliberately making losses against another account which they also control. We have proactively identified a number of these attacks, and continue to eliminate this activity as it is detected.
Another recurring tactic observed in account takeovers is the disabling of BitMEX email login notifications following unauthorised account access. An attacker may also attempt to enable 2FA on a compromised customer account in order to create an API key with withdrawal permissions. A common thread in almost all cases is that customers may not have seen a withdrawal notification or other account related email notification; for example, a login notification.
While we review practices such as enforcing 2FA and other login access features, we have made the following changes:
Customers can no longer disable login notification emails. The login notification emails will now be sent regardless of existing notification preferences.
Withdrawal requests issued via the API must always complete an email verification step to confirm a withdrawal, unless the API key used was created before 8:00PM June 10, 2019 (UTC).
These changes are a step toward increasing account security for our customers, however it is important to realise that this is not the full solution. Enabling 2FA remains our strongest recommendation.
In addition to the above, BitMEX has reviewed each and every account takeover experienced by our customers and we have identified several common factors among compromised accounts:
Password reuse, or use of trivially guessed passwords on the BitMEX platform and on customer personal email accounts.
Compromised personal email accounts leading to account theft via password recovery flows.
Malware on customer computers leading to secure password theft and subsequent login to the bitmex.com platform.
In order to combat these attacks, adopting a vigilant, disciplined approach to security is key. In all of the above scenarios, utilising 2FA greatly decreases the risk of account compromise. This is further highlighted by recent research by Google that has shown that 100% of attacks can be blocked if a security key has been used for 2FA.
While we consider mandatory enforcement of 2FA across our customer base, we will again stress the importance of adopting good security practices as outlined below.
Note that these steps should be taken not only on your BitMEX account but on personal accounts where you store any confidential information:
A strong password consists of at least ten characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.). Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase.
Do NOT use the same passwords for your social media accounts such as Facebook, Spotify or Instagram accounts as you would for your BitMEX trading accounts or bank accounts. Use strong, unique and different passwords for each and every account!
Assess your existing risk
Check to see if your password has been leaked in a third-party breach via services like HIBP.
Check your trading accounts on a regular basis to ensure that you know what the balances are or should be.
Regular reconciliation of your accounts would be a useful way for you to ensure all transactions in your accounts are with your authorisation.
Add firstname.lastname@example.org to your contacts list and ensure our emails are not landing in your SPAM folder
Ensure that you are not filtering official communications from bitmex.com. These communications include login and withdrawal notifications.
BitMEX support will NEVER ask for your account password
At BitMEX, we take security very seriously. Whilst we continue to evolve our security capabilities both externally and internally, security is ultimately everyone’s responsibility. If you have digital funds on your online accounts, it is critical that you take steps to ensure your account safety/security as above.
If you observe any unusual activity on your account, please contact our Support team immediately via our contact page.
The scheduled system update has successfully concluded. The BitMEX platform is now back to full functionality. The update was performed from 01:00 UTC to 02:58 UTC today, 04 June 2019. No trading activity was affected.
Please be advised that we will be performing a scheduled system update to our database service starting 01:00 UTC 04 June 2019 and it is expected to last 3 – 5 hours. Trading, logins, and other key API features will remain operational, however please note that the following features will be disabled during the update period:
New account signup
Mute accounts on the Trollbox
Create API Key
Disable API Key
Enable API Key
Delete API Key
Once we have completed the system update we will make a further announcement.
We apologise for any inconvenience this may cause. Feel free to contact our Support with any concerns you may have about the scheduled update. You may reach us via our contact form: https://www.bitmex.com/app/support/contact.