Cryptocurrencies: A Bubble Economy with The Art of the Steal

Paper notes and metal coins are annoying and inconvenient, and we have the Internet now and digital cash is obviously a useful idea. The solution the developed world has mostly come to is just using our banks – you have an account, and you can move money to other people’s accounts, via debit card, credit card, PayPal or whatever. The central authority means it's sensibly regulated, errors and thefts can be reversed and so on. It’s also a smooth transition from paper money – the same thing, but you can do new things with it.

The alternative to this state of affairs is cyptocurrencies. "A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution" (Satoshi Nakamoto, Bitcoin: A Peer-to-Peer Electronic Cash System, 2008). Despite the good intentions of the creators of cryptocurrencies, the field is replete with scams and scammers. The technology is used as an excuse to make outlandish near-magical claims. It has turned out in practice to be a magnet for enthusiastic amateurs with stars in their eyes and con artists to prey upon them, with outcomes both hilarious and horrifying.

Bitcoin In Practise

In practice, bitcoins are a bit like money in a bank account with a debit card, except without any sort of safety net. It's unregulated, uninsured, there’s no way to reverse a transaction, and there's no customer service. To "have" a bitcoin means a bitcoin address (like a bank account number) and the key to that address (another number, which works like the PIN to the first number). To send bitcoins from your address to another address, you generate a transaction that is sent out into the network and added to the next block of transactions. Once it's in a block, that transaction is publicly visible on the blockchain forever. If you lose the key, your bitcoins are lost forever. If someone else gets the key, they can take your bitcoins. If you send bitcoins to a nonexistent address, they're lost forever. If you send bitcoins to the wrong address, you can't reverse it.

Bitcoin transactions are grouped into blocks. Each block has a cryptographic hash. The hash will be completely different if there's even the slightest change in the data. Each block is also hashed with the chain of previous blocks, so the entire chain of blocks is tamper-evident. This is called a Merkle tree, invented in 1979 and widely used since. The Bitcoin blockchain contains every confirmed transaction back to January 2009. In June 2017 it passed 120 gigabytes and is growing at 4GB a month.

To write to the ledger one engages in an environmentally-destructive and competitive waste of computer resources, "bitcoin mining". Since it's all but impossible to pick what data will have a particular hash, guessing what value will give a valid block takes many calculations – as of June 2017 the Bitcoin network was running 5,500,000,000,000,000,000 (5.5×1018, or 5.5 quintillion) hashes per second, or 3.3×1021 (3.3 sextillion) per ten minutes. The 3.3 sextillion calculations are thrown away, because the only point of all this technical rigmarole is to show that you can waste electricity faster than everyone else. Obviously, the competition gets viciously Darwinian very quickly; bitcoin mining is increasingly uneconomical and the point has been reached where it costs more than the value of 1 BTC to produce 1 BTC.

Ideology and Reality

Bitcoin is primarily ideologically driven. The roots of the Bitcoin ideology go back through libertarianism, anarcho-capitalism and Austrian economics to the “end the Fed” and “establishment elites” conspiracy theories of the John Birch Society and Eustace Mullins, with cryptographic money was first mooted by David Chaum in his papers “Blind Signatures for Untraceable Payments" (1982), and "Security without Identification: Transaction Systems to Make Big Brother Obsolete" (1985). Pure commodities – such as gold and silver – haven't done the job of money well for a few hundred years, and Bitcoin wants to be money but was set up to work like a commodity. Nakamoto put a strict limit on the supply of bitcoins: there will only ever be 21 million BTC. So advocates claim Bitcoin is thus, somehow, sufficiently similar to gold to serve as a "store of value" in the desired manner. Bitcoin ideology bought into the entire Federal Reserve conspiracy package. The Fed is a plot to use inflation to steal value from the people and hand it to a shadowy cabal of elites who also control the government; the worldwide economy is in danger of collapse at any moment due to central banking and fractional reserve banking; gold – sorry, Bitcoin – has intrinsic value that will protect you from this collapse.

In reality, the price of Bitcoin is ridiculously volatile and has had multiple bubbles; the unregulated exchanges (with no central bank backing) front-run their customers, paint the tape to manipulate the price, and are hacked or just steal their users' funds; and transaction fees and the unreliability of transactions make micropayments completely unfeasible. Bitcoiners hold that immunity to central control is so overwhelmingly important that it’s completely worth all that electricity wasted on mining, whereas in reality mining naturally recentralises due to economies of scale, so a few large mining pools now control transaction processing. Bitcoin is widely touted as anonymous. But with with every confirmed transaction logged in the blockchain forever, it’s pseudonymous at best, as the case of Ross Ulbricht and the Silk Road showed, law enforcement will happily do the tedious legwork of tracing your transactions if you motivate them sufficiently. Incredibly, Bitcoin advocates argue that having irreversible transactions is an advantage of the system. In reality, consumers, businesses, and banks overwhelmingly expect errors or thefts to be reversible. Finally, Bitcoin is slow, rather the promise of instant transfers. At 1 megabyte per block, the blockchain can only do a maximum of 7 transactions per second, worldwide total. Typical throughput in early 2017 was 2 to 4 TPS.

Bubbles and Virtual Robbery

Asset bubbles follow a standard progression. First, there is a "Stealth phase", when the price of an asset is going up, followed by an "Awareness phase", where some investors become confident, enthused by the rise. As the bubble inflates, there is a "Mania phase", when it enters into widespread public discourse and many see the successes of the first investors and buy because others are buying, with the implicit assumption that there will always be Greater Fools to sell it on to. Finally, there is the "Blowoff phase", where it turns out that old rules turn out to still apply, as the bubble runs out of Greater Fools and prices collapse. Bitcoin is a completely standard model of economic bubbles and the thinking behind them, just like the Tulip Mania of 1637 and the South Sea Bubble of 1720.

As a financial instrument born without regulation, Bitcoin quickly turned into an iterative exploration of precisely why each financial regulation exists. Scammers too follow the bubble, starting with well-crafted cleverness as the bubble inflates, to widespread activities at the peak, followed by some desperate measures after the bubble bursts. Scams common to the cryptocurrency world include:

• Ponzi schemes: in which early investors are paid using money from later ones.
• High-yield investment programmes: You might think it obvious that no investment scheme could pay 6% interest per week sustainably, particularly when it claims a “secret” investment strategy
• Coin doublers: send it a small amount of bitcoins and you’ll get double back! Send a larger amount straight after and … you won’t.
• Mining software: People keep claiming you can still effectively mine on your PC. The software frequently includes malware.
• Mining hardware: There are real sellers of mining hardware. The scam is to run it for months “testing” it; customers pay for hardware, you use their money to build it and you mine with it for the few months it’s viable before you send it to them. Butterfly Labs was the most notorious culprit
• Cloud mining: you invest in remote mining hardware.
• Scam wallets: sites offering greater transaction anonymity, but which just take everyone's bitcoins after a while.
• "Provably Fair" gambling: "Provably fair" gambling sites generate their random numbers in advance then send you a cryptographic hash of the sequence of numbers, so you don't know the numbers ahead of time but you can verify the hash afterwards.
• Scam versions of normal services: exchanges, bitcoin mixers, shopping deal sites and so on. You have no idea who these people are, and every now and then they’ll just take your bitcoins or link you to phishing or other scam sites, possibly including the gift of malware.

Some particularly famous examples include Bitcoin Savings & Trust, opened in late 2011 by Trendon Shavers, a.k.a. Bitcointalk forum user Pirateat40, which offered interest of 7% weekly – or about 3300% annually – on investments over 25,000 BTC. Within a year basic arithmetic reasserted itself. Pirateat40 announced the closure of Bitcoin Savings & Trust. He said he had 500,000 BTC (about $5.6 million) in the fund as of its closure and that he would be returning it to investors. Apart from some refunds to friends and long-time investors, this of course didn’t happen. Burnt investors tracked him down. They found his name, they found where he lived, they even found his business that had closed at the same time. They initially had some trouble convincing the authorities not only that this was really money, but that they had given it to some guy on an Internet forum called "Pirate" on the strength of him saying "sure, I’ll double your bitcoins, no worries."

"Be your own bank" is actually very hard – particularly with "no chargebacks", meaning that in the event of a theft or even a mistake you’re completely out of luck – so almost everyone who uses cryptocurrencies keeps their coins on an exchange. Exchanges also let you trade between different cryptocurrencies, crypto assets and conventional currencies, and some even offer short-selling and other margin trading, which are enormously popular. In real securities trading, you can presume the exchanges themselves are not going to mess you around, and indeed that they’re basically competent. You can’t assume either with crypto exchanges. As of March 2015, a full third of all Bitcoin exchanges up to then had been hacked, and nearly half had closed.80 Since the exchanges are largely uninsured, unregulated and not required to keep reserves, depositors’ money goes up in smoke. Some examples include Bitomat, which was once the third-largest exchange but kept the whole site on Amazon's ephemeral storage. Guess what happened? Bitcoinica collapsed in May 2012 with no database backups and an environment where everyone had root access; the exchange’s remaining funds were lost in further hacks, after the administrators turned out to be using their (leaked) Mt. Gox password as their LastPass password. AllCrypt ran their exchange off a MySQL database and were running WordPress on the same database, and their WordPress got hacked such as to allow access to the exchange data. These are just some major incidents; there are many other examples.

Mt Gox and Silk Road

One major failed exchange was Mt. Gox, based in Japan, and originally a "Magic the Gathering Online Exchange". The site was announced in in July 2007, and was an immediate hit, because people could buy and sell bitcoins via PayPal, using the owner's account. Whilst popular it was a completely completely amateur operation; a lawyer hadn't even be sourced to discuss regulatory implications for over two years, evebn though it was taking and holding people's actual money, uninsured, unregistered and unregulated. In 2011 it was sold to a French web developer, but it was missing some 80,000 bitcoins. Whilst these were worth $62,400, it was at the beginning of a bubble, and within months the nominal value had been inflated to $800,000. Then the site was hacked, with hundreds of thousands of bitcoins shuffled inside the exchange, and over sixty thousand Mt. Gox usernames, email addresses, and password hashes (often unsalted) leaked. The owner went into a panic, taking much of the exchange’s Bitcoin store and putting it into offline cold wallets; the keys were printed on paper and stored in safety deposit boxes. Eventually the U.S. government seized several million from Mt. Gox on the basis that Mt. Gox was transmitting money while having claimed not to be in the money transmission business.

Several months later however the hammer really fell. Mt. Gox was declared insolvent after losing track of 744,408 bitcoins – about $350 million at the time. These lost bitcoins were mostly due to transaction malleability. Bitcoin transaction IDs are not fixed – you can sometimes intercept an unprocessed transaction, modify the transaction ID and send it on, meaning it’s added to the blockchain with a different transaction ID to the one it was sent with. This This transaction malleability can lead to someone thinking a transaction they knew they sent didn't go through when it did, and sending the amount again.

Anonymous or pseudonymous cryptocurrency has one obvious application: paying for things you'd rather not be caught buying or selling. The actual use case was buying drugs on the Silk Road, the first notable darknet market, which started in January 2011 by Texan Libertarian, Ross Ulbricht. The site was a sort of eBay for illicit goods, with Ulbricht taking a percentage on others' transactions. As well as almost any drug, you could buy steroids, forged government identification etc. One thing you couldn't buy was child pornography – even crooks have standards, and Ulbricht forbade child pornography as not being victimless. It was also the only functioning marketplace using bitcoins.

Around the end of 2012, Ulbricht contracted the murder of a Silk Road administrator who had been arrested, and who he believed had stolen bitcoins from him, fearing he would talk to the police and endanger the Silk Road project. When he received photos of the murdered man, he wired payment for the hit. He would order five more hits over the next few months, the last of which included killing the target's three roommates as well. In reality, most were faked by law enforcement agents who were out to catch "Roberts" and one by a scammer who successfully bilked Ulbricht of $500,000. When caught by a relatively simple operation, Ulbricht's laptop contained a near-complete collection of evidence on the Silk Road, including "log.txt", Ulbricht’s daily diary of his Silk Road activities: building the site, dealing with business issues, ordering hits on people. Prosecuters used mostly digital evidence in this trial, but digital material can be created out of nothing which is suspect. If only the prosecutors had had to hand some sort of cryptographically robust ledger of all transactions, widely distributed, with thousands of verifiable copies available.

Silk Road imitators sprang up soon after it started, and many more after it went down. Atlantis ran from March to September 2013. Project Black Flag closed when the Silk Road was busted, stealing all its users' bitcoins. Sheep Marketplace ran from March to December 2013, closing when a vendor apparently stole $100 million in users' bitcoins, though it may have been an exit scam. Silk Road 2.0 started in November 2013, lost bitcoins to the transaction malleability bug, was crippled by arrests, and the operator was finally arrested in November 2014. One undercover federal agent from The Silk Road had been invited to the administrator group of Silk Road 2.0 on its very first day of operation.

Contemporary Uses

The only use case for which Bitcoin even rivals conventional financial systems is illicit goods and services – mostly drugs – and computer ransoms. All use cases, licit and illicit, are severely hampered by the perennial transaction backlog. The Bitcoin block size is 1 megabyte per 10 minutes, which allows a theoretical maximum of 7 transactions per second. Transactions were cheap and fast for many years, but by mid-2015, the blocks were often full. Transactions are routinely delayed hours or days, so many just get lost. Only 57% of transactions are confirmed in the first hour; 20% never get confirmed at all, and are eventually dropped. By 2016 approximately 95% of on-chain transactions are day traders on Chinese exchanges.

As for ransomware, Citrix ran a promotional survey in 2016 and again in 2017 suggesting that some UK companies were keeping Bitcoins on hand just in case it happened to them – though paying ransoms is not recommended, as victims often don’t get their files back even then, and paying up marks you as a future target. Telstra's "2017 Cyber Security Report" said that a third of surveyed Australian organisations who paid the ransom didn't get their files back. IT professionals recommend keeping Windows fully updated for security, and keeping reliable daily backups, so that if you're hit you can just wipe the PC and restore your data. When the NHS was hit by WannaCry, no patient data was stored on the affected machines and they did not pay the ransom – they just spent the next day reimaging thousands of PCs afresh.

For ordinary people to regard Bitcoin as money, shops other than darknet drug markets have to accept it. Advocates are very keen on merchant adoption, because it spreads Bitcoin's name in the wider world and makes it look useful. Unfortunately, few merchants adopt Bitcoin and most of those that do end up dropping it due to lack of use. Perhaps one exception is overstock.com, which started accepting Bitcoin in early 2014. It took in $1 million in the first month, and another $2 million over the rest of 2014 - however this represented 0.2% of its total sales of $1.5 billion. Individual Pubs, a small UK pub chain, is probably the most successful Bitcoin merchant adoption, as uniquely to the UK, it was (past-tense, since chip-and-PIN) actually easier to process bitcoins than cards, as long as zero-confirmation transactions were accepted (i.e., accept the transaction before it's been confirmed).

A notable failure in recent years was Taiwan-based Bitfinex, a popular Bitcoin exchange. Originally based on a leaked copy of the codebase from defunct exchange Bitcoinica, which was founded by sixteen-year-old Bitcointalk user "Zhoutong" and shut down after being hacked in 2012. The software was, to say the least, messy. Bitfinex claimed to have re-written their system with a Bitfinex representative stating that "a grand total of 0 lines from Bitcoinica’s code exist on Bitfinex"; except with the strange fact that existing bugs were still present. In August 2016 nearly 120,000 BTC (then around US$68 million) was stolen from Bitfinex customer accounts, due to vulnerability in the API which allowed global limits to be changed without explicit out-of-band confirmation. To pay for the loss, Bitfinex "socialised their losses", by reducing all customer desposits by 36% and continued trading.

The most significant increase in Bitcoin's prices occured in 2017, where it started the year at $998USD and reached $19,783 by December 17. At this height, China banned trading in Bitcoinm starting in September 2017 and with a complete ban by February 2018. The percentage of bitcoin trading in the Chinese renminbi fell from over 90% in September 2017 to less than 1% in June 2018. The years was also a period of hacks, including Coincheck in January 2018, Coinrail and Bithumb in June, and Bancor in July. In the first six months of 2018, $761 million was stolen from exchanges. In the course of 2018, Bitcoin's price dropped 81% from its heighest point.

Pearls before Swine

This article has concentrated on Bitcoin as the major player in the cryptocurrency field. There are numerous other minor blockchains, with different hashes, block sizes, block times or consensus models. Some have objected to the currency model of wasted computing power for reward or hoarding; Freicoin (which uses demurrage – negative interest – to discourage speculative hoarding, is based on the economic theory of Silvio Gesell), Curecoin and Foldingcoin (whose Proof of Work is protein folding for Folding@Home, a distributed computing project for disease research). But most "altcoins" following the basic proposition of a path to riches via magic Internet money. The usual scheme is that the creators have more of the coin than anyone else, substantially pre-mining the coin before release. They launch it with speculative promises of interesting future features, then sell their coin off (for bitcoins), telling the new bagholders they're actually early adopters.

Often there is a promotion of blockchain without cryptocurrency attached. Transaction ledgers in tamper-evident chains and trees of hashes are a good idea, and businesses are about to discover how to use them for tamper-evident ledgers. These will likely be branded “Blockchain,” whether or not the product has anything else to do with blockchains. Programmers often save their code in Git, which is the closest I can think of to a useful blockchain-like technology; it saves individual code edits as transactions in Merkle trees with tamper-evident hashes, and developers routinely copy entire Git repositories around, identifying them by hash. It's a distributed ledger, but for computer programs rather than money.

However, Bitcoin and most crypotcurrencies, is an ideology fundamentally at odds with reality based on a technology that reached its limits in 2015, will keep lurching from crisis to crisis. Internecine conflicts will remain the order of the day. The price will rise and fall dizzyingly, though realising it as actual money will still be strangely problematic; exchanges will continue to be hacked on a monthly basis. The one constant is: new ideas in finance bring new starry-eyed naïfs, and new predators. New technologies will keep being used as an excuse to put an extra layer of flim-flam over old scams, in an ongoing historical reenactment of the reasons for each and every financial regulation.

Repeat to yourself: if it sounds too good to be true, it almost certainly is.

David Gerard's book, "Attack of the 50 Foot Blockchain" is available on Amazon US and Amazon UK.

The book has been described as "A sober riposte to all the upbeat forecasts about cryptocurrency" in the New York Review of Books and "A very convincing takedown of the whole phenomenon" by BBC News.