Premise: proving that you are solvent using cryptographic means
Answer: let's re-invent accounting.
Look the problem is this, as an "exchange", to be profitable you either need to charge fees, or do some sort of fractional reserve, using deposited value as capital for your Exchange's investments.
If you go for option one, then you will be undercut by someone doing option two. The tradeoff being, number two is more likely to loose all your customer's cash.
The value of something is more often than not irrational. This means that there is subjectivity in the value of assets. You can't technology your way out of that. This means that its perfectly possible to prove that you have liquid assets that will cover your present position. However thats expensive to maintain. So you start buying longer term more illiquid assets (think property, commodities, companies, etc) some of these are liquid in a day, others months.
Worse still the value of them depends on how and when you sell them.
So sure you can have assets that cover all your liabilities one day, then due to a re-valuation, not have enough.
Thats not the same as solvent though.
But, all of this neatly misses the point of crypto. If its a practical payment system, rather than an investment, you wouldn't hold your crypto at an exchange. You hold it your self and move it when you need to convert/liquidate.
Looking for a cryptographic solution to this is certainly missing the point - it presupposes cryptocurrency coins and tokens are assets in the traditional sense, which they are not. At best they are like casino tokens - they have no intrinsic value, no legal entitlement to anything, and their use is entirely at the discretion of the issuing casino. That works fine for casinos because everything operates within the casino. The problem is that cryptocurrency wants to go outside the cryptocurrency sphere and into the real world, which is something that it is simply not designed to do. As we have seen, this leads to endless exploits, e.g. VCs and exchanges printing up billions of dollars worth of tokens, claiming they are actual assets (imagine a real casino printing chips with a total face value of $1.6 billion and claiming they had $1.6 billion in assets), convincing retail "investors" to exchange real money for those "assets", and then using that real money to gamble in different casinos.
It's solving a simple and well-defined problem: making sure that whatever tokens you put in the exchange, you can get back out. You may think this is beside the point, but it's exactly what FTX miserably failed to do.
One that seemingly failed to be properly regulated despite doing business in the USA, and where supposedly sophisticated investors seemingly failed to do due diligence.
"Crypto" is being blamed a lot for FTX, but it's starts to feel more like it's a scapegoat at this point.
(And/or an excuse for everyone to just look away from how the sausage is being made while the numbers were going up : see also : the complicated math behind the subprime morgages in the 2008 crisis.)
Surely if those US regulators and those huge investor companies felt incompetent about "crypto", they could just have hired specialists ??
(And it's starting to look that not even this was needed, simply sending your average accountant might have uncovered FTX' lack of... accountability ?!)
Yes, casinos are pretty well regulated in most countries, which is why I wrote "At best they [cryptocurrency coins and tokens] are like casino tokens". Although casinos don't have a spotless record, e.g. US$63 million from the 2016 Bangladesh Bank cyber heist is suspected to have been laundered via casinos in Manilla.
Intrinsic is not the right word to use but the overall point that was made is correct. A $1 U.S. bill has “intrinsic” value that comes from the backing of the United States government and an accompanying set of laws regarding usage.
It's not reinventing accounting. It's making sure that the accounting you do is public because that allows for trust.
I think it would be cool if we, as a society, had easy API access to everything our governments spend their money on. Wouldn't you say that would be for the greater good?
Making something public doesn't solve the problem. Deceiving the public is easy and the public is duped frequently. Making accounting public doesn't solve the problem at all.
It's not making accounting public. It's making accounting public in a way that you can't dupe the public. There's a question if that's possible, but you're arguing against a straw man here. I'm skeptical that they'll come up with something that convinces everyone that their new version of public accounting can be trusted, but maybe there's something novel they can come up with that will convince the skeptics.
The issue here is that making money by holding onto assets you can’t fundamentally make money by holding is hard.
There is a huge incentive to do things that people don’t actually want you doing, so someone can actually make money.
Accounting is just a word for tracking money.
It can be opaque, or obvious, detailed, or vague. And it can also be fake.
Knowing which is which, and if it is appropriate or not, is almost always specific to the circumstances and the goals of whoever is doing it, and that’s pretty fundamental.
GAAP is a generally acceptable list of practices for public entities, but there are still a ton of judgement calls going on there, and have to be, for what is a pretty ‘standard’ way to operate pretty standard businesses.
There is no automated way to do it that won’t allow manipulation.
Attempts at automating it are more likely to provide something like bank account statements, than a balance sheet. Which is something, but it’s not enough. That’s what is generally referred to as book keeping (aka transactions are recorded, but not necessarily characterized or organized correctly), but may even fall short of that.
“The issue here is that making money by holding onto assets you can’t fundamentally make money by holding is hard.”
They can make plenty of money through volume (fees), while holding the crypto 1:1. Sounds relatively easy to me.
That’s the baffling thing about FTX/Alameda. FTX on its own could be a nice profitable business, yet it seems they got greedy by lending customer funds to the hedge fund-y sister company.
> FTX on its own could be a nice profitable business
Not really. Their tech stack was too slow so other Market Makers weren't willing to come over (the price can change and leave them fulfilling sales at bad prices too frequently). So they had Alameda be their market maker and they were constantly burning money doing that. Maybe they believed there would be enough liquidity if they scaled more and it was an investment in their future (a very charitable view) and it was fine to borrow funds in the short term and then that got away from them. But from what we've heard of their tech stack, they weren't ever going to be viable because they couldn't support what HFT would need.
Not as easily (short term) as they can by walking away with billions in the raw money though.
And fees get competitive, it’s inevitably a race to the bottom, where firms need to spend a lot of money competing on things like long term reputation.
Meanwhile if they screw up in their security, they’re also liable for huge multiples of those fees in losses.
And if someone pops up that charges less fees, and seems ok enough, a lot of the money moves there quickly, until there is a scandal anyway.
It requires a mature organization who has strong controls and bulletproof working processes to avoid losing multiple years in fees by accident too.
Not saying you’re wrong - it’s where things inevitably end up when it’s heavily regulated and watched so all the other alternatives are hard (and result in major prison time). Usually.
But it should be noted that brick and mortar banks gave up on that model a very long time ago, favoring explicitly loaning out customer funds (fractional reserve banking) because it’s more sustainable for them.
You can only do that if you are holding exclusivly onto one asset. The relative values of different tokens change over time. So if you want 1:1, you need to have a robust mechanism for doing that.
But you won't want to because that'll burn through transaction fees for no real gain.
> FTX on its own could be a nice profitable business
That requires fees, and given the number of exchanges that do it for free, so long as you keep your wallet with them, its not going to make you money.
Sure you can do market making, or arbitrage, but that's still risky and you don't make that much money doing it. <0.1% on each transaction.
Fwiw, you can make money holding ETH, by staking it. Coinbase and Kraken both do that. They take a percentage of the return customers get by agreeing to lock and stake their coins on the exchange.
(Before that was available though, both lived entirely on fees, unless they've been committing massive fraud.)
Since Sept 15th 2022 yes. We’ll see how it goes longer term, and what the fees and economics look like when things settle out.
We don’t know what Coinbase and Kraken are doing internally.
Coinbase does seem to be mostly off fees (which are sky high), and does seem not sketchy. It doesn’t appear overly easy for them even then (hence the ‘it’s hard’) despite folks being itching to put money in on the way up to the point they’ll mostly ignore high fees.
They’re definitely playing the long game, compared to the others that have looted billions elsewhere.
As the main on/off ramp in the US, they have a pretty nice position from it too.
Actually since Dec. 1 2020. That's when the production beacon chain went live with real ETH, even though the proof-of-work chain was still running in parallel. Coinbase and Kraken started offering it sometime in early 2021.
When it isn’t the primary or only way of doing it, it isn’t a model for if it will work economically. Which is why I picked that date.
That it was possible to do it differently earlier, and some folks did start transitioning, doesn’t change the fact that we don’t have much track record with it yet as ‘the way it is done’.
It usually takes decades for these things to stabilize into anything predictable.
Not sure what you mean exactly, but the live beacon chain was the only way to stake ETH since it was launched in 2020. By the time of the merge, over 10% of all ETH had been staked on it. Total stake now is just a little higher than it was just before the merge.
The intent is not for most ETH to be staked. 12-13% is fine, and they don't expect it to go beyond 30% or so. We just need enough staked so the network is secure.
Staked ETH isn't available to be used for any other purpose, like paying transaction fees, depositing in defi protocols, using as currency, etc.
Anyway, this is getting a bit far afield of my point, which is just that for ETH, exchanges can earn money on deposits, without loaning them out to risky side ventures.
You mean whether it's a viable model for the exchange? I have no idea, never looked at their numbers. But Coinbase is public, so now I'm curious whether they break out their revenue sources.
That baked-in inflation rate is only about half a percent annually, less than a third of Bitcoin's current rate of 1.7%. But Ethereum's issuance is offset by the fee burn. Since the merge, the total ETH supply has actually decreased by 4000 ETH. You can track it here: https://ultrasound.money/
I don't see the reliance on large exchanges. There are plenty of solo stakers and the protocol gives them the same rate of return as large exchanges. That's an improvement over the economies of scale that large miners typically achieve. People without 32 ETH can use a decentralized staking pool, just like most solo miners use pools.
Total stake is under 15% of ETH so it's not a huge hit to liquidity. The real bottleneck for p2p value exchange is transaction rates, and on that front Ethereum is coming along quite well. If it were only doing ETH payments, it would be capable of 700 tx/sec today on chain. It actually does fewer since many of its transactions are more complex, but rollups multiply that significantly, and upcoming scaling improvements should get them to 100K tx/sec within the next several years, while still maintaining full trustlessness.
If you want to make accounting public, go dig giant limestone disks out of that island with cannibals on it, then bring them back and put them on the beach so everyone can see them: https://en.wikipedia.org/wiki/Rai_stones
Which probably won't convince those of us who are skeptics that it's possible. It needs to be technically possible, but easy enough to verify for the average user that someone can't just claim they're doing it the right way but doing something fraudulent instead. There's good reason to be skeptical here. But arguing that all they're trying to do is make public accounting isn't the right counter argument here.
You're right that making it public alone doesn't solve the problem since it is easy to "cook the books".
But if it's public and the results are the side effect of each transaction (e.g. the accounting is rules-driven and automatic as part of the system itself), I think it can change the game.
Budgets and financial statements for US federal and municipal governments already have to be public. If you're talking about the bill of materials and receipts for every individual transaction, there are some pretty serious obstacles to that. At minimum:
- The government directly provides medical service via the VA and DoD and disclosing every transaction risks HIPAA violations.
- It may not now be illegal, but I think there would be some privacy concerns about things like revealing every person's student loan payments.
- Counseling and employee assistance type stuff for government employees can't be made public for the same reasons.
- Criminal fines for anyone whose record is later expunged present a hurdle.
- Payments to confidential informants in criminal investigations obviously need to stay confidential or you're going to get them murdered.
- Witness protection payments same thing.
- At least some transactions are classified.
- Contract details are kept hidden from other contractors right now to avoid undercutting and collusion.
All in all, as long as you're forced into some system where maybe some, even most, transactions can be made on a public ledger, but others have to be kept private, you'll never prevent fraud and/or suspicions of fraud in the form of transactions being kept illegally private. At some point, you have to trust the auditors and Congressional oversight committees.
> I think it would be cool if we, as a society, had easy API access to everything our governments spend their money on. Wouldn't you say that would be for the greater good?
We can't do that, because then people would realize it's all a house of cards. In an unrelated note, when was the last time US gold reserves were audited?
Yeah, it more or less doesn't matter. The US isn't in danger of having to liquidate assets, and if it was you'd have a lot worse problems on your hands than how many gold bars are in Ft. Knox. Why do you think it matters?
That's a very general argument for a very specific request. Transparency is good, but nobody is coming on to HN asking citing transparency and asking for audited figures for the value of US-owned dump trucks, or how much wood pulp we could produce in Grand Tetons National Park, or how much money we could make grinding up the highway system for scrap metal. So why gold specifically?
> Why would anyone care how much gold the US government has?
was not intended to dismiss interest in any particular asset, but to ask why there isn’t an equal amount of interest in assets other than gold.
I can’t speak for the other commenters who raised the issue, but it’s presumably because the asset is far more valuable than the ones you’ve mentioned, and far easier to convert to other assets.
It’s also been used as medium of exchange or reserve currency for much of human history, so expecting people to dismiss it out of hand based on prevailing theories espoused by modern monetary institutions wouldn’t be reasonable.
Note, there could be option 3 whereas its fractional but a gov-owned central bank entity.
Where pure crypto exchanges get into problems with fractional reserves is loaning out, etc. via their own invented tokens. Why? Because then they are setting up themselves as Central Bank with their own Reserve without the power of printing money and other gov things to counter Bank runs.
FTX could have done less than stellar legal trading of FTT in bull market and would have still blown up as evidenced by some of the firms it acquired.
We are still at the original economic problem when a crypto exchange sets it self up as Federal Reserve
Yeah exactly, fractional reserve does not work without a well developed inter banking network provided by a central bank. That just means that fractional reserve banking is inherently instable and requires periodic bailouts.
It did? The whole collapse was kicked off by someone looking at the books and raising an alarm.
If you’re instead asking why financial audits paid for by FTX didn’t publicize the company’s solvency issues, well, we’ll all find out during the upcoming bankruptcy proceedings.
> Because no one wanted to look at it. Softbank, Sequoia and many others that would have had access didn't do their job.
According to John J. Ray on the 17th of November in filings to the U.S. Bankruptcy Court [1]:
"The audit firm for the WRS Silo, Armanio LLP, was a firm with which I am professionally familiar. The audit firm for the Dotcom Silo was Prager Metis, a firm with which I am not familiar and whose website indicates that they are the 'first-ever CPA firm to officially open its Metaverse headquarters in the metaverse platform Decentraland'
56. I have substantial concerns as to the information presented in these audited financial statements, especially with respect to the Dotcom Silo. As a practical matter, I do not believe it appropriate for stakeholders or the Court to rely on audited financial statements as a reliable indication of the financial circumstances of these Silos.
57. The Debtors have not yet been able to locate any audited financial statements with respect to the Alameda Silo or the Ventures Silo."
That isn't to say that the behavior of Softbank et al isn't questionable. They probably knew very well that things looked fishy, but also probably knew that they would likely see very handsome returns in the short-term.
In short, they didn't have accounting. Nor where their books audited. FTX is a great example of ehy banks, and every other company, has regular audits of their books. As is Wirecard, but they didn't steal customers money.
Just compare the "balance sheets" SBF prepares to a proper audited one, and the differences are clear as day. One can grab any audoted balance sheet from any publicly traded US company of the SEC website, I'd pick one from a financial insitution.
But given their complex corporate structure that involved a number of offshore entities, it was possible for the CEO to play a shell game. Also audits are merely snapshots in time.
Ah, yeah, those "audits". Done on only a small portion of FTX and by one auditor that the guy who cleaned up Enron doesn't know anything about (forgot which one of those two, but I think Armanino was called out in the Chapter 11 finding as being kind of suspicious; EDIT: the called out one was Prager Metis, see the other sister comment). So, these "audits" are basically worthless, and in a different category like, say, a properly conducted SOX audit.
Seriously, read the Chapter 11 filing from the new CEO. It explains a lot of those topics.
And yes, my answer to all those crypto related shenanigans is proper government oversight. If you act like a bank, you have to be regulated like a bank. If you act as a securities trader, same thing. As an investment bank / fund? Likewise. That you made up the securities and assets you trade in and manage by yourself and literally out of thin air (and some electricity and some GPUs) shouldn't change that.
> And yes, my answer to all those crypto related shenanigans is proper government oversight.
So SBF was making the same argument, argued in front of Congress for it, and was using his customer's billions to lobby for favorable legislation that would carve out expensive, exclusive licensing agreements that only him and a few others would be able to afford.
Even if you pass draconian legislation in the U.S., it does not affect what happens off-shore. FTX's core business was based in the Bahamas.
Whatever SBF has "admitted to" in WhatsApp with his benefactors at the NYT or whomever is PR / damage control, etc. It cannot be relied upon as the guy has shown the behavior of a pathological liar and manipulator.
> Bahamas or not, if you operate in the US, US rules apply for your US business
That's just it, isn't it? FTX.us was in US jurisdiction, but FTX.com was an international organization where the vast majority of FTX's trading activity took place. They wouldn't have had to uphold U.S. laws or regulations at FTX.com, even if onerous measures were to pass.
I don't know if we need to assume corruption here. It's probably more likely they didn't fully understand what they were doing, had a few spreadsheets waved in front of them and didn't really look into any of it particularly closely.
Presumably there would be value for users in knowing that their deposits are covered. Therefore, users who perceive value in this way would be willing to pay a premium.
There's also the possibility of exchange insiders trading against user's on-platform stop losses to profit.
>So sure you can have assets that cover all your liabilities one day, then due to a re-valuation, not have enough.
I understood this as a proposal to verify customers could withdraw their deposited coins. If they have traded into another asset, then they would still be able to withdraw. Not sure what you meant here?
>But, all of this neatly misses the point of crypto. If its a practical payment system, rather than an investment, you wouldn't hold your crypto at an exchange. You hold it yourself and move it when you need to convert/liquidate.
Agree about the speculative nature.
It would still create more trust for traders or frequent users of an exchange. Keeping coins off-exchange eliminates the risk entirely. However if users expect to trade on a CEX, they would still have to expose themselves to that risk for the duration of their trade.
>> Presumably there would be value for users in knowing that their deposits are covered. Therefore, users who perceive value in this way would be willing to pay a premium.
Like banks which have to ensure, where I live up to 100k €, customer deposits?
Private insurance schemes could offer another layer of protection and financialization. Under that scenario, fractional reserves could be used and insurers could be on the hook for mishaps.
The article describes a technical solution for verifiable full reserves.
Generally bank deposits are insured by the government. The central bank pledges to bail out customers for that minimum amount. Can't speak to the specifics of your area, but that is the common practice.
Every problem, issue with crypto-tech seems to be solved with yet another layer of crypto-tech. Every criticism of the tech is deflected by pointing at yet another project that is claimed to fix what is being criticized.
Humans have been solving the problems of existing technology with more technology for quite a while now. This comment is like criticizing database indexes as a mere technical band-aid over the fundamental problem of having too much data.
The problem is that databases solve a real world problem: businesses and people need to store data, and the database is literally the solution for that.
Cryptocurrencies have so far not resulted in a compelling use case. All that we are seeing is a questionable solution looking to solve some as yet undiscovered problem.
The parent comment is a bit flippant, but I agree with the thought. The entire crypto industry is rapidly becoming a bizarre and convoluted rube goldberg machine that is completely impenetrable to anyone but the most ardent zealots. Even more, as an outsider it seems like everyone is in this echo chamber of back patting and "with just this one more buzzword bingo sounding feature, we'll have unlocked the true potential of crypto".
One failure of FTX and BlockFi is that users had no way to ensure that the centralized custodian was not running off with their on-chain deposits by directing them into unsound deposits. Vitalik is suggesting a cryptographic mechanism here that would provide better transparency as to on-chain activity of a CEX.
Day traders want to trade, no matter how much you try to tell them their trades are fictional or "have no use cases."
That's what building out a new ecosystem looks like. Not every single person in the world needs to spend their building CRUD REST APIs and doing GAAP accounting.
Not ever person in the world needs to work on trying to totally reinvent things either. But the idea that something is wrong because it's different than what already exists is ridiculous. It's literally Larry David looking at the wheel in the commercial and saying "seems pointless".
I admit, I did not read that in detail. Can someone explain how the "proof of liabilities" is proving that it contains all liabilites of an exchange? for example the electricity bill that is coming to be paid next week or the off-book loan of x billion cryptocoin from your fellow exchange that you need to pay back also next week?
Awfully lot of trust you seem to need in this fancy world of trustless money of the future.
If you close your eyes and ears, then it is possible to imagine that such filthy thing as offchain liabilities doesn't exist. At least when Kraken posts about their "proof of liabilities" without actual audit of offline liabilities on Reddit r/cc, they readily eat that claim, no one challenges it. And then in every single post about this new trend, they will write that Kraken is somehow solvent due to this. I guess this was the point - if people already believe in something, it doesn't need to be real :) .
I don't think it solves that at all, but, as I understand it, that's not been the problem _so far_. If someone has lent an exchange assets against its users' assets then it's not at all clear that they have the superior claim to those assets if the exchange goes bankrupt can't repay those liabilities.
My understanding is that FTX lent customer deposits to Alameda, who lost them, not that FTX owes money to Alameda. In that scenario, FTX wouldn't have been able to prove they held customer deposits.
Didn’t FTX just hold the customer deposits in a scam token after some financial shenanigans? You would still need auditors to determine what assets on a company’s books were worth their stated value and attest to their liquidity.
Right, but "hold the customer deposits in a scam token" means they no longer hold them in the real tokens, which would be obvious using the method in the linked article.
Wouldn't this effectively reduce the role of the custodian from "bank-ish entity" to "safe deposit box operator"? The custodial entity would need to hold on to the exact assets provided by the customer (the equivalent of your bank holding on to the exact $ bills you originally deposited), which means they couldn't be used for revenue generating activities like investing or lending, which in turn means the custodian could only make money through user fees.
Once the custodian is allowed to do anything that causes the exact tokens a customer deposited to be exchanged for another asset, that opens the door to FTX-style malfeasance.
Yes, and I mean I think that's exactly the point: people aren't expecting their exchanges to be a bank that puts their assets at risk, they're expecting them to be a custodian only, and ding them with fees when they trade, or possibly to actively charge them fees for holding deposits. The only reason actual banks get with putting customer funds at risk is that deposits (up to a certain point) are insured by the government.
If the exchange wants to offer interest-bearing deposits (eg: loan out your crypto), well then you'd expect to no longer be able to verify your deposits because you'd know they were loaned out, or that the exchange was trading with them, or whatever else. You'd also be forced to confront the fact that your assets are at risk at that point.
> If someone has lent an exchange assets against its users' assets then it's not at all clear that they have the superior claim to those assets if the exchange goes bankrupt can't repay those liabilities.
Right, but if an exchange took out a bank loan, the loan was recalled, and the exchange repaid it with customers' deposited cash and later goes bankrupt - possession is nine-tenths of the law.
Especially if the exchange intentionally has a structure that can avoid international tax laws - who's to say it won't also avoid international bankruptcy laws?
> and the exchange repaid it with customers' deposited cash
Then in this scheme depositors would be able to see that straight away, and force bankruptcy and asset recovery on the exchange while those assets still existed. This would (presumably!) stop the exchange repaying debts with customer deposits, because those customers would know straight away and could seek legal recourse against the bank and the exchange.
This is explicitly addressed in the article: use stable coins for that. I'm very much a crypto-skeptic, but I do think this particular solution will provide some level of increased safety for coin-heads.
If you trust the solvency of the likes of Tether and Luna, certainly.
Seems to me the problem of solvency at the boundary between the worlds of fiat and cryptocurrency is always present, and shuffling it around doesn't make it disappear.
But that's a choice for customers to make, at the end of the day. The exchange says "we're holding dollars in Tether and we can prove it" and if customers aren't happy with that, then they can not store fiat on the exchange.
Other creditors may or may not have preferential claims over depositors. The point is that you can't prove that the exchange is solvent (which was the entire point of this exercise) unless all assets and liabilities are considered.
All benefits of cryptocurrencies goes out the window when you introduce centralized exchanges. "trustless" is referring to the protocols, not the ecosystems.
It's not necessarily about covering all liabilities of an enterprise nor all its assets. It's about building a proof that you hold your customer assets and you are not running a fractional reserve. You may still run an unprofitable business and perhaps at some point you go bankrupt. But at least all the customer assets are there and segregated from the business assets and you cannot use them as the piggy bank for your business.
So, lets imagine you have been running this continuously from the beginning and there is absolutely nothing fishy on the chain of the events of the ledger that makes this proof. All customer deposits (1B worth of coins) are backed by respective assets (1B) in the portfolio. Unfortunately the business has been run badly, and in addition to this portfolio, the exchange has assets of one worthless laptop, but there are some tax liabilities worth 2B and an just found loan payable to Italian Mafia worth also 2B. Tax authorities file for bankruptcy.
1. How does the exchange ensure money is paid to the customers instead of Mafia or tax authorities?
2. If/when it can't, how these liabilities are included in the proof of liabilities?
(note: this is a real and difficult problem. That's why there are laws, regulations and deposit insurances around customer funds in finance, which, yes, fail occasionally. I just do not see how that can be solved by blockchain.)
You make good points, this by itself is not sufficient. That doesn't mean it's not useful, though. For Centralized Exchange you need additional regulation to ensure that level of customer protection. And yet, regulation itself is not enough, as you can still defraud in a regulated entity. You need that the weight of criminal punishment is hard enough to disincentivize it. And you possibly need insurance (FDIC and equivalents) too.
Hence why proponents argue to do things on-chain, where we have built-in guarantees and this issue disappears entirely.
> But at least all the customer assets are there and segregated from the business assets and you cannot use them as the piggy bank for your business.
Why would they be segregated? The priority of creditors in a bankruptcy proceeding is controlled by courts that will order assets handed over to senior creditors whether they are holding "on chain" liabilities or not. It is the disclosure of such a contract that is the problem of understanding all liabilities, both on and off chain, as bankruptcy court doesn't care about the distinction.
> Client money is segregated in special bank or custody accounts, which are designated for the exclusive benefit of clients of IBKR. This protection (the SEC term is "reserve" and the CFTC term is "segregation") is a core principle of securities and commodities brokerage. By properly segregating the client's assets, if no money or stock is borrowed and no futures positions are held by the client, then the client's assets are available to be returned to the client in the event of a default by or bankruptcy of the broker.
Because segregation is a necessary prior to enshrine further protection on customer assets.
That seems to be a case in which regulation is actually protecting clients of brokerages. Of course, thise regulations are bad if you are a, say, crypto exchange, and want to, say, engage in "investment" activities using those client deposits (regardless if those a fiat currency, crypto or something else).
Absolutely. Centralized crypto exchanges should have the same regulation and oversight as brokerages/banks/other financial institutions. Because they are that type of institution, just having crypto under custody doesn't make it magically solve any issues.
> > Client money is segregated in special bank or custody accounts, which are designated for the exclusive benefit of clients of IBKR.
No, originally you talked about segregation between crypto and non-crypto. I responded that there is no such thing. You then changed to talking about segregation between client finds and company funds -- do you see how this has nothing to do with the original point? How do you know a brokerage doesn't have both crypto and non-crypto liabilities? You don't. And the non-crypto can be senior to the crypto. There is no segregation between non-crypto and crypto and no guarantees about what kind of liabilities are held by both clients and investors.
> if no money or stock is borrowed and no futures positions are held by the client, then the client's assets are available to be returned
Right, this is exactly why you need to know what all the off chain liabilities are. Because when they come due, you can lose all your crypto because of a brokerage's off chain liability. Thus there is no such thing as a proof of solvency.
The idea is that the exchange publishes a sum of their liabilities, and each individual user can check that their balance was uniquely included in the sum, cryptographically.
Unfortunately this does not prove in any way that the exchange has included all liabilities in the sum, it only proves your deposit is included. A very, very different thing.
Of course. But it lets every individual check this, which means if any individual's balance is not included, they can publish that. It is a vast improvement over the current state.
"Proof of reserves" including Vitalik's heath robinson crypto schemes, provide minimal assurance to exchange users. Why?
It's what one would call a "limited assurance engagement" in audit parlance. In other words, it provides assurance over a small subset of the balance sheet of an exchange - only the customer deposits and the exchange liabilities pertaining to said customers.
However, there are a few red flags which no-one seems to raise:
1) The customer deposits should be off balance sheet if they actually were held in custody. If deposits are not off balance sheet then customer assets cannot be held in custody. Instead, the customers are a creditor of the exchange.
2) From the terms and conditions I've read for various exchanges, customers are typically not treated as a preferential creditor.
3) In the event of an insolvency, customers are treated pari passu with other creditors.
4) To get sufficient assurance that the exchanges can honour their customer liabilities, we need to see ALL of the liabilities, not just the subset relating only to customer deposits. E.g. Who else is money owned to? Did they issue debt? Did they borrow from a bank? Are there any legal provisions? Etc...
5) Given the legal treatment of customers as unsecured creditors, without entire visibility of the balance sheet, the "proof of reserves" report is pretty much useless.
4) ... this is why tradfi ringfences. One legal entity for the deposits one legal entity for the business. The entity for the deposits has only liabilities to customers + assets from customers.
In fact, on (2) this isn't even something an exchange can do through their Ts&Cs. Local law will decide creditor priority so in the absence of a regulatory framework that treats exchanges as "bank-like" and makes, as a minimum, customer balances "special" in some way, this simply isn't possible.
It's easy to be dismissive of everything crypto-related after the FTX crash, but we should remember that the problem of fraudulent business practices isn't specific to crypto at all.
It's yet to be seen whether proof-of-holdings is practicable for crypto assets, let alone for real world assets. But it is an interesting use case for zero knowledge protocols that could tackle some very real problems. Yes, we have auditors in the real world, and I'm not thinking of replacing them, but it could improve audits. As one example, not too long ago there was a crash of a German payments provider of a scale not much smaller than FTX (Wirecard) that was audited by one of the major firms (EY), who missed a fake $2bn bank deposit claim.
"Jumping off a building is actually just flying if you don't worry about the landing. We should remember, the problem of landing isn't specific to jumping at all."
And IMO, more than the scale, it's the immature bragging of being totally better than the old stuff. That said this aspect is not only in crypto, it's in the era.. lots of internet thingies are touted that way, your bluetooth connected balance that is not accurate and will fail in 6 monthes.
Sure, that was not the point of my post. It seems that most people have reacted to this half-sentence, I think the technical discussion would have been far more interesting for this forum, especially when it comes to applications outside of blockchains. I could list more examples where substantial losses to real clients (of "normal" businesses) could have been avoided if there was a better way of proving simple facts like bank balances to auditors (it's in fact partly related to my work).
The current process basically looks like this: an auditor will ask the bank to confirm that client X has such and such balance with them. Of course, the bank needs to be sure that the auditor is actually who they claim they are, so they get in touch with their client to confirm that they can tell the auditor their balance. Since this is a bit tricky if the auditor doesn't have a direct line of communication with the bank already, it is often facilitated by the client directly asking the bank to issue a balance confirmation to the auditor, and that's an entry point for impersonation attacks (in an overly simplified manner, that's also what happened at Wirecard). We probably don't need the exact fancy machinery of Merkle sum trees and zero knowledge proofs outlined in the OP, we also don't want to bring in blockchains, but I was wondering whether we could use some of those ideas to make the audit process for normal firms a bit safer.
I hate to no-true scotsman you, but if you kept significant amounts of cryptoasset in a centralised exchange, you weren't living in the desert, you were living in a sandbox.
If one held a coin that appreciated in value from the massive flood of retail investors using CEX, even if you custody your coins and then pointed to the price as some indication of cryptos success over the past 5 years like pretty everyone in the crypto community, and then now claim that wasn’t real crypto, well that an indication of cognitive dissonance.
I like them for reasons separate to their price. This is actually a fairly common view in the community, even among people like Vitalik. /r/ethereum doesn't even allow discussion of the price because that's a whole separate topic that is not necessarily all that interesting to the same people who are enthusiastic about ethereum.
Indeed, Vitalik warned people a few times at various points in the run up that crypto was in a bubble. The current crash is not surprising to anyone who has been paying attention.
> the problem of fraudulent business practices isn't specific to crypto at all.
The problem with crypto is that the bulk of the value is created through seigniorage of the tokens required to make it work, not actual utility derived from its technical features, for example better privacy or enabling new transactions.
So in reality the pump & dump, rugpull and speculative bubble dynamics are characteristic to crypto because there is very limited actual wealth created and a massive conflict of interest from the players to cash in on the juice flowing though their systems, which are nothing else than unregulated and inferior copycats of existing financial institutions, state issued currencies, banks etc.
Many of us were dismissive of everything cryptorelated even when many others became millionaires or billionaires believing into it. If you needed something as pathetic as the FTX fiasco to change your mind, you’re right, that’s unreasonable for sure.
> many others became millionaires or billionaires believing into it
Yeah, being first in a Ponzi scheme tend to work well for some people. For every winner in cryptocurrency there are losers as cryptocurrencies are a zero-sum game.
Don't forget money spent paying employees, executives, buildings, leases etc. Mining is just one of the costs of the whole crypto worlds. It's an amazing industry that keeps providing nothing of value (or you can argue it creates negative value) while finding creative ways to spend money on it.
Burning thousands of GPU hours just to update an ineffective database is surely the most prominent one.
Don't forget money spent paying employees, executives, buildings, leases etc. Mining is just one of the costs of the whole crypto world. It's an amazing industry that keeps providing nothing of value (or you can argue it creates negative value) while finding creative ways to spend money on it.
Burning thousands of GPU hours just to update an ineffective database is surely the most prominent one though.
And Wirecard was a clear fraud. They didn't steal customers deposits so. And, all in all, Wirecards accounting was lightyears better than FTXs, Wirecard held bank liscenses which requires proper book keeping of assets and deposits.
I think the speed and low-fees required in (some types of) financial trading just can't happen fully on chain. So that's another reason for centralization in exchanges
Also it's interesting to note that in regular finance, exchanges and brokerage firms are separate entities .. meanwhile eg FTX was both the exchange and the 'broker'
Edit: just searched twitter and came across someone asking SBF this exact question about the conflict of interest in being both the exchange and broker (of course he was also trading with client funds on top of that..)
> I think the speed and low-fees required in (some types of) financial trading just can't happen fully on chain. So that's another reason for centralization in exchanges
That's currently being resolved with the implementation & adoption of rollups: There're currently multiple efforts towards developing zk-based rollups, with everyone (Polygon, zkSync, Scroll) taking a different approach towards providing it. Right now, optimistic rollups are the dominant rollup strategy right now, with improvements & decentralization already undergoing development & deployment.
Most still have guardrails in place, but it's publicly known & already being worked on.
> I think the speed and low-fees required in (some types of) financial trading just can't happen fully on chain. So that's another reason for centralization in exchanges
You could have an exchange whose users have 2nd-layer channels open to it for all the currencies they trade.
Trading can then happen near-instantly with 0 fees.
While still centralized, it doesn't need to take custody of any user's funds.
So what I really don't get about the decentralized fans: They repeatedly say, our goal is to replace entities like DEX.
But replace with what? With people like Vitalik? He seems to be an influential figure and calling the shots. How is this in any way different than a "normal" company with a CEO and a board.
We already have functional, audited, open source DEXes and have had them for years now.
Uniswap was the first well-done AMM (automated market maker) design. It's on version 3 now, and has traded more than $1.2 trillion in volume: https://uniswap.org/
FTX was primarily used for perpetuals trading, which is a type of leveraged derivative product. Popular decentralized perp products include:
GMX: https://gmx.io/#/
and Dydx: https://dydx.exchange/
Vitalik is certainly influential, and he did conceive of and invent the first smart contract blockchain, but he doesn't call the shots any more than Tim Berners-Lee controls the web.
I love uniswap as a concept. Whatever my reservations are about crypto, there are some projects I think are good, uniswap being one of them. Staying true to the decentralized aspects and all that. What I dont understand is, if we have uniswap, why are there other exchanges coming in and establishing a big market. Is it a UX thing? Or is the crypto ecosystem addicted to leveraged trading? If I was a crypto person I would definitely be in favor of more uniswap and less coinbase and binance.
Partly UX, partly marketing, partly L1 fees and speed. Partly that a lot of people don’t know what Uniswap is. It gets a passing mention in the news if lucky, or more likely no mention, even though it’s the second largest crypto exchange on some days. Most crypto CEX investors are either unaware or too lazy to care.
A lot of crypto people do use Uniswap. The tone of Vitalik’s post is: what if we took some of the non custodial, on-chain, cryptographic proof things that work well in a DEX, and inject them into more CEXes so that even lazy users end up with better security guarantees.
It's partly a UX thing, uniswap can be expensive at certain times. This is beind worked on actively with rollups. But there is still more work to do.
It's partly also because you have to bridge from traditional finance to cryptocurrency somehow. Many of these centralized exchanges are allowing that bridging. Usually that would involve meeting strict banking and KYC regulations. FTX decided that was too much of a hassle and incorporated in Bahamas to avoid it.
I feel like the whole KYC and liquidation to fiat should be handled by token issuers and not exchanges. USDT should be responsible to give me cash USD, not binance or coinbase.
Ideally, open-sourced & audited smart contracts that are ERC-compliant & developed by the general public, with the internal mechanisms made viewable to anyone that wants to learn how such mechanisms work.
> With people like Vitalik? He seems to be an influential figure and calling the shots.
Vitalik can point at where focus could be targeted at, but the decision is ultimately up to the developers themselves. In fact, as far as I can remember, most of the efforts mentioned in the post & image below are not publicly mentioned at all, with other developers leading the charge on that front. (Danksharding being one example, with the development efforts led by Dankrad Feist, hence the name.)
> How is this in any way different than a "normal" company with a CEO and a board?
The main difference is that development is not wholly left to one party: Anyone can choose to develop the applications that they want to see & deploy them onto the platform. Even if you're external from the main development efforts, you can still contribute to the overall ecosystem with code contributions towards one of the various nodes of the entire system. This stands in contrast with a standard company, where external development's forbidden outside of a special area designated for the general public to interact with.
The curtains are slowly getting pulled aside for the "crypto" ecosystem. Tokens on tokens on centralized or non-scaling systems that generate "yield" without really specifying where the yield comes from. Vitalik is indeed a CEO or CTO for the Ethereum Foundation, which in itself is a cetralized entity calling the shots for the development path, including changes to the emission of ETH.
I fully expect that system to come crashing down in 5-10 year.
Vitalik isn’t running any DEXes, he is not in a position where he can steal or move user funds locked into a DeFi contract. He could suggest a change that might do something malicious at protocol level, but the rest of the developer community would reject it.
CEO of a bank can't do that too. The board can though. And of course customers can reject that decision and switch bank. But in reality that won't happen both in the bank case and in the tokenbro case. We have already saw how Vitalik stole lawful tokens from the receiver of The DAO program (code is law after all), and everyone has supported him. Exactly the same as banks can do, only without outlandish claims.
A double spend attack is a type of fraud for sure, but obviously one of the remedies for a double spend attack is to fork the main chain and change the consensus to nerf the attack.
Ultimately layer 0 of a blockchain is the community that uses it, and if they decide to fork en masse, they will do so. It's an essential property of the system itself. Blockchains would not be antifragile if they could not fork.
Then the problem becomes the same, who is empowered with calling a fork? If they are just by users who are using it, how is it different than having an election etc.? Except here the agenda comes from a shadow organization within a "decentralized" system. I would much rather my votes happen in public with everyone's consent.
I don't see how double spending and forks are the same thing. Double spending is when the same coin is spent twice on the same chain. When you fork, you are creating a whole new future history (sorry, can't come up with a better word). If I have a ledger for my business, and someone created a copy and added different transactions to it, that would not be double spending, right?
Nothing really got stolen in the DAO case the way I see it. ETC still exists, its just that nobody wants to use that chain. Code is still law, but the users decide which code to run. I can see the beauty in it.
This is so funny. Self-styled geniuses inventing infinitely iterable levels of complexity to invent infinite levels of why they should have infinite governance around the concept of digital money is probably the best grift in generations.
Don’t get me wrong, I think it’s great. In the US, it’s mostly the worst folks actually losing to this game and I’m overall entertained.
edit: I should maybe clarify that my crypto holdings are now about $20, entirely from folks losing bets to me.
> If you prove that customers' deposits equal X ("proof of liabilities"), and prove ownership of the private keys of X coins ("proof of assets"), then you have a proof of solvency: you've proven the exchange has the funds to pay back all of its depositors.
But what if your private keys are actually owned by Alameda, who lent you them for the purpose of demonstrating solvency but then oops options blew up and they're gone now?
But what if most of your deposits were gold- or USD-backed assets and your assets are all shitecoin and a 51% attack happens to shitecoin and everybody wants their gold back?
But what if you do all this and you prove solvency, but your assets are all rated by S&P and oh crap just like in 2007 they rated everything triple-A but it's actually junk?
I mean the technical ideas in the piece are sound, but there's nothing here to fundamentally rebuild trust in crypto.
Also: the title "having a safe CEX" -- cute, but underscores how crypto is such a sausage fest.
> But what if your private keys are actually owned by Alameda, who lent you them for the purpose of demonstrating solvency but then oops options blew up and they're gone now?
Private keys are never exposed at any point in the overall operation of the proof. In fact, the general structure provided as an example in the article itself doesn't expose anything of the sort.
Furthermore, the structure provided isolates the asset amounts down to each individual account, effectively siloing the damage to that particular account.
Even if the idea of lending them the assets is entertained, the flows out from their accounts would be recorded.
------
> But what if most of your deposits were gold- or USD-backed assets and your assets are all shitecoin and a 51% attack happens to shitecoin and everybody wants their gold back?
1) The conversion over to the token in question would've already occurred & been recorded onto the overall proof.
2) The sudden collapse in value of the token doesn't warrant a refund in the same way that a sudden collapse in oil commodities/futures doesn't mean that a refund is permitted. The downtrend risk is explicit in the desire to convert from A to B.
------
> But what if you do all this and you prove solvency, but your assets are all rated by S&P and oh crap just like in 2007 they rated everything triple-A but it's actually junk?
The scenario mentioned is a problem with the rating system itself, along with the overreliance of a handful of rating agencies with opaque rating systems/mechanisms. This is outside the scope of the article in question, but it's resolvable via the implementation of crowdsourced & automated rating systems that have clear grading rubrics & metrics, along with the inputs used to give said grades.
> But what if your private keys are actually owned by Alameda, who lent you them for the purpose of demonstrating solvency but then oops options blew up and they're gone now?
You don't understand public key cryptography. If someone else has the private key to your assets, the assets are not yours.
This is not a failure of cryptography. Don't blame crypto.
It would be impossible for any entity to fraudulently post proof of on-chain reserves today.
Sure, the fraud might fool some subset of extremely uninformed people initially, but someone is bound to find the fraud when they check the chain with one of the hundreds of different open source clients that exist today. Immediately, they would post this astonishing finding on Twitter. Immediately, Twitter would blow up and out them as frauds. Immediately, all of the people who were initially fooled would know that this company is a fraud.
Well... you wouldn't know if the reserves that they show proof of are theirs or borrowed from someone else. In the real world "your keys" doesn't necessarily mean "your assets", that's the point.
Personally, I don't think so. It's another attempt to replace 'trust', in this case trust on an independent party that audits the financial statements, with an even less reliable alternative that doesn't even work. This obsession with trustlessness is a mistake.
Maybe you do, but I don't need 20 years to figure out that 'crypto' can't succeed because of 1) limitations that are inherent to 'trustlessness', 2) isolation from and inability to deal with physical reality, 3) competitive disadvantage of distributed systems, and 4) lack of appeal to anyone who has normal, healthy relationships with other people (i.e. a social life).
The article seems to be more about proving reserves rather than proving "solvency". There's more to assets and liabilities than just customer deposits and coins held. How does a Merkle tree help when customer deposits are used as collateral for some off chain loan and then the value of the exchange's equity drops below the value of these off chain liabilities?
> Rather than relying solely on "fiat" methods like government licenses, auditors and examining the corporate governance and the backgrounds of the individuals running the exchange, exchanges could create cryptographic proofs that show that the funds they hold on-chain are enough to cover their liabilities to their users.
So... use crypto to prove that you hold enough crypto to cover the losses if crypto crashes and you can't pay people back without crypto.
This only works to prove that you hold enough Trashcoin to pay back people's Trashcoin that you're supposed to have - but why have their Trashcoin at all if you need to make it available to them?
You can't do anything with it that would make you money while still guaranteeing availability to it's owner, so then you're just providing a free custody service for someone that's worse than them just holding it themselves.
Also, if you're able to cryptographically guarantee Trashcoin holdings then you don't need the exchange anymore. Guarantees + DEX + off-chain transactions replaces your exchange for low fees in that case.
Leaving all that aside though - It's a suggestion to optimise away protections as a problem to be solved when the solution being proposed has time-and-again proven itself unfit for purpose with catastrophic consequences. Regulating financial systems and making them safe is hard, because it's more complicated than anyone who's approached this in crypto seems willing to acknowledge.
Honestly, I think regulators should be approaching this whole space with a view of "we'll get involved to stop criminals that have the potential for non-crypto victims, but we'll not spend time or resources to help anyone that get's ripped off after choosing to put their money in this".
(i.e. The state has a duty to protect it's citizens, but I don't see what burden the state has to protect money that was wilfully removed from the protections of the regulated financial system. If anything, the state has a duty to not waste resources pursuing lost funds in those instances as they have no mandate to do so.)
I have sympathy for people that lost out with FTX and Celsius - I genuinely do - but there were so many warnings that you would have had to dismiss before ending up in that situation and it's hard to believe that people that put money into these platforms (or tokens in general) didn't realise what they were getting into. There's a massive amount of historical experience to draw on - these aren't new schemes.
> But it's worth getting to the fundamental issue with the right half of this design space: dealing with user errors. By far the most important type of error is: what if a user forgets their password, loses their devices, gets hacked, or otherwise loses access to their account?
> Exchanges can solve this problem: first e-mail recovery, and if even that fails, more complicated forms of recovery through KYC. But to be able to solve such problems, the exchange needs to actually have control over the coins. In order to have the ability to recover user accounts' funds for good reasons, exchanges need to have power that could also be used to steal user accounts' funds for bad reasons. This is an unavoidable tradeoff.
> The ideal long-term solution is to rely on self-custody, in a future where users have easy access to technologies such as multisig and social recovery wallets to help deal with emergency situations.
Not to dismiss this out of hand, but isn’t that the central problem? Users want to use Coinbase for convenience as much as for any other reason.
Saying “we’ll make it easier to host your own coins” is a bit like saying “we’ll solve the #1 problem with mass crypto adoption”.
> Users want to use Coinbase for convenience as much as for any other reason.
> Saying “we’ll make it easier to host your own coins” is a bit like saying “we’ll solve the #1 problem with mass crypto adoption”.
That's the point: Coinbase & CEXes have it easy because they can centralize - Their development efforts can be honed in more effectively.
The ultimate long-term goal is to remove the need for such entities in the first place, and make it easier/safer/cheaper with the use of rollups, on-chain insurances, social recovery wallets, DEXes, & integrated crowdsourced filter/allow lists.
>The ultimate long-term goal is to remove the need for such entities
But replace with what? With people like Vitalik? He seems to be an influential figure and calling the shots. How is this in any way different than a "normal" company with a CEO and a board?
Ideally, open-sourced & audited smart contracts that are ERC-compliant & developed by the general public, with the internal mechanisms made viewable to anyone that wants to learn how such mechanisms work.
> With people like Vitalik? He seems to be an influential figure and calling the shots.
Vitalik can point at where focus could be targeted at, but the decision is ultimately up to the developers themselves. In fact, as far as I can remember, most of the efforts mentioned in the post & image below are not publicly mentioned at all, with other developers leading the charge on that front. (Danksharding being one example, with the development efforts led by Dankrad Feist, hence the name.)
> How is this in any way different than a "normal" company with a CEO and a board?
The main difference is that development is not wholly left to one party: Anyone can choose to develop the applications that they want to see & deploy them onto the platform. Even if you're external from the main development efforts, you can still contribute to the overall ecosystem with code contributions towards one of the various nodes of the entire system. This stands in contrast with a standard company, where external development's forbidden outside of a special area designated for the general public to interact with.
> Saying “we’ll make it easier to host your own coins” is a bit like saying “we’ll solve the #1 problem with mass crypto adoption”.
Sure, I mean, we're still in the "dial-up era" of crypto and a big part of that is wallet UX. But if you're following the space closely, you can see there's been some solid efforts on that front.
Rainbow Wallet (https://rainbow.me/) is an iOS & Android wallet that backs up your private keys to iCloud/Google cloud. I think for smaller sums of money and valuables, this is a pretty good solution.
Argent (https://www.argent.xyz/) is a smart contract wallet that has a "social recovery" feature that allows you to delegate account recovery to a circle of trusted parties.
Gnosis Safe (https://gnosis-safe.io/) is another smart contract wallet that many DAOs use for treasury management, which allows for arbitrary multisig settings to be configured (like requiring 3 out of 5 signers or what have you).
Some of these still need work on UX, but the core tech is there. Another factor is blockchain fees. Layer 2s like Arbitrum (https://arbitrum.io/) and Starkware (https://starkware.co/) have already dramatically reduced fees (by as much as 10-20x and will likely get to 1000x reduction by the end of the decade).
Once the layer 2s and layer 3s are more mature, it's conceivable that a Coinbase or Kraken could run their own auditable rollup, even if the order book was run on a centralized server, at least the net balances would be held on-chain (Dydx https://dydx.exchange/ works like this currently).
If your only business is being an exchange you might not run into any issues if you consider all the decentralized exchanges that are still operating.
The problem arises if you add market maker, trading house, hedge fund, market research, and learn2earn to the mix.
#greedisgood.
Decentralised exchanges only deal with virtual tokens. Centralised exchanges are needed because people need to be able to trade these tokens for real assets.
Well maybe we should accept crypto isn’t for the masses. Maybe banks are good enough for that use-case (users who want convenience because they can’t be bothered to learn how to manage their own coins).
Maybe vitalik should focus on preserving decentralization instead. As far as I can see it the biggest flaw in cryptocurrencies — including Bitcoin - is when you look hard enough you realize the decentralization is a facade.
> Maybe vitalik should focus on preserving decentralization instead. As far as I can see it the biggest flaw in cryptocurrencies — including Bitcoin - is when you look hard enough you realize the decentralization is a facade
It's being worked on multiple fronts by multiple independent teams simultaneously. What you're specifically asking for can be found under "The Scourge" & "The Verge".
in the beginning of the 21st century, some said cars are not for the masses.
They were hard to start for example . You would get your hands dirty and needed some power to turn that hand crank.
When those problems got solved and more cars got on the road it would become dangerous with so many cars, and people suggested you need to learn it properly (and get a driver license). Some thought not many would get such a license to drive a still dangerous machine (no airbags or even ABS at that time).
In the end you are ready to do the work (learn) if it is worth it.
And if it is worth it… that nobody knows (in the western world the answer is mostly “no” right now, at least if one trusts the complex economic systems to work well for the next decades).
If it’s worth the hassle, more technologies will get built to help.
At the moment, it's quite clear that current cryptocurrencies are solving problems nobody has (trustless transactions), in a way nobody likes the consequences of (distributed) and are magnets for fraud and grift (too many to list).
Now the idea of giving people cryptographic keys is really attractive and unlocks a bunch of use-cases (most of which crypto proponents have claimed in vain for a decades crypto could solve), but there are a few problems (which crypto doesn't even try to solve): how to restore keys when they lose them or they are stolen, and related how to tie those keys to real-world identity in a meaningful way, how to rollback fraud and punish grifters, etc... for most of these you need a trusted central authority and also trusted, verified identity.
Maybe currencies are just the wrong angle to attack this problem from?
Unfortunately that's a really hard problem - if someone can tackle that and tie it to real world verified identity, there are a gold-mine of opportunities to solve. BUT it will require trusted central services for trust, rolling back transactions in case of fraud and identify verification to keep grifters and scammers out. When you do all that you end up with something far more like our current banking system (though it does have significant problems I don't wish to downplay, it also has hundreds of years of scam protection built-in).
> At the moment, it's quite clear that current cryptocurrencies are solving problems nobody has (trustless transactions)
That’s an assumption, not a fact. And trustless transactions might not be the only problem that it tries to solve. What about predictable money supply. Trustless custody (instead of just “trustless transactions), …
All these will not appeal to a lot more people today (but nobody and not many is very different, and that ratio can change with future technologies being built)
> how to restore keys when they lose them or they are stolen, and related how to tie those keys to real-world identity in a meaningful way, how to rollback fraud and punish grifters, etc... for most of these you need a trusted central authority and also trusted, verified identity.
The first part (how to restore keys when they lose them or they are stolen) does not necessarily mean that there is no decentralized solution. Social recovery (Shamir Secret Sharing + social recovery; or safer some multisig + social recovery) is being worked on.
The second part “how to tie those keys to real-world identity ” is much harder (specially if one values anonimity to avoid 1984 scenarios).
If a good was regulated to have a stable price nobody would be incentivized to find a clever solution to solve a future crisis with high demand for that good
Price stability refers to the stability of the price level. It has nothing to do with changes in individual prices which are unrelated to changes in the price level.
It's clear that current cryptocurrencies are absolutely not solving that problem either. There's a fact if you like facts, consult the Bitcoin price.
> Trustless custody
Not clear to me that people outside the crypto bubble want this; people want trusted counterparties, not trustless obfuscated counterparties. It is IMO a solution looking for a problem.
I'd be a lot more sympathetic to this space if wasn't full of grifters and fraud. As it is I think the crypto experiment has irreversibly been tainted by that association (and by people losing lots of money), and I would not trust a 'trustless' solution from any of the current crypto companies or individuals.
> how to restore keys when they lose them or they are stolen
This is a v. hard problem, why make it 100x harder by insisting on decentralising the solution? And then 1000x harder by insisting on anonymity? Those may be properties of your chosen solution, which is I suspect why you're insisting they are necessary, but they are a bad design IMO - these are the fundamental design flaws of current cryptocurrencies.
Normal people don't keep backup keys on a second device etc etc, web of trust is a very old idea which has been tried quite a few times (see pgp for example, keybase for another corporate one), and you need a way for a normal person to prove they are who they say they are and regain access via courts or a central authority, take over inherited accounts etc. At some point these systems have to interface with the real world and real world authorities and laws/courts.
Just to propose alternative solutions to safely storing cryptographic keys (note those are useful for all sorts of things and unrelated to cryptocurrencies):
Corporations like Apple, Google could provide such a service, as they already own most of the infrastructure. There are obvious and significant downsides to this.
Enlightened governments could propose such an infrastructure of identity verification and private keys, there are obviously problems with that too, but it could be workable if you trust your government.
Utopian techno-geeks could also provide such an infrastructure, but somebody has to pay for it, and people fundamentally have to trust the people who create and run the system - that's a hard problem without financial incentives for the devs/maintainers. One example of an existing system is DNS and another is certificate authorities - both are not great but do work in the real world for their intended purpose.
I do believe at some point we'll come to solve this problem of digital identity and authentication because it is so fundamental, both for humans and corporate entities. I'm not sure we'll like the solution which ends up winning, and I certainly don't think cryptocurrencies are a contender.
> in the beginning of the 21st century, some said cars are not for the masses.
I guess you mean the 20th century?
In any case, those people were actually right. A car for everyone and their daughter is one of the biggest contributing factor for pollution and noise.
This entire comment seems to reprise the FTX/Larry David Super Bowl commercial. I'm sure there's a term-of-art for the tactic in debating circles (like "straw-man argument," or "appeal to authority"). I think of it as the "disingenuous comparison."
I can't begin to list all the ways in which comparing the auto industry of the 20th century to crypto of today breaks down. For starters, automobiles promised a massive demonstrable value-add to society from the get-go. Crypto, as others here have pointed out, is a solution looking for a problem.
So far, every application of crypto has actually destroyed value for the process it seeks to replace[1], by adding layers of busy-work on top of an already-working process. If it were of value as a self-contained, isolated ecosystem, then things might be different; but where it interfaces with the existing economic infrastructure within which it needs to operate (and which it seeks to replace), any economic efficiencies bleed out rapidly.
Cars got people from point A to B faster than horses. That much would have been clear even at the time because people understood trains and the potential speeds of locomotives.
Crypto doesn’t do anything faster, cheaper or safer. In fact it’s the opposite: slower, more expensive and brittle. In fact, even if it could advance in those dimensions, it doesn’t seem to offer any competitive advantage over the incumbent technologies.
Exactly this. The entire selling point of crypto is its separation from regulated finance and from the rule of law.
If you don't believe yourself capable of either going toe to toe with the kinds of predators that prefer such an environment and thrive there, or of personally shouldering the risk of losing whatever funds you place into this space to such actors, crypto is not for you.
I would say this is actually true of very nearly everyone, which is why traditional financial systems look like they do.
The difference here is people physically cannot manage and protect a large amount of cash and not having it in banks means you gradually lose money over time.
This isn’t the case with crypto where you can carry potentially all the wealth in the world on a single flash drive.
I think more can be done. An entity with a mobile app like Coinbase that seamlessly carries out transactions and then deposits your coins in your own personal wallet but manages your keys in an encrypted manner so all of the account management is hidden behind a single password. They should charge a monthly subscription for it.
The difference is that if your money comes from sources or is used for purposes that the traditional banking system does not want on their books, you cannot use the traditional banking system.
> The difference is that if your money comes from sources or is used for purposes that the traditional banking system does not want on their books, you cannot use the traditional banking system.
Number of tokens in the individual holdings - power to crash the market immediately or clog the transactions for months starting a DOS attack on the network.
Number of mining pools - power to hard fork the network, or to attack the network (51% attack is a very real possibility, the only reason it doesn't happen is the lack of general adoption - there are too few places to actually double spend tokens).
Number of people making decisions - power to hard fork at will, change protocol properties etc.
And before you say "but but the banks are also bad!", sure they are often crooks, but proposing to replace them with even worse system, and even less accountable people is weird.
> Number of mining pools - power to hard fork the network
Miners can hard fork but if the economical agents (exchanges, users) don't follow that won't get them anywhere. Their fork will just become an alternative coin and they won't be able to sell their mined coins, or at a lower price. It happened in 2017 with Bitcoin Cash.
> Number of people making decisions - power to hard fork at will, change protocol properties etc.
Same here: if the economical actors don't follow these people would just create a new altcoin.
And these economical actors seem much more decentralized than the people you mention.
> Miners can hard fork but if the economical agents (exchanges, users) don't follow that won't get them anywhere. Their fork will just become an alternative coin and they won't be able to sell their mined coins, or at a lower price.
How would users and exchanges find out about the alternate chain? Because from what I know the longest chain in existence is the valid chain, unless you are suggesting we trust centralized third parties like Vitalik and the Ethereum foundation to tell us which chain to mine on.
If the miners hard fork that means they create blocks that are invalid according to the previous rules. So exchanges and users with a node will just reject blocks from these miners, unless they also change the rules enforced by their own node. They will naturally follow the non-forked chain. They will be stuck there if all the miners apply the hard fork rules, but it requires only a few miners to keep the old chain alive.
The agents decide which chain to follow be choosing what rules their node applies. They have to actively change their client software to follow a hard fork. Of course users who don't run their own node and rely only on exchanges depend on the decision made by their exchange. But in a controversial fork most exchanges would probably not pick side and handle both chains as two different coins. They would still have to somewhat pick a side by choosing the name of the coins though.
What's also interesting is that anyone owning coins before the fork will have the same amount of coins on both chains. That happened in 2017 and the price almost instantaneously split to about 90 % of the previous value to the previous chain, and 10 % to the new chain. Users rejecting the fork could just sell their Bitcoin Cash for Bitcoin and return to their initial value in Bitcoin.
For me it’s the fact that mining is centralized. Censorship resistant? Good luck if pools collude to stop you from spending. Code is law? Good luck if they decide to amend the protocol and fork the blockchain.
Take as a simple example of making mining more democratic — ie we can all mining on our CPUs without being completely dwarfed by those who imported Chinese hardware. That’s an easy change to the protocol. Do you think that the current pools will vote for that?
From my understanding, this only solves one issue - exchanges holding crypto assets.
I would expect an exchange to also hold traditional liquid money, which currently couldn't be captured by this. If you could get the US financial system onboard, maybe you could get them to maintain a 1:1 representation of a digital coin, but I don't see why they would be motivated to do so.
The next problem then is that you can't diversify your holdings beyond that of crypto, so you are completely trapped by the relatively unstable nature of crypto. One day you hold a billion meme coins worth one billion dollars, the next day it is worth zero.
Backed tokens are still a trust liability with the issuing party. They have a place and are interesting, but it would make sense to limit the scope of exposure.
Take Tether for example. Every time BTC starts to dip, USDT starts to de-peg. They are not at all uncoupled. Tether doesn't have the market cap to cash out all of the BTC, and never will. The amount of apparent value in the crypto market heavily outweighs any possibility of cashing it all out.
And that doesn't even begin to touch the questionable liquid assets held by stable coins. Tether claim to be holding 82% of "extremely liquid" assets [1], but I'm unsure it's proven or tested. From the report [2]:
> The valuation of the assets of the Group is based on normal trading conditions and
does not reflect unexpected and extraordinary market conditions, or the case of key
custodians or counterparties experiencing substantial illiquidity, which may result
in delayed realisable values. No provision for expected credit losses was identified
by management at the reporting date.
Substantial liquidity could be caused by, say, global inflation or recession conditions. But that surely won't happen...
Yes, that's why there's a spectrum of stable coins with varying levels of centralized control, governance, risk, etc. Stable-ish coins like RAI and LUSD are backed by ETH only, but they do not have a hard peg, they allow for some small wiggle room (typically <10%) that allows the protocols to catch up with dramatic supply/demand imbalances when they occur.
This math is not for end users of an exchange, it’s for developers and researchers building new exchanges. The UX does not need to feel that different than any regular app.
None of this addresses the consumer issue. You need to display this information to users and they need to both understand it and trust it. That is what the current system has.
IMO a universal and easier to reason about solution is you have a threshold signing wallet created across a series of remotely attestable cloud enclaves like Google/Azure Confidential VMs, AWS Nitro Enclaves, and even TPM2.0 enabled baremetal.
Deploy an open source, deterministically buildable, stateless, and immutable, unikernel OS to all platforms that enforces strict signing policies on a multisig wallet address signed and owned by whoever requested that wallet to be created.
End users will not need to trust the custodian as they will have access the remote attestation interface to prove systems they pay for are running expected binaries and thus obey the rules. A user then asks those systems to generate a wallet with a policy that grants the custodian the ability to transact only specific maximum amounts per day, with an automatic dead-mans-switch that always signs/exports an updated escape-hatch transaction sweeping all funds that a user can publish at any time.
It is possible, per the above, to create custodians with no raw access to key material that are provably bound to the terms a user agreed to on deposit.
This accountable computing setup ends up looking a lot like off-chain smart contracts. It could be used to ensure any type of user owned cryptographic key material can only be used by a SaaS according to user defined policies.
I am working with several custodians on implementing this type of accountability right now.
Anyone that fails to have a good proof-of-funds solution is going to become irrelevant in the medium term and hopefully illegal in the long term.
A lot of people like trading, just look at Robinhood. It would be good if an app like Robinhood existed that ensured cryptographic guardrails to prevent the platform owners from lying about their solvency.
If you look at crypto's daily price action, the majority of it is attributable to trading and speculation. I think this is pretty common knowledge.
If you feel stocks and equities is gambling, then you might also feel that this sector of crypto is gambling.
But there are other sectors of crypto that don't register on this price graph, maybe because price is not the only metric of their success, or because their volume is lower. Smart contracts, non custodial wallets, ENS, trustless payments, DEXes like Uniswap, are all interesting and valid use cases of crypto and blockchain tech.
With the number of collapsed stablecoins this year and the biggest one of them all being a complete fraud, I'm not sure they're any safer. Also, every fiat-backed stablecoin is by definition 100% centralized to a single legal entity.
My point is anyone with an internet connection can give their savings 100% exposure to any centralized fiat currency, _if they so choose._
I'm not saying you should or you have to. I'm just saying this gives people the option to do that. What's bad about that? What's wrong with that? Should only US citizens be allowed to save US dollars?
I like how as soon as you mention stablecoins, everyone starts replying with the most god-awful trash examples of shady stablecoins they can think of, as if those cherry-picked dumpster fires represent the best that stablecoins can and will ever be able to offer.
Yes, Terra had quite insane ponzinomics. But that is a poor argument against what stablecoins could be.
Why are you arguing against letting anyone with an internet connection save US dollars? Should only US citizens be allowed to save US dollars? Why should we prevent humans from having that option?
> But that is a poor argument against what stablecoins could be.
Why did the argument suddenly switch from "have been for years" to "theoretically there could exist a stable coin that isn't outright fraud"? Is the reason that you can't think of a single example that is actually trust worthy?
USDC decided to remove guarantees from its site and invest its reserves as it saw fit without any guarantees or limitations on risk in 2021 before returning to form several months later. This happened despite the reserves being subjected to attestations every month. So it might be a good idea to start a list of trust worthy stable coins with just about anything else, especially if you want to give the impression that the attestations are actually worth the paper they are printed on.
Because in many countries throughout the world it is illegal to save and spend US dollars.
Or you can do it, but suffer extortionist fees.
Classic first-worlder, thinking corrupt, authoritarian regimes which arbitrarily seize assets and cut off access to basic financial services do not exist.
Hundreds of millions of people in India are using fiat payment apps like Google Pay, PayTM etc. I don't know how they make it work but I doubt they're all conventionally banked people.
This seems disingenuous. If this system wasn't making money for the people developing it, they wouldn't care at all about 'unbanked' people. Because it does, they can use that as a 'but think of the poor oppressed people' as a lever to shut up critics. It reminds me too much of 'think of the children' that gets used whenever someone criticizes a 'we want to own all the decryption keys' system or similar.
> If this system wasn't making money for the people developing it, they wouldn't care at all about 'unbanked' people.
No, THAT seems disingenuous.
I am working on crypto because I want to help these oppressed, unlucky people who are born into terrible regimes that are very hard to escape. I literally work on open source, gratis projects that do not generate any money for me.
> It's about giving people slightly better odds of escaping abuse. It's about helping humanity.
Save pontification for investors.
Crypto is a first-world solution to mostly non-existent problems. "The poor unwashed and huddled masses of unbanked in authoritarian regimes will surely be helped by a system that requires smartphones, always-on internet, and trips to limited offline currency exchanges (heavily monitored in authoritarian regimes) to get any value out of fictional tokens" isn't a solution you want to make others believe it is.
False. It doesn't require offline currency exchanges.
Try fleeing Brazil or Russia with significant amounts of cash. Either you cannot do it through legacy banking systems, or you cannot do it in real life with cash, or you have to pay an extortionist bribe in real life.
"Not if your country is under tyrannical or authoritarian rule and disallows access to basic financial services for some arbitrary reason." became "flee Brazil or Russia with financial assets".
Why is it that "we're providing basic financial services to the unwashed and huddled poor masses of the unbanked" always becomes "move large amounts of money from one jurisdiction to another without any government control look Russia Brazil" (but in reality international monetary fraud).
... and how does this prove that the "solvent" exchange doesn't have liabilities (I believe FTX was on the hook for real-world mortgages for private homes of their management)
I am just so exhausted with all of this nonsense. Why can't we go back to talking about how to get rich slowly over like 10-20 years with real money? Yeah you are not going to become a millionaire over night, but maybe you'll have enough to buy a house before retirement. You'd have better luck trusting a casino with getting a return on your money than crypto at this point.
Yes, absolutely. In a fully public voting ledger, you could manually verify each vote is associated to a unique national identifier without revealing it.
E.g., this vote corresponds to an SSN that hasn't cast any other vote, without revealing the SSN in question.
It feels like there would be a way to construct the tree in a manner that would drop the likelihood a negative balance was detected to an acceptably small number.
I feel bad for Vitalik because I think that he's a well-meaning 200IQ guy whose talents are being used to help scammers fleece ordinary people of their life's savings.
Your assumption of his naiveté is quite charitable. Before becoming the mouthpiece/patsy for ETH he was doing a quantum computing scam. He claimed he was going to compute NP problems in P time by simulating a quantum computer in software. Absolute hogwash obviously
What catalyst between 2013 when he was attempting to fleece gullible elderly angel investors with nonsense CS talk and 2014, when he began doing ETH, transformed him from a scammer to a legitimate and responsible financial planner?
I'm willing to accept that people's actions from when they're 19 shouldn't color their lives years later. But maybe people's actions when they were 19 are good to examine to put context into a project they began when they were 20.
The entire point is not having to trust "reputable" financial audit company, as we've been shown time and time again that they can, and will, be corrupted.
Legal oversight is still required. If you come in my house and $5 wrench my BTC out of me, legal oversight is still required to make it right, just as it would have happened with fiat, with banks, or barter, or whatever else.
If I run a scam, legal oversight is going to whoop my ass, even if the "legal oversight" is people that had their money stolen doing justice themselves.
Meat space still exists, but at least with crypto you're still minimizing the amount of trust required to digitally operate your own finances. "But then crypto is pointless" is a dumb take, because while not perfect it's still a massive, MASSIVE improvement over the "trust me bro" that financial istitutions are running on today.
How many billions need to be lost to crypto scams before we all agree that crypto's "trust me bro" is actually worse than having auditors, the SEC, FDIC, and greenbacks worth their face value with the full faith and confidence of the US Gov?
How many billions does retail need to lose to scams that are perpetrated by the auditors and the SEC before you admit that the phrase "with the full faith and confidence of the US Gov" is an unfunny joke?
I do not get why it's so hard to conceive that you can use crypto to build a system where you don't have to trust that people are doing the correct thing, as it's mathematically ensured by the system itself that no shenanigans are occurring.
The only "trust me bro" that is occurring in crypto comes from CENTRALIZED entities (such as CEXs, Tether, etc) and from people running scams where money appears out of thin air.
We don't even know how pin down a precise set of rules to always make people feel that justice was served in English. This is why we pay humans who, as a full time job, work out what people mean to do and whether what actually happened was what was intended; and who can negotiate and arbitrate between aggrieved parties. How do you expect us to encode in mathematics "common sense" we do not actually understand well enough to describe in plain English? Come back when we've solved AI alignment; I have no doubt we eventually will, but that day is not today, and tomorrow isn't looking good either.
...but crypto is not even attempting to solve that problem. Not even vaguely. The rules in this space are "finders keepers, no takesie backsies", and the participants like it this way (until someone does something that makes them feel aggrieved and suddenly they don't and there is no recourse, by design). No negotiation, no arbitration, no common sense, no human element at all: "you snooze, you lose", and this is the entire selling point.
If you make me choose between having the financial freedom to handle my money without having to trust anyone and only needing to pay attention to what I do with it, or having a nanny that oversees all my finances and coddles me in case I hurt myself but could possibly steal my money, I'll choose the former.
I can understand why one would disagree, though.
What's wrong with having the option to do away with the nanny, again?
What's more likely: Tech bro Chuck E Cheese tokens suddenly become worthless... or the US Government suddenly becomes insolvent (despite it's ability to not only print money, but field the world's most powerful military)?
How many more FTX disasters do we need until we've decided crypto is clearly the worse option?
What they did is fraud regardless of the cryptocurrency aspect, and plenty of people in crypto warned against centralized exchanges for decades now because of this exact reason, with MtGox and FTX being the most prominent examples because CENTRALIZED EXCHANGES WILL RUN AWAY WITH YOUR MONEY.
Because ->CENTRALIZED EXCHANGES<- ARE SCAMS.
BTC had NOTHING to do with it, it was just what gullible people fake traded in the exchange. If BTC was used properly and implemented actual Proof of Solvency as per the discussion we're currently having, this whole discussion would not be taking place because the ledger is public. The whole fiasco has taken place because the entire circus operated on "trust me bro we have your money, look we have been audited by a certified auditor ;)", which, in case you haven't noticed, is exactly how the rest of the financial system works.
How many more FTX disasters do we need until we've decided not using crypto as a public ledger is clearly the worse option?
Oh and BTW good luck next time the US doubles the circulating money supply again, but I guess that's ok because they have lots of big ships lol.
That's a broad stroke. I could say the same thing about crypto exchanges, and even several coins themselves (i.e. can we at least go for a few months without another 'stable coin' fiasco?).
Whether you use PoW, PoS, or some other consensus algorithm, you will always have some necessary baseline of trust among people operating the network.
"Not your keys, not your coins" is being repeated AD NAUSEAM because you should NOT trust crypto exchanges for anything but purchasing the coins and IMMEDIATELY taking the coins out.
And the whole point of Proof of Reserve is exactly to avoid another stable coin fiasco. Every single person in crypto knows Tether is bound to explode as it's not backed by anything. With PoR you don't have to trust anyone, as it's cryptographically ensured the money is there.
And PoW, PoS are several orders of magnitude harder to exploit than a single centralized exchange. There is still a baseline of trust, but that baseline is beyond what any exchange could possibly reach by virtue of it being public and decentralized. Any malicious activity is much harder to execute and much easier to detect than any malicious activity operated by an opaque black box company. (see: FTX -> Alameda)
Meh. As an outsider, you're not going to be able to reliably audit some incomprehensible smart contracts, either. You'll have to trust somebody: either Deloitte, or @ShibaMuskMoonSecure.eth
Your evidence is an audit company finding a vulnerability and the team refusing to fix it? How does that prove your point?
Sure, while it's hard for users to verify that the code does what it says and has no bugs, there are companies that can do it for you (as you posted) and even automated tools that allow anyone to do so automatically, and as the EVM gets used and exploited, these tools and audits also gets more robust. More importantly, the code can be audited by multiple sources, as it being public means it can be audited by anyone.
On the other hand, financial records are likely audited by a single "reputable" company, with all the information the customers have is a badge that says "the money is there, trust me bro" and nothing else. But hey, it's "reputable" source so it's ok to trust them, right? ...Until it turns out that whoops, the money wasn't actually there because someone got a fat paycheck to make a honest mistake, ahah...
Linux is one of the biggest, shining examples of publicly viewable code. Unfortunately, it has a history of bugs, issues, gotchas, and major flaws that can go unnoticed for years. [1]
Just because something can be audited by everyone doesn't automatically make it better.
> Until it turns out that whoops, the money wasn't actually there because someone got a fat paycheck to make a honest mistake, ahah...
Do you have any examples of this happening with a reputable (read: top 5) auditing firm in the last decade? Because I can find a dozen examples of crypto frauds happening in the past week.
Oh, nobody hands over a brown envelope of cash and tells the auditors to make a mistake.
Instead, the company under audit pays the auditor $$$$ for 'consultancy services' if the audit goes well, and fires them if they're too argumentative or time-consuming.
While it's nothing like as bad as the cryptocurrency market, where scams are a daily occurrence, nobody investing in the stock market should imagine these auditors are going to catch anything but the most blatant fraud.
Crypto is a tool to build a public financial system that minimizes the amount of trust needed. If you invest in DogeSpaceMarsElonCumMakeMeRichInu and lose money, it's not crypto's fault. You STILL have to do your due diligence and invest responsibly.
I just noticed, before you rag me on about "in the last decade", the article closes with:
>In his book on the Equity Funding Corporation fraud – the Enron of the 1970s – Raymond Dirks wrote: "If routine auditing procedures cannot detect 64,000 phony insurance policies, $25m in counterfeit bonds and $100m in missing assets, what is the purpose of audits?" More than 30 years later, investors are asking themselves the same questions.
Except that no matter how much due diligence you do, there is nothing to invest in in the crypto space other than endless rehashes of DogeSpaceMarsElonCumMakeMeRichInu.
Disagree? Suggest three crypto "investments" that are not scams. Just three, with the entire ecosystem to pick from. Then let's check back in six months and see how many of them have gone the way of FTX.
Smart contracts only need to be audited once, traditional accounts need to be audited continuously. Amortized over enough time, that's a much lower surface area for error.
Smart contracts can be audited by any member of the public with the technical know-how, so there are typically a lot of eyes on the most important cogs - similar in some ways to the OSS security model. Traditional accounts typically cannot be directly and reliably audited by members of the public.
> How many eyes are on Debian vs memecoin-smart-contract-22112?
To be perfectly honest, the memecoin contract probably has more. A smart contract's code base is much, much smaller and changes less often, and a greater number of people are much more strongly financially incentivized to find bugs. Plus, they often do a thorough third-party code audit up-front at the time they publish the code, which would be impractical to do with OS code since it needs to be constantly updated due to its threat model.
I would trust the Shiba Inu token code to have less critical bugs in it than the Debian code.
I assume you have to install software to do that? Software written by some author(s) that you have to trust? That you have to download and install from trusted sources?
It's not like I can verify "one number on the chain" with my own human eyes and no third parties involved. There's always trust somewhere in the system, you're just making that trust relationship more obscure and opaque.
It absolutely does not. As a developer who has worked to secure software systems, I fundamentally reject your assertion that "just trust the code" is a better security policy than "employ trustworthy people".
We just witnessed one of the largest frauds in all of human history. It would have been nearly impossible to trick every client that exists that can examine the chain. You are so wrong it is unfathomable that you are being honest right now.
The is the point I am making that you refuse to understand: You don't have to trick the clients, you have to trick the people; one way you might trick the people is with bogus software.[0]
Consider that Tether is obviously a scam but continues unabated to this day. Better tooling is not going to fix the problems you think it will, because the incentives are all stacked toward dishonesty and fraud.
First, the greater community that would "accept" such an audit that is simply proof of on-chain funds is not dumb enough to download some random "Bitcoin wallet" that shows fake numbers for one single company.
Second, the fraud you're alleging Tether is doing is off chain! It's in the fiat world! It's not happening on-chain. Stop blaming a system that literally mathematically precludes fraud (within the system itself, of course).
Did we have 5 Enrons within 6 months of each other though? These things are an exception in traditional finance, but they seem to be the norm with crypto.
These failures are in traditional finance, there was nothing related to blockchains or cryptography in the FTX internal operations or accounting books, nor in DCG/Grayscale, nor in BlockFi or Celsius. These are the failings of traditional finance in an unregulated or poorly regulated sector. Traditional finance as is conducted is insanely brittle and prone to manipulation/fraud. To avoid this, it needs to be strongly regulated and supervised.
As the same error seems to be being made in HN again and again, here is an analogy that hopefully will make the point clear. Traditional finance is like a dynamically typed programming language. You can certainly be productive with it, but it's much easier to slip through programming errors. To compensate you need to build a large set of unit tests to re-do much of what a strongly typed language gives you out of the box. A blockchain is the strongly typed version of traditional finance. Harder to use, to a large extent much of the ecosystem is nascent and still being built but it prevents large swaths of fraud and manipulation because it provides the checks built-in. The DeFi ecosystem is coming unscathed from all this fallout; Uniswap, Aave, Curve, MakerDAO, RocketPool, GMX, dYdX...
However, the linked article is about solving these problems with algorithms. The 'DeFi' systems you mention are not in control of vast sums of money, like the exchanges are. People want to use the exchanges and solving the problem by telling people to do other things isn't effective.
The retort to 'these crypto problems could be solved with regulations' is that traditional finance has these problems already and is regulated. This is a problem with society and not with technology, and trying to apply technological solutions to problems that have existed and will exist as long as people exist, seems to be arrogant and ineffective.
By trying to 'solve' these issues with technology, we appear to be opening new avenues up for gaming the system because there is no technology that emerges completely solved. Since we have been iteratively working on financial systems for a lot longer, it may be practical to work to progress that way instead of wiping everything and starting from scratch, where we are reinventing the wheel and getting all of the tragic consequences along with that.
> The 'DeFi' systems you mention are not in control of vast sums of money, like the exchanges are. People want to use the exchanges and solving the problem by telling people to do other things isn't effective.
Uniswap alone has settled over a trillion USD. The current DeFi ecosystem on Ethereum (even now in the current market) has tens of billions of in value locked. I do not know what would be vast sums of money, it's still small in comparison with traditional finance but the technology is a few years old.
> This seems to me to be a problem with society and not with technology, and trying to apply technological solutions to problems that have existed and will exist as long as people exist, seems to be arrogant and ineffective.
Indeed, the fundamental problems are societal and human in nature. The point is minimizing the surface area where that human intervention can cause damage. If your argument held any merit we might as well get rid of double entry accounting. After all, it's just trying to apply a technological solution to human problems. https://en.wikipedia.org/wiki/Double-entry_bookkeeping
> Since we have been iteratively working on financial systems for a lot longer, it seems practical to work to progress that way instead of wiping everything and starting from scratch, where we are reinventing the wheel and all of the tragic consequences along with that.
It's not reinventing the wheel. It's building a stronger foundation. I'm going to assume your field of expertise is CS, if it's not, hopefully it will be useful for someone else. Imagine the same argument brought to progress in programming language design. What's the point of Rust? We are just reinventing the wheel, considering how much has been built in unsafe languages like C or C++ we might as well keep iteratively building on them. Humans are still making programming mistakes. We don't need no memory safety in programming languages.
During the S&L crisis in the 1980s there were many bank failures with clean auditor opinions that turned out to be massively insolvent.
During the early 2000s you had quite a few, including Enron, WorldCom, Tyco, Parmalat and other accounting scandals.
During the 2008 crisis it turned out that large parts of the financial system was insolvent, but all had clean auditor opinions.
As William K. Black says it, in control frauds (where the fraudsters are the the persons in control of the institution), accounting fraud is the weapon of choice.
The problem with Crypto is there's nothing but frauds and Ponzis.
This would be like the ratings agencies that said the bad mortgages were AAA leading to the housing market collapse, leading to the creation of Bitcoin
Answer: let's re-invent accounting.
Look the problem is this, as an "exchange", to be profitable you either need to charge fees, or do some sort of fractional reserve, using deposited value as capital for your Exchange's investments.
If you go for option one, then you will be undercut by someone doing option two. The tradeoff being, number two is more likely to loose all your customer's cash.
The value of something is more often than not irrational. This means that there is subjectivity in the value of assets. You can't technology your way out of that. This means that its perfectly possible to prove that you have liquid assets that will cover your present position. However thats expensive to maintain. So you start buying longer term more illiquid assets (think property, commodities, companies, etc) some of these are liquid in a day, others months.
Worse still the value of them depends on how and when you sell them.
So sure you can have assets that cover all your liabilities one day, then due to a re-valuation, not have enough.
Thats not the same as solvent though.
But, all of this neatly misses the point of crypto. If its a practical payment system, rather than an investment, you wouldn't hold your crypto at an exchange. You hold it your self and move it when you need to convert/liquidate.