MtGox fiasco highlights advantages of Bitcoin and damage from regulation

/

The bankruptcy of a centralized Bitcoin exchange, such as the MtGox collapse, is a prime example of the type of “trusted third party” risk to which Bitcoin itself was designed to provide an alternative. Although the original Bitcoin white paper particularly pointed out problems with people having to trust some third party to conduct financial transfers, an exchange facilitating impersonal market trading is also a type of trusted third party.

Customers of such exchanges do not maintain direct control of their bitcoins, but instead exchange these for entries in a customer account on an internal corporate system. Customers then rely on the particular quality and reliability of the internal management, data, and auditing systems of their chosen exchange to the extent and duration to which they leave balances there.

Bitcoin was designed to be a new type of solution to the kind of counterparty trust/risk problem that the MtGox news brings to light, although the same issues are all too familiar to students of the long history of fractional-reserve bank runs and systemic financial crises (importantly, this one is not systemic, but company specific). One objective of Bitcoin’s design was to reduce or eliminate the need for end users to rely on any such centrally managed (or mismanaged) credits—whether centrally issued monetary units themselves (first from banks of issue and later from central banks) or the particular internal accounting entries of specific service providers.

Users who directly control the keys to their own bitcoins, such as by using paper wallets, client software, and to a large degree also legitimately client-side encrypted web wallets, carry no trusted-counterparty risk (but still risk of user error and theft). However, if users do not hold bitcoins in some such direct way, they do not hold them at all. Rather, they hold a claim on a specific exchange company or secure-storage service.

MtGox customers were holding what were essentially Goxcoins, that is, MtGox-brand bitcoin credits (and/or MtGox-brand fiat account credits). They were not holding bitcoins. Such services can and should be sound of practice and strong of reputation, as appears to be the case with a number of other existing services. For example, Bitstamp-brand bitcoin account credits and Coinbase-brand bitcoin account credits have attracted none of the fear and discounting of MtGox-brand bitcoin account credits. All of them have the same status from a purely economic-theory point of view and none of them equate to the direct holding of bitcoin itself. However, their qualitative differences, from brand to brand, on the market have become increasingly vast.

One key innovation of Bitcoin was eliminating from within its own design any single point of failure from centralization in the core protocol and network. This has eliminated for users the need to rely on what I call a “trusted fourth party” that is, a centralized currency-unit issuer. However, next to broad Bitcoin-community enthusiasm about the potentials for decentralized designs, this does not necessarily imply a need to eliminate any and all points of centralization, such as the ordinary business design of competitive third-party services, whether centralized or decentralized. (De)centralization is negative when misapplied and (de)centralization is positive when well applied.

That said, Bitcoin does raise the competitive bar for financial service providers in original ways. It gives users an unprecedented opt-out path from the third-party financial services market as a whole. From a user standpoint, Bitcoin eliminates the need to necessarily rely on any third party whatsoever to aid in conducting one’s financial affairs. One who does not find some third-party service helpful can choose instead be one’s “own bank.”

I contrast, the traditional banking system’s only true opt-out path for end users is to be “unbanked” and thereby excluded from significant opportunities to engage with extended commercial society. With no true opt-out path for customers, but only a choice of fundamentally similar Bank A and Bank B, banking systems became increasingly cartelized over the course of centuries in the pursuit of coordinated inflation at the long-term expense of end users. Bitcoin has now provided end users exactly such an alternative to the familiar array of cartelized non-choices in financial services. It has also provided an opt-out path from the need to use reliably value-losing fourth-party-issued currency units.

A cause of certain irregularities

As MtGox has shown (to varying degrees for years and only now to its clearest extreme), particular third-party service providers can be unsound in their business practices. What is somewhat more mysterious is that such entities could continue to exist despite a long-standing negative business reputation, as well as the parallel presence of at least some apparently sounder alternatives.

One major factor in this is the high degree of regulatory risk and uncertainty in financial services in many countries. This has held back—by years—the entry of additional and higher-grade competitors, including not only start-ups, but potential new service offerings from existing firms. Many firms that could have easily started offering more professional Bitcoin services much sooner, did not do so due to risk avoidance in the face of a pervasive climate of regulatory fear and uncertainty.

Such companies—the market entry of which no one ever witnessed because it did not happen (Bastiat: “that which is not seen”)—had an abundance of just that expertise in systems, internal controls, and financial management in which MtGox seems to have been painfully deficient. In any less hampered market than financial services, such a company as MtGox should have easily been outcompeted and/or acquired by superior entrants long before reaching such a significant scale and being in a position to be a conduit for as much damage to its customers as it has.

“Regulation,” far from being a comfortable universal-savior solution, is in this way squarely to blame as a major factor in setting up the competitively hobbled business climate that helped enable such a weak firm to remain in business far past its expiration date. That stronger firms are now growing and new ones appearing is a positive development for the Bitcoin ecosystem. That more and stronger new entrants were missing in action starting at least two years ago owes a great deal to the artificial ex ante political blockades to social progress collectively known as “regulation.” The up and down tides of market sentiment regarding the range of potential regulatory actions have also played a major role in amplifying bitcoin price volatility. This component of volatility is then naively blamed on “bitcoin” instead of on the irrational and unpredictable regulatory climate, market expectations about which shift with every passing “official” mumbling, musing, or rumor from anywhere in the world (though much less now than in the past).

Constructive work is underway to apply the conceptual and technical solutions that Bitcoin has brought into the world to the specific business of exchanging global bitcoin for various local monies. These include a range of decentralized exchange protocols, and methods of using the blockchain to confirm customer reserves. Contracting for independent third-party audits would also seem a reasonable business measure for participants in a competitive exchange landscape. Offering such audits could be another un- or under-tapped potential business opportunity. Once again in this case, progress has been impeded by regulatory fears that have helped prevent relevant established professionals from getting involved much sooner just where most needed—in an entirely new world-changing start-up industry.

As the less content-oriented among media participants scramble to conflate as thoroughly as possible the emerging disasters of the MtGox company with their own vaguely formed fantasy images to which they attach the word “Bitcoin,” I take note that the really existing Bitcoin was designed as an innovative solution to the centuries-long institutional problems of users having little choice but to trust some “trusted third party” in their financial affairs. What has been dubbed “Empty Gox” is only the latest particular manifestation of this long-running problem, to which Bitcoin itself has arrived on the historical scene as a significant new class of solution.

 

Suggested reading: “Bitcoin: A Peer-to-Peer Electronic Cash System,” Satoshi Nakamoto (Oct. 31, 2008) [PDF]

Summary update on Bitcoin transaction malleability adjustments

/

Here is a quick summary of the current state of the response to transaction-malleability attacks on some exchanges, based on what I have gathered mainly from Github, Reddit, and Twitter discussions. One note on terminology at the outset, transaction-ID malleability would probably make this easier to understand for the general public at first glance—the substantive content of transactions cannot be alterned at all through this issue.

The MtGox exchange was still hardest hit in its particular implementation, but more importantly, it is mainly suffering in addition due to a general lack of market confidence in its business and solvency, which has built up over a very long period. The “price” it currently displays is not really a “Bitcoin price,” but mainly a market risk assessment of the likely state of the exchange’s own solvency. The current issue and MtGox’s response have come as a “last straw” for the market’s view of this company. This business-specific factor has also amplified the wider public impression of how significant the actual general technical issue itself is (this is typical for Bitcoin news, but still).

That said, MtGox’s infamous Monday press release blaming the Bitcoin protocol for its own woes was not entirely fanciful after all, and some wider adjustments are being made to tighten up this issue at some other exchanges and even in the reference implementation itself. These code adjustments in response to transaction ID malliators (those taking advantage of the situation to reissue transactions with altered transaction IDs) are taking shape and are in the process of being approved and implemented.

What we are apparently getting is a new “normalized transaction ID” field in transactions. This reflects the substantive content of the transaction itself and is therefore immune to the malliation to which the standard ID is subject prior to confirmation. To clarify for those who have not followed this closely, this issue has never had any direct effect on the content of transactions, that is, on who gets what. The exploit is only a way to fool some wallets into not seeing that a confirmed transaction has in fact been confirmed.

The work underway is precisely to fix these particular implementations so that they correctly perceive that confirmed transactions actually have appeared on the blockchain. These implementations had been relying on the initial standard transaction ID for this function. Not everyone understood that during a window after initial submission to the network and before confirmation, a transaction could be copied and the copy reissued with an altered transaction ID by changing the format of the signature.

Reference wallet features to make use of this new normalised ID are well in process. These include detecting copies of the “same” (in terms of hard content) transactions with differing standard transaction IDs. This is called “Walletconflict detection.” “Conflicted” transactions, that is, versions of a transaction that did not confirm due to ID malleation, are to be reported as “confirmations: -1 and category: ‘conflicted.’” This status is based on detection of multiple transactions with the same (new) normalised transaction ID as one another (only one such transaction can ever be confirmed, but this new feature brings any ID-malleation attempts to the ‘attention’ of the wallet software by showing all malleated and non-malleated versions that carry the same content).

The Bitstamp exchange announced Friday morning (in Europe) that its system adjustment, built with support from core developers, had passed internal testing and that it is likely to resume withdrawals later in the day.

There is more to be done to support more complex and as yet rarely used Bitcoin features in terms of the standard transaction ID issue, as this ID is what is used in inputs to future transactions. This is complex, because the malleability of the standard ID could also have positive uses in the future in facilitating certain types of complex transactions. The current adjustments with the addition of the normalized transaction ID and related code should be a sufficient immediate adaptation to the issue.