Section 1 : The Trusted Third Party Problem
Chapter 3: Trying to Undo Satoshi
by Wendy McElroy
Decentralized Exchanges Own the Future (Chapter 3, Part 1)
I was acutely aware that many of the major problems still plaguing the Bitcoin ecosystem, including fraudulent services, unreliable exchanges, and an often surprising lack of security, were not caused by Bitcoin’s unique property of decentralization; rather, these issues are a result of the fact that there was still great centralization left, in places where it could potentially quite easily be removed.
Decentralized Exchanges Own The Future
Bitcoin eliminates the need for trusted third parties. (Remember, the word “trusted” here refers to an intermediary that needs to be trusted because honesty and competence are neither assured, nor easily verified. It refers to an entity that can steal or defraud.) Not surprisingly, trusted third parties object to being obsoleted by cryptocurrencies. As Mel Brooks declared while playing a politician in the movie “Blazing Saddles,” “We have to protect our phony baloney jobs, gentlemen!”
One way the government protects its job is to require people to use a trusted third party that is under its control: a centralized, licensed exchange. To be licensed, the exchanges agree to comply with many of the same rules that apply to banks, especially the verification of customers’ identities and the disclosure of financial information to authorities. No customer’s privacy or wealth escapes scrutiny.
Then, government attacks both peer-to-peer transfers and decentralized, unlicensed exchanges (DEXs) as vehicles of crime which must also be regulated or outlawed. With the free-market competition removed, the government enjoys a monopoly on cryptocurrency. Or, rather, it comes as close as possible to a monopoly. The flow of bitcoin cannot be controlled any more than the traffic in street drugs. But outlawing an activity does drive it underground and makes it riskier, which discourages many or most people.
A false dichotomy is being set up between centralized exchanges and DEXs; it is false because it is viable for the two methods of business to run in parallel, with users deciding which one they prefer. That will not happen, of course, because the goal of government is not choice, but control. It needs a money monopoly and data in order to tax and to confiscate wealth. And, so, it uses centralized, licensed exchanges to fold cryptocurrency into the existing financial system. This backtracks bitcoin to the trusted third party problem that it was designed to solve.
The Case Against Centralized, Licensed Exchanges
The freedom of early cryptocurrency hinged on two circumstances that have altered. First, legislators did not understand the phenomenon, nor did they take it seriously. Most are still in the dark, but they grasp at least one aspect: fortunes are being made, and they want “their” share. Second, most of the earliest users were deeply suspicious of government, and zealously protective of the features of Bitcoin that gave freedom and privacy, such as decentralization. As the crypto-community grew, however, it drew users who focused on financial gain and who held conventional views of government. To such people, government approval means cryptocurrency is going mainstream, which translates to greater profit. A significant portion of the community now argues for regulation and applauds licensing.
What is a centralized exchange? Politically speaking, there are two types– unlicensed and licensed—both of which share some characteristics.
A centralized exchange is a platform through which customers place orders to buy, sell, or convert coins, with the exchange being a trusted third party that facilitates the transaction. Some exchanges offer sophisticated software by which customers can speculate in much the same way as on a stock exchange. Others extend extra services, such as a prepaid debit card that can be used at ATM machines. The exchanges usually profit by charging fees or by taking the buy/sell spread as a commission.
Centralized exchanges have benefits. They are easy to use. And people who are familiar with banks may feel more comfortable with their finances regulated. The exchanges also have negatives. Typically, they restrict how or when funds can be withdrawn, or they ban withdrawals and hold funds during trades.
When an exchange is licensed, it imposes not only its internal rules but also those of government. Centralized, licensed exchanges introduce at least six unnecessary risks to their customers: the possible dishonesty of an exchange, bad actors from outside, identity theft, incompetence, collapse, and affiliation with government. Some risks come from being centralized; some come from being licensed.
Dishonesty of The Exchange: Many customers hold funds in their accounts rather than in private wallets. There can be good reasons to do so. For example, a trader can access and trade funds more quickly from his account. But holding funds in an account is dangerous. A coin is a non-physical presence on a public blockchain; it can be accessed only by a private key, which is a string of text. If the private key is not shared, then only the owner can control the coin. A coin held in an exchange account, however, is controlled by the exchange because it has the private key. Indeed, some centralized exchanges refuse to release the private key to the account holder, making the customer trust the exchange as though it were a bank.
The Japanese exchange Mt. Gox is a dramatic illustration of why this dependency is dangerous. Network administrator and CEO Mark Karpelès purchased Mt. Gox in March, 2011. By the turn of 2014, it was the world’s largest exchange, conducting an estimated 70% of all bitcoin transactions. Then, in February 2014, Mt. Gox abruptly shut its e-doors and website, before filing for bankruptcy protection. When a leaked document forced his hand, Karpelès announced that some 850,000 bitcoins belonging to Mt. Gox and its customers were “missing.” (The total was later reduced when Karpelès found 200,000 coins in “a forgotten wallet.”)
An independent audit determined the coins had been stolen over time, beginning several months after Karpelès had acquired Mt Gox. He has been arrested twice: in 2015, for data manipulation; and, in 2016, for embezzlement. The criminal trial continues, with few people crediting his “not guilty” plea. Meanwhile, under Japanese bankruptcy law, Karpelès may soon be a mega-millionaire due to bitcoin that he still holds. An October 10, 2017 article in Ars Technica explained, “Creditors to be paid out at April 2014’s ~$440 per Bitcoin, not Nov. 2017’s ~$6,500. In an e-mail to Ars, Karpelès wrote that the ‘proposition’ that he could stand to gain a lot is based on laws’.” In short, he is pocketing the profit.
Bad Actors from Outside: Hackers pose a notorious threat, and centralized exchanges are vulnerable because they are large, rich targets. Last July, for example, hackers stole $32 million in Ether from Etherscan by exploiting a software vulnerability in the popular wallet, Parity. As bitcoin.com contributor Jamie Redman pointed out, “Close to a quarter of a billion dollars in ether has been drained by either the ‘black hat exploiters’ or the ‘white hat group’ since the notorious DAO debacle last year.“ The “black hats” are the bad actors; the “white hats” are good actors who protected vulnerable accounts by temporarily draining them.
Identity Theft: Hackers scoop up personal data as well as wealth. The risk is due both to centralization and to licensing. Exchanges collect personal data to protect themselves from scams. Licensed ones collect increasingly extensive data to comply with government requirements. Then, they share the information with government agencies, which make the risk factor spike.
Incompetence: Some centralized exchanges have notoriously buggy software. A November 14, 2017 headline in the Merkle lamented, “Kraken Exchange Issues Ruin Another Weekend for Cryptocurrency Traders” . The article stated, “Over the past few days, it’s become pretty obvious Kraken has a lot of problems it still hasn’t sorted out. Problems like these have been documented for many years now, and many complaints can be found all over social media.” In short, the site crashed. Glitches are common at exchanges, the article noted, “Unfortunately, Kraken is not the only platform dealing with issues of this magnitude. Particularly when it comes to EUR-based trading, the number of viable alternatives is pretty small right now.”
Even security-savvy exchanges rely on the competence of related software being used, as the Parity wallet fiasco revealed. The problem will only worsen as more and more technologically-unsophisticated people pour into cryptocurrency to make their fortunes. This means that people will not have reliable access to their accounts.
Collapse: Exchanges collapse for many reasons. Cryptsy, which has closed indefinitely, is a cautionary tale. In January 2016, Cryptsy announced:
“Trades and withdrawals will be suspended on the site indefinately [sic] until some sort of resolution can be made. Here are our options:
1. We shut down the website and file bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements. – or –
2. Somebody else comes in to purchase and run Cryptsy while also making good on requested withdrawals. – or –
3. If somehow we are able to re-aquire [sic] the stolen funds, then we allow all withdrawal requests to process.”
Whether Cryptsy closed because of a reported theft or because of its own scams is a matter of debate and lawsuits. But the dilemma of customers with funds trapped in a defunct exchange is not debatable. Like customers of Mt. Gox, they may struggle for years to redeem a fraction of their own wealth. And that is one of the best outcomes.
Affiliation with Government: The last risk is to both the funds and the freedom of account holders. It is not entirely created by government, but it is certainly exacerbated by it. By adopting ID verification and information sharing with the authorities, licensed exchanges endanger customers.
Consider privacy, which is a defense not only against ID thieves but also against government overreach. Most exchanges in North America and the UK demand ID verification before they will open an account. All licensed ones do so and the process can be quite invasive.
The government’s use of exchanges to invade privacy and to prosecute is heating up. A November 14, 2017 article in bitcoin.com warned of just one incursion against privacy–albeit the largest one on record in the U.S. “This week the battle between the U.S. Internal Revenue Service (IRS) and the San Francisco firm Coinbase is heating up once again as a U.S. Magistrate Judge is siding with the tax collector.” The IRS claims that 900 people or fewer file tax returns for the past few years out of the appproximately 500,000 Coinbase customers who are U.S. citizens. And, so, they demand the right to sort through the personal finances of every U.S. citizen at Coinbase. (Much more on the threat posed by government in the next segment of The Satoshi Revolution.)
The Case for Decentralized, Unlicensed Exchanges
Fortunately, not all exchanges are equal. Some are decentralized. Happily, decentralized exchanges (DEXs) are becoming more popular due to uncertainty. Legislation on cryptocurrency is looming and there is little clarity on what constitutes “a security.” The uncertainty makes centralized exchanges reluctant to accept the flood of new coins that are being issued by a glut of ICOs. DEXs fill this vacuum.
DEXs bypass the trusted third party problem by not controlling the funds of customers. The funds are controlled by the DEX users who transact peer-to-peer through an automated process. What distinguishes one DEX from another is largely the method of the automated transfer.
The DEX EtherDelta illustrates how peer-to-peer transactions are executed through a unified smart contract; this self-executing contract uses cryptographic code to enforce an agreement. Here is an over-simplified explanation: Customer A places a resting order–that is, a signed intent-to-trade that includes a price, a volume, an expiration date and a signature. It is recorded in an off-chain book. When Customer B accepts the trade, he or she sends payment to the on-chain address of a created smart contract and so establishes a type of trustless escrow. The smart contract verifies the trade; for example, it checks that the accounts have sufficient funds. Then, if all is correct, it automatically executes the trade by transferring funds. No trusted third party is required.
Other DEXs use smart contracts to automatically match buyers and sellers. That’s when a standing order to sell matches a standing order to buy and the transaction is automatically executed. Still others use proxy tokens, swaps, and innovative techniques that can be confusing.
[Note: Some people argue that the blockchain and the smart contract are trusted third parties in a distributed, inanimate form. But each is merely a tool, not a person, not an institution. They cannot act in bad faith. The situation is akin to using a hammer to make a repair versus hiring a carpenter. The hammer might be badly made, but it is still just a tool.]
DEXs can resemble the Wild West because this is the early stage when rough edges are being smoothed. The roughness includes buggy code in some smart contracts, the lack of trading software, a slower response time, and the difficulty of navigating sites. Nevertheless, DEXs avoid the pitfalls of centralized, licensed exchanges.
Dishonesty of The Exchange: DEXs do not hold customers’ funds so trust does not arise. Customers keep their own coins until there is an appropriate peer-to-peer trade that occurs on-chain or privately off-chain. If it is on the blockchain, then every transaction is “audited” constantly by cryptographic proofs. If it is off-chain, then the responsibility for a secure exchange rests with the direct participants, as it should.
Bad Actors from Outside: On the cryptographic forum metzdown, a poster named Bear sketched out why DEXs are far more secure than centralized exchanges.
People prefer hash chain solutions because…a bunch of people…would have to act in bad faith to screw people over, and the maximum practical size for a conspiracy is rapidly exceeded. People prefer block chain solutions because that sharply limits the time window during which someone acting in bad faith could screw them over, and imposes significant (possibly insurmountable in practice) hardware requirements and expense on bad-faith actions.
Block chains [sic] mean that someone cannot act in bad faith without making a substantial investment that is not justified by the rewards of the
action. Block chains, in fact, mean that the ‘trusted’ party cannot even be INDUCED OR COMPELLED to act in bad faith by blackmail, bribery, extortion, or force of law.
Incompetence: It may be impossible to eliminate incompetence entirely. Even DEXs have been accused of buggy smart contracts, as mentioned previously. All that can be done is to take as many precautions as possible. Those precautions include: using math and a network of computers to audit blockchain results around the clock; transparency; drastically reducing removing the human factor; publishing source code; and, limiting damage through peer-to-peer transfers, which also tend to make problems obvious quickly. Overwhelmingly, DEXs take these steps. Overwhelmingly, centralized, licensed exchanges do not.
Collapse: This is possible for any exchange. Since the DEX does not hold customers’ funds in accounts, however, the worst scenario is that the funds in pending transactions are lost.
Identity Theft: Many DEXs demand no real personal information and accept user names instead. But some do require a minimal amount of personal information. LocalBitcoins, for example, requires an email address, which can be anonymized in various ways. An identity is required only when a bank wire or similar transfer is involved, and, then, it is given to the person at the other end of the peer-to-peer transfer.
Forbes (September 23, 2017) pointed out the urgent importance of protecting personal data by referring to the data breach in the consumer credit reporting agency Equifax that affected some 143 million people in the US. “Attackers were able to get hold of names, social security numbers, dates of birth, and addresses of users, which can all be used to fuel activities like fraud and identity theft,” the article warned. “The Equifax breach is a clear reminder of the risk users take when entrusting centralized authorities. Decentralization is one way such issues can be prevented. Combined with encryption, blockchain can make breaches more difficult for attackers since it eliminates the single point of failure.”
Affiliation with Government: In an article entitled “Are Crypto Exchanges About to Go De-Centralized?,” economic commentator Louis Cammarosano observed that a DEX’s servers “…reside in different locations. A decentralized exchange holds no assets or customer funds and therefore there is nothing to seize and no central location to shut down. Using a decentralized exchange, users can buy and sell crypto currencies with other users on the platform or off platform in person. Decentralized exchanges make it extremely difficult to track transactions and collect taxes.”
There are other freedom benefits. If government cracks down on cryptocurrency, for example, then DEXs offer a viable alternative. An article (September 19, 2017) in Quartz opened, “China’s bitcoin exchanges are closed to local customers, and a “comprehensive ban” is reportedly in the works. In the meantime, China’s bitcoin traders are heading for the peer-to-peer marketplace LocalBitcoins to exchange fiat and crypto. The trade volume on LocalBitcoins has surged in recent days.”
DEXs are the future. It can only get shinier with the development of new and better tools, such as Atomic Swap.