Attack of the 50 Foot Blockchain
Page 9
Bitfinex was originally based on a leaked253 copy of the codebase from defunct exchange Bitcoinica, which was founded by sixteen-year-old Bitcointalk user “Zhoutong” and shut down after being hacked in 2012. Its software turned out to be made entirely of copy-and-pasted cheese and string that nobody at all knew how to fix. This is quite typical of Bitcoin-related code and systems, as if financial software and systems architecture had never happened. One of Bitfinex’s early developers described what the system was like when he had been working on it:254
It has proved impossible to cleanly modularize and upgrade zhoutong’s spaghetti code. (Or if it is possible, Bitfinex technical team doesn’t know how to proceed.) In the current system, everything is entangled. There is no clean separation of concerns. They inherited this steaming shitpile of a codebase and they’re stuck with it.
Their legacy data model, as implemented in their current system is insane. The system was designed by a 16 year old FFS! Everything is ad hoc, there is no specification, there was zero documentation, there is minimal accounting for edge cases, exception handling was tacked on as an afterthought. There was no thinking things through. Everything is ad-hoc! Therefore it kinda works except when it doesn’t!
A Bitfinex representative responded stating that “a grand total of 0 lines from Bitcoinica’s code exist on Bitfinex” – the site moved at least partially to the AlphaPoint platform in 2015255 – but the developer asked him to explain, if Bitfinex had an all-new codebase, how they had accurately reproduced bugs that dated back to Bitcoinica.256
The software problems were glossed over for years, because day traders are otherwise known as compulsive gamblers, and crypto day traders make foreign exchange day traders look sober, considered and balanced. The traders didn’t care as long as it mostly worked and they could keep trading. And, to be fair, the traders loved the Bitfinex platform. Bitfinex worked to polish up its front-end usability and back-end system software, and prided itself on its quality as a crypto trading platform.
Then, on 2 August 2016, nearly 120,000 BTC (then around US$68 million) was stolen from Bitfinex customer accounts.
Bitfinex had set up customers’ funds each in their own individual segregated wallet with three keys: one held by Bitfinex, one held by third-party agency BitGo and one held by either the user or Bitfinex (as an offline backup key). Bitgo had built an API for Bitfinex to manage this. Any transfer would require two of the three keys.257 Their aim was to provide greater transparency, with transactions visible on the blockchain, and it also hampered attempts to use the exchange as a mixer.
Bitfinex would send transactions to Bitgo, who would check the transaction was in accord with the policy set for that wallet, and sign if it was. Bitgo’s API allowed policy changes – but it included unintended functionality allowing global limits to be changed, without explicit out-of-band confirmation. Neither Bitfinex nor Bitgo had realised this vulnerability – but the hacker did.
Full details of the hack have yet to be released. But it appears the hacker knew both Bitfinex and Bitgo’s systems intimately. They got into Bitfinex’s system, gained access to the accounts that could change limits and sent a global limit change, thus allowing them to proceed to withdraw thousands of Bitcoins.
Usually a theft of this magnitude heralds an exchange disappearing or shutting up shop with apologies, or local regulators noticing its existence and swooping in. Bitfinex considered going into bankruptcy, which might leave customers waiting years for a payout. But as the supplier of gambling trading facilities not available elsewhere, Bitfinex felt there was sufficient demand for their services that a drastic action would be considered acceptable to their users: rather than have some customers take a 100% loss, they assessed a 36% “haircut” on all customer deposits – including non-Bitcoin deposits. Depositors whose coins had been hacked would be compensated with money from depositors who hadn’t: “we are leaning towards a socialized loss scenario among bitcoin balances and active loans to BTCUSD positions.”258 The company would then try to trade its way out.
You might think that compensating your customers using money from other customers, while the owners don’t take a hit, would be against the rules in any reasonable financial system. Particularly as bankruptcies usually pay depositors and creditors first and equity holders last. But welcome to Bitcoin.
Why on earth did the users put up with this? Secondly, because this was claimed to be the haircut they’d take if Bitfinex were to liquidate.259 (Bitfinex didn’t show their working.) But firstly, because they were desperate for continued access to their favoured strip mall casino. Bitfinex promptly went back up to No. 1 on the Bitcoin exchange volume charts.
(Some users did consider suing, but found the company “a Matryoshka doll of shady shell companies in different jurisdictions, so it’s hard to work out what the right place to sue them is. Then you have the cost and time of the lawsuit, and if the tokens aren’t worth much by the time you get to the end of this long and expensive process there’s a risk they’ll go into liquidation anyhow.”260)
Bitfinex didn’t want its users to feel they’d been left high and dry. So it offered them Bitfinex tokens (BFX) for their losses, saying that they’d come through at some later date on these IOUs and reimburse the holders with their face value:261
The token is a notional credit, is dependent on the Bitfinex Group’s recovery of Losses, and is subordinated to any claims against the Bitfinex Group not related to the Losses.
You could even trade these tokens – trading away your right to reimbursement if the stolen coins were recovered – and use them as collateral for margin trading.262 Though only on Bitfinex:
The token and your rights pursuant thereto may not be assigned except with notice to, and the prior consent of, the Bitfinex Group, on terms to be determined by the Bitfinex Group.
You might think this would constitute offering an unregistered security, but welcome to Bitcoin. The price for BFX dropped below its $1 face value even before release, opening at $0.80 and ending the day at $0.32.
Bitfinex redeemed about 1% of the BFX in early September. As it happened, they had enabled margin trading on BFX itself one day before, and the price went up from $0.40 to $0.56 just before the announcement.
Around the time of the 1% redemption, 30% of trading on Bitfinex was BFX, which they collected trading fees on. The BFX tokens also kept their customers on Bitfinex in the hope of a payout, rather than just cashing out and never coming back.
In late September, they offered conversion of BFX into equity in their company, iFinex Inc.263 In October, they came up with another layer: the Recovery Right Token (RRT), for everyone who had sold their BFX for equity.264 Should any of the stolen coins ever be recovered, Bitfinex would first pay back the BFX holders who had not converted their BFX to something else, then pay back RRT holders with the remainder. That’s a token on a token on money they would normally have had to pay back. You could also trade the RRTs on the exchange.265
Convoluted arrangements like this are part of why bankruptcy laws, let alone financial trading regulations, exist: so that creditors and depositors get paid first and fairly in a clear and open manner.
In the meantime, Bitfinex promised a financial and security audit. Not by any such tawdry profession as actual accountants; they were going to use “Ledger Labs Inc., a top blockchain forensics and technology firm,” which happens to be run by Vitalik Buterin, creator of Ethereum (of which more later).266 They later admitted this audit had never happened.267
Bitfinex then posted an open letter to the hacker, seeking “a mutually agreeable arrangement in exchange for an enormous bug bounty”, i.e., if only they would explain how they’d hacked Bitfinex: “Our interest here is not to accuse, blame or make demands, but rather to discuss an arrangement that we think you will find interesting.”268
It was entirely unclear to any observer what possible arrangement could be more interesting to the thief than “I have all your bitcoins n
ow.” The stolen bitcoins are slowly being sold off through other exchanges,269 which is very like a bank accepting a big bag of dye-marked notes known to have been robbed from another bank and deciding they don’t care.
On 3 April 2017, Bitfinex announced they would finally redeem the other 99% of the BFX tokens for their $1.00 face value!270 They paid back the dollar value of the stolen bitcoins at the time of the theft – i.e., about half what it was by April. Their haircut gamble had paid off, and they were proud to have made their users whole once more: “We’ve demonstrated an alternative to bankruptcy.”271
What they didn’t announce was that in mid-March, Wells Fargo had told Bitfinex’s Taiwanese banks that it would stop accepting international US dollar wires from Bitfinex, cutting them off entirely as of 31 March. The BFX token redemption was only a number in the user’s USD account on Bitfinex, and not anything that could be withdrawn. (Some larger customers could get US dollars out to a limited degree,272 but as I write this in June 2017, retail customers still can’t reliably get US dollars out.)
Banking relationships are a perennial problem for crypto exchanges – banks, and particularly correspondent banks (whose customers are other banks), hate dealing with money service businesses because the KYC/AML compliance is complicated and expensive. Phil Potter, Chief Strategy Officer, noted on a Bitcoin podcast during the Wells Fargo problems:273
We’ve had banking hiccups in the past, we’ve just always been able to route around it or deal with it, open up new accounts, or what have you … shift to a new corporate entity, lots of cat and mouse tricks.
Bitfinex filed suit against Wells Fargo on 5 April, stating that their business was now “crippled” and under “existential threat” and seeking a temporary restraining order.274 They still hadn’t told their customers there was any problem, though users had been reporting withdrawal problems since mid-March. They dropped the suit on 12 April,275 at that stage having only admitted the problem to customers already discussing it on Reddit.
(Mark Karpelès noted how when Mt. Gox was cut off by its US bank, his lawyers advised that suing the intermediate bank was “the worst thing we could possibly do” and “the best way to see yourself blocked from all banks.”276)
On 18 April, Bitfinex’s Taiwanese banks also stopped incoming wires.277 By 20 April, no international withdrawals were possible in any currency, only domestic withdrawals within Taiwan.278
All these fresh US dollars returned to BFX token holders then caused the price of a bitcoin to go up, which ended up launching the second great Bitcoin bubble – from $900 per bitcoin at the start of April to $1900 in mid-May and $3000 in early June.279 The mechanism is:
Users have a USD account and a BTC account. They can’t sell their bitcoins and withdraw their cash, but they can buy more bitcoins using their newly-topped-up USD account – which contains trapped “dollars” which can’t be used for anything else. Think of it as a Bitfinex “USD” token, not as actual US dollars – Disneyland fun-money which can only be spent inside the theme park. The price goes up. In April, BTC on Bitfinex was often $200 higher than elsewhere.
With the higher price on Bitfinex, traders arbitrage by buying coins on an exchange with a lower price and selling them on Bitfinex. (Note that the USD from the sale is stuck on Bitfinex.) This raises the price on the other exchanges.
Expectations rise, the price gets mainstream press and more people get into Bitcoin. The bubble inflates.
This works precisely because you can’t get your money out – and other exchanges were also having problems with US dollar withdrawals. Users were reluctant to remove their BTC from Bitfinex because the “price” was highest there (even if unrealisable) and because they loved it as a trading platform.
The trapped “USD” also gets used to buy other cryptocurrencies – the price of altcoins tends to rise and fall with the price of bitcoins – and this has fueled new ICOs (“Initial Coin Offerings,” detailed next chapter), as people desperately look for somewhere to put their unspendable “dollars.” This got Ethereum and ICOs into the bubble as well.
Even better: on Bitfinex, you can use BTC as collateral to margin-trade on USD, which you can then use to buy more BTC. Which also drives the price up.280 And, of course, you can’t get the USD out, so you might as well buy more cryptos with it.
(Bitfinex certainly didn’t intend to start a bubble, and Bitcoin is prone to wild swings of speculation anyway; as I write this, BTC is actually lower at Bitfinex than at other exchanges. The bubble continues.)
While it’s good for Bitfinex’s customers that the company’s desperate gamble paid off, it was a desperate gamble. One problem is that others seem to have taken it as a model. South Korean exchange Yapizon was hacked on 22 April, with 3,816 BTC (then about $5 million) being stolen. It too has applied a 37% haircut – coincidentally about the same percentage that Bitfinex applied – to all customer BTC accounts, in exchange for a token called Fei.281
Although Bitfinex has considerably professionalised since then, the original founder of Bitfinex, Raphael Nicolle, never seemed to appreciate the problem financial regulators tend to have with schemes that pay early investors using money from later investors. He enthusiastically backed the Pirateat40 Ponzi – though at least he later apologised for that one282 – and came up with a high-yield scheme of his own:
So I’m thinking of the following plan: when I need more coins than I have to fill an order, I will ask everyone that previously “registered” with me to lend me some btc. After 7 days, I will return all of it, principal + 2% interests. For you to be contacted, you would have to post here or in PM to say you might lend me bitcoins, and approx. how many you’d be willing to lend me.283
Nicolle has not been seen online since the 120,000 BTC hack.284
Bitfinex does answer one common question asked of Bitcoin sceptics:
“If you’re so critical of Bitcoin, why don’t you short it?”
“Well …”
Chapter 9: Altcoins
Bitcoin was an open protocol implemented in open source code. So alternate cryptocurrencies, or altcoins, quickly sprang up – mostly slightly-tweaked versions of the Bitcoin code, many generated automatically at the now-defunct service coingen.io.
Other blockchains might have different hashes, block sizes, block times or consensus models (how to choose who adds the next block). Short times mean you can verify transactions faster, but too short a time means a block may not get all the way across the network before it’s time for the next block – leading to “confirmed” transactions no longer being confirmed when another version of that blockchain is found that’s longer.
Proof of Work is obviously wasteful. The other main proposed consensus model is Proof of Stake, in which the next block miner is chosen at random according to how many coins they already own. This saves on wasted hashing, but is a bit too blatantly a rentier economy – “thems what has, gets.” And, like every other economic endeavour in history, it will obviously tend toward people putting in up to $50 worth of effort to acquire $50 worth of coins – a stealth “proof of work” however you try to structure it. (Although it may be less ecologically destructive – spending $49.99 of your bank balance generates less carbon dioxide than burning $49.99 worth of coal.)
A few altcoins have tried new ideas, such as Namecoin (an attempt to implement an alternate Internet DNS system on a blockchain), Freicoin (which uses demurrage – negative interest – to discourage speculative hoarding) and Curecoin and Foldingcoin (whose Proof of Work is protein folding for Folding@Home, a distributed computing project for disease research285). But most have a much simpler value proposition: you might get rich too if you start your own magical Internet money!
The usual scheme is that the creators have more of the coin than anyone else, substantially pre-mining the coin before release. They launch it with speculative promises of interesting future features, then sell their coin off (for bitcoins), telling the new bagholders they’re
actually early adopters. Some went further: DafuqCoin compromised exchanges with a rootkit because the exchanges failed to check the code before running it.286 287
Bitcoin advocates correctly consider most altcoins a scam and can effortlessly list all the problems with them – while failing to note that most of these are also problems with the substantially early-adopter-owned Bitcoin.
Cryptocurrency advocates and lazy journalists like to talk about the “market cap” of a crypto, which is the total number of coins or tokens in existence multiplied by today’s price. This is a bogus number that’s not actually applicable to anything – it’s not money that was put into the crypto, it’s not a realisable value like a company market cap, it doesn’t affect prices – it’s just an easily-calculated number that sounds good in a headline. Trading is so thin in any crypto, even Bitcoin, that you could never realise a fraction of the number. If you want to compare interest and activity in crypto assets, you need to compare trading volumes, if you can find good numbers for those.
Litecoin
Litecoin is the “me too” coin. It hasn’t many interesting stories, but it was the most prominent altcoin before the first Bitcoin bubble burst; for a few years, sites like the Pirate Bay that accepted Bitcoin donations often also accepted Litecoin donations. It was marketed as “the silver to Bitcoin’s gold.” The main difference from Bitcoin is a different hash designed to be resistant to GPU mining (though ASICs eventually came out) and a shorter block time.
Litecoin’s price went up with Bitcoin’s until 2013, the price crashed with Bitcoin’s, and during 2014 it declined from its peak of $42 (spot prices of $68 on some exchanges) to $1.50. It hovered around $4 until it hit $30 in the second bubble – altcoin prices tend to track Bitcoin’s price – and the small current volume is Chinese speculators.