The Hong-Kong based Bitfinex exchange is short 119,756 bitcoins after being hacked on Tuesday, though nobody can be sure what’s really happened because ‘hacking’ is a loose term and can encapsulate almost anything, including an internal security breach. (Do see the case of Mt Gox.)
The mark-to-market value of the stolen coins is roughly $70m, but again who can really tell their true worth. Bitcoin is an asset class where the liquidation of 119,756 (approximately 0.8 per cent of the total bitcoin circulation) can move the market more than 20 per cent, suggesting a certain fantastical element to the valuation.
What is worth noting is that the hack follows a CFTC action against Bitfinex operations in the US which found:
…that from April 2013 to at least February 2016, bitfinex permitted users to borrow funds from other users on the platform in order to trade bitcoins on a leveraged, margined, or financed basis.
Bitfinex did not actually deliver those bitcoins to the traders who purchased them. Instead, Bitfinex held the bitcoins in deposit wallets that it owned and controlled. Therefore, Bitfinex engaged in illegal, off-exchange commodity transactions and failed to register as a futures commission merchant, in violation of Sections 4(a) and 4d of the Act, 7 U.S.C. §§ 6(a) and 6d.
The regulators at the CFTC, in other words, were unhappy with the fact that the exchange was acting more like a margin-taking, potentially balance-sheet deploying, broker-dealer than a conventional matching broker or exchange. Bitfinex promised to change its ways and run a more robust system which properly segregated funds in future.
None of this “off chain” business, however, should be a surprise to FT Alphaville readers. We’ve been noting for years that bitcoin aficionados suffer from an acute form of cognitive dissonance when it comes to their “full-reserve banking trumps fractional-reserve banking” obsessions. This is because most of the exchanges and wallet services they depend on operate on a fractional reserve or trusted custodian basis, netting flows “off chain”, taking balance sheet risk for liquidity provision purposes or issuing their own liabilities to customers in lieu of actual bitcoin.
These tactics have for years been justified by the community in two ways. First, by the fact that customers can’t be relied upon to store their own private keys (once the key is lost or forgotten there’s no way to retrieve the funds), and second, because client funds are best kept off exchange in “cold storage” so as to limit the risk of keys being stolen. Cold-storage is the crypocurrency term for the offline bank vaulting the hard drives within which private keys are kept.
As a result, most exchanges manage daily transfers and withdrawal requests out of a much smaller pot of liquid bitcoins they control directly on users’ behalf, depositing and receiving sums as and when client liquidity requires, whilst supposedly parking the excess safely in storage. (And if that sounds an awful lot like the current system to you, you’d be darn right.) But of course since many of these exchanges aren’t subject to public audits or disclosures, it’s hard to know if the balances are really being segregated or reserved as claimed. They could, for example, be being re-lent for other purposes. There is, as with banking, a huge temptation to put those idle reserves to better use.
We probably won’t know what really happened at Bitfinex for a while. But what is clear is that thus far the technology which was supposed to be revolutionising finance and making it more secure (oddly, by skirting regulations) is looking awfully like the old technology which ran the system into the ground.
Either way it’s unlikely to be good news for Bitfinex. If the failing was down to a problem with the multi-signature mechanism, then the affair potentially stands to undermine many of the blockchain systems and companies which have come to rely on the system for security. On the same basis it also stands to undermine the side-chain and escrow-based solutions bitcoin developers are working on to overcome the bitcoin network’s scaling constraint.
If the failing was down to an internal security breach or poor risk management on the other hand (say due to naivety or inexperience), this creates an argument for additional capital provisioning, regulatory scrutiny and macroprudential oversight — taking away much of the cost advantage associated with the network.
Don’t say we didn’t warn you.
Related links:
Bitcoin continues to evolve into a worse version of the current system - FT Alphaville
Bitcoin’s panopticon problem – FT Alphaville
Bitcoin companies come of age; start moaning about unfair playing fields - FT Alphaville
Copyright The Financial Times Limited . All rights reserved. Please don't copy articles from FT.com and redistribute by email or post to the web.