Previous bitcoin bull runs have been accredited to turmoil and fear in financial markets. Much has been writtenabout the cryptocurrency replacing gold as a “safe haven” (which I don’t agree with – it’s more of an “appealing alternative”), as pundits point to the jumps after the Brexit vote and the Trump election.
What, then, explains the bull run when Wall Street’s “fear index” is at its lowest point in over 20 years? Bitcoin is up 75% so far this year, and 26% so far this month. Among the reasons given are the increase in demand in Japan, in response to the recent legislation legalizing bitcoin as a “payment method” (but not yet a currency). The renewed possibility of a bitcoin ETF approval is also cited (although it is unlikely), although a stronger influence could well be FOMO (fear of missing out).
This is quite spectacular:
Maybe the “fear index” is wrong? Does anyone really believe that uncertainty and risk are at minimums?
The VIX index, as it is called, measures volatility. The assumption up until now has been that volatility = fear, and when things are going belly up, volatility peaks. What if volatility no longer measures fear? What if market liquidity, speed, derivatives and algorithms have ruptured the historical relationship?
I’m not a market expert, but I can’t see how volatility wouldn’t go up in times of trouble. So I find this completely perplexing.
One thing to bear in mind – just because bitcoin is not at this stage relying on its “appealing alternative” status, does not mean that it loses it. The fundamentals and characteristics that make it interesting have not gone away. It’s just that it has other good stuff going on.
Now that the market excitement over the possibility of a bitcoin ETF seems to have been put to bed with the SEC rejecting both the Winklevoss and the SolidX proposals, it’s worth thinking about what needs to change for an official bitcoin investment vehicle to happen.
Forbes published today an interesting article by Moe Adham that unpacks the SEC decision. He pins the causes on two things:
1) The lack of “surveillance-sharing agreements with significant markets”, in this case between the listing exchange (BATS) and a commodity exchange operator (Gemini, which does not have a significant market position). The concern is that the market insignificance of the exchange on which the underlying asset will be traded could leave it vulnerable to manipulation.2) The Gemini Exchange is not regulated enough (it is, though, one of only two regulated bitcoin exchanges in New York – but apparently that’s not enough).
Moe then goes on to hypothesize on what would need to happen before a US-listed bitcoin ETF is approved:
1) The majority of bitcoin trading needs to happen on US-based exchanges.2) US-based bitcoin exchanges need to be regulated.
I agree with Moe that both of the above are unlikely to happen in the near future, but I don’t believe that those are the necessary conditions.
In its ruling, the SEC specified that the main reason for the rejection was:
“because the Commission believes that the significant markets for bitcoin are unregulated.”
While this may be true today, it’s unlikely to remain the case for long. As we have seen, several other majormarkets have made moves to regulate their cryptocurrency exchanges, and we will most likely see this trend pick up steam.
Even if the SEC were to insist on most exchanges being US-based (which I think even they would agree is an unreasonable condition), it’s not totally out of the question. Almost 40% bitcoin trading now happens in US$, making it the largest market, according to Cryptocompare.
Although only two of the top five US$-BTC exchanges are based in the US (Poloniex and Coinbase), one of them (Coinbase) already has a New York BitLicense. Poloniex, on the other hand, pulled out of New York rather than have to apply for a BitLicense. But that might change, either because Poloniex shifts priorities or because the requirements become less costly and cumbersome.
In the bitcoin sector, regulation is a trend that can only move forward.
With increasing exchange oversight and greater liquidity in the major trading markets, bitcoin prices will become more reliable and transparent, solving another of the SEC’s concerns.
So, I’m more optimistic than Moe that we will see a listed bitcoin ETF in the near future.
I don’t, however, think it will happen in the US first. Another country is far ahead in terms of regulation and acceptance by the financial system, and its regulators are more likely to approve a liquid, listed bitcoin investment vehicle in the short term.
Now that the Winklevoss Bitcoin ETF is off the table, it’s worth looking at the alternatives, present and future. What can you invest in if you want exposure to bitcoin without holding bitcoin?
In chronological order of listing, we start with a couple of Scandinavian funds.
The first publicly traded vehicle was an Exchange Traded Note (ETN), not an Exchange Traded Fund (ETF). An ETN is a debt note designed to provide investors with a return linked to a certain benchmark. On maturity, the investor will get the initial cash back, plus or minus the change in value of the underlying asset. An ETN can be liquidated before maturity by trading it on an exchange, or by handing in the relevant amount of the underlying asset to the issuing bank.
ETNs and ETFs are similar in that both track an underlying asset, both have lower expenses than actively managed mutual funds, and both trade on major exchanges. The main difference between them is that with an ETF, you’re investing in a fund that holds the underlying asset. With an ETN, you’re not – the return is tracked and calculated. Since an ETF is not backed by an asset, its credit worthiness is tied to the reliability of the underwriting institution.
In May 2015, Stockholm-based XBT Provider launched the first bitcoin-based ETN, on the Stockholm Stock Exchange (part of Nasdaq Nordic). It was called Bitcoin Tracker One and was denominated in kronor. Bitcoin Tracker EUR, denominated in euros, followed a few months later.
Trading of the two was briefly suspended a year later when XBT Provider’s parent company – KnC Group (which also owned bitcoin miner KnC Miner) – declared bankruptcy ahead of the bitcoin halving. XBT Provider was swiftly bought by Global Advisors (Jersey) Limited, a Jersey-based investment manager (of which more down below).
Both notes are now available in 179 countries (if investors have an account on Nasdaq Nordic), and both prospectuses have been approved by the Swedish financial supervisory authority.
In December 2016, Global Advisors (Jersey) Limited listed the Global Advisors Bitcoin Investment Fund on the Jersey Stock Exchange. While the vehicle had been created in 2014 and had received regulatory approval from the Jersey Financial Services Commission, this listing made it the first regulated bitcoin fund to trade on a recognized, regulated exchange. Rather than just hold bitcoin, it actively manages holdings in order to outperform the underlying asset.
The custodians for the fund are Gemini and itBit, both regulated bitcoin exchanges. Although the fund is pitched as a pure bitcoin play, its charter allows it to hold up to 25% of its wealth in non-bitcon assets.
The Bitcoin Investment Trust (BIT) was the first US-based private investment vehicle to invest exclusively in bitcoin. While technically it is a fund that can be traded and is available to certain segments of the public, holders can only sell one year after purchase.
BIT began raising capital on SecondMarket, an alternative exchange for private stock owned by Digital Currency Group CEO Barry Silbert, in September 2014. SecondMarket made a $2m seed investment in the fund. BIT is aimed exclusively at institutional and accredited individual investors, with a minimum investment of $25,000.
In 2015 it launched a new sponsor, Grayscale Investments. It also moved its trading to the OTCQX, the leading over-the-counter exchange in the US, where it resides today. The fund usually trades at a significant premium to the underlying asset, largely due to the low liquidity.
The SEC decided to not approve the proposed Winklevoss Bitcoin ETF, citing the lack of regulation on bitcoin exchanges, and the possibility of using protocol forks to manipulate the price.
While disappointing, none of that is surprising.
What is surprising is that the price didn’t plummet further. That it found strong resistance at $1,000 and then started trending back up is testament to the underlying strength of sentiment.
CoinDesk provided an excellent post-game wrap-up, with comments from Tyler Winklevoss (striking an upbeat tone, way to go Tyler) and others, reflecting on the motives and consequences.
Since the rejection was based on the fundamentals of the bitcoin market, rather than on specifics to the proposed vehicle, it looks unlikely that an SEC-regulated ETF will be forthcoming any time soon. It is possible that other jurisdictions will take a more relaxed approach – but following SEC guidance, it’s unlikely.
So where now for the Winklevoss brothers? One option is to change the scope and objectives of the fund, and limit the availability to a certain type of participant, much like the Bitcoin Investment Trust which is only available to “professional” investors.
Or, the twins could choose to continue to “work with the SEC” (as Tyler said in his statement) to get the fund approved in its current form.
This will require unpacking what the SEC is likely to mean the next time around by “unregulated”.
Bitcoin itself cannot be regulated. It was born as an unregulated currency. To regulate it is to control it.
The exchanges, however, can be regulated. In fact, Gemini is. Gemini is the Winklevoss exchange, from which the ETF price would have been determined, and is one of only three companies to have been awarded a New York BitLicense, which authorizes it to carry out bitcoin exchange activities in the state.
And yesterday, an official from the Central Bank of China was reported as saying that the PBoC is looking (again, but apparently more seriously this time) at regulating the Chinese exchanges.
So, hopefully the Winklevoss brothers will try again (although I shudder to think what all this must be costing them in lawyers). It’s unlikely that deliberations will take quite so long next time around, but even so, a couple of years is a long time in bitcoin – it’s only been around for eight.
A couple of years is also a long time in politics, and the current US administration does seem eager to dismantle financial regulations swiftly. It also appears to be bitcoin-friendly, and can no doubt count on serious lobbying by people both within government and without to harness the potential without stifling it.
While you have most likely heard about the upcoming decision by the SEC on whether or not to approve the proposed Winklevoss Bitcoin ETF (given that most mainstream press is attributing the recent bitcoin price increase to positive expectations), what you maybe didn’t know is this:
Comments sent to the SEC advising on this decision are public. Anyone can tell the SEC what they think. And you can see what they wrote.
It’s fascinating, especially since some sector influencers have sent in their opinions.
For instance, Joshua Lim and Dan Matuszewski of Circle Internet Financialwrite:
“Both institutional and individual investors stand to benefit from the potential listing of the Winklevoss Bitcoin Shares. Such a listing would create a trusted, safe, transparent and regulated entry point into this maturing asset class, which is growing in importance as an investible store of value globally.”
Chris Burniske of ARK Invest (manager of the first ETF to invest in bitcoin) disagrees:
“After thorough examination, we think it would be premature to launch a bitcoin ETF because we do not believe the bitcoin markets are liquid enough to support an open-end fund, or that an ecosystem of institutional grade infrastructure players is yet available to support such a product.”
Attorney and professor of law Philip Chronakis is in favour:
“Denial of the proposed rule will not stop Bitcoin’s progress, but approval of the proposed rule, and the underlying COIN ETF, will put the SEC in the ideal position to oversee Bitcoin’s development as an investment asset – and provide fair, broad-based investment opportunities for not only the connected (or technologically savvy) few, but to all Americans who deserve the same chance to benefit from this technological breakthrough and financial opportunity.”
Michael Lee is against, and sheds some interesting light on recent price movements:
“The price of bitcoin is being heavily manipulated at this very moment on exchanges which somehow began the day of the SEC’s Feb 14th meeting but before the news of this very meeting was released to the public. Currently, we are at all time highs based on rumors and speculation on this meeting alone and it feels like we are again in a price bubble which could result in a huge loss for new investors. An approval of the COIN ETF at this time would only exacerbate this bubble and result in a price crash even before ETF trading will be fully available.”
“The Bitcoin ETF represents a rare opportunity for our country to embrace a revolutionary financial technology (the blockchain) with relatively low risk. Indeed, if approved, this fund would arguably be the most transparent, efficient and secure instrument ever offered – requisites enumerated in the Commission’s founding charters.
Blockchain is the future. If American regulators fail to embrace it, others will, and we will then be forced to follow. Let us lead once again.”
And in a somewhat quirky and impassioned comment, Diego Tomaselli implores:
“We understand your role is to protect the American Investor.
Please, just don’t forget to protect also the American Spirit.”
The magnitude of the price bump that approval would generate is uncertain. Given that the bitcoin price has increased by more than 18% since the beginning of the year, a case could be made that approval is already largely priced in.
Today CoinDesk revealed that GABI (currently one of the largest institutional investors in bitcoin) believes that the market is over-optimistic and is therefore reducing its holdings. Since early yesterday morning, the price has been falling, and at time of writing is down almost 8%.
Whatever happens over the next few days, it’s safe to assume that the bitcoin price will be volatile. Which may not be what you want in the underlying asset of an ETF.
The merger represents a major shift in the exchange landscape in the US. CBOE Holdings Inc. is the owner of the Chicago Board Options Exchange, the largest options exchange in the US. Bats is the second largest stock exchange operator in the US, and the largest in Europe.
Could this affect the probability of the SEC approving the Winklevoss’ fund?
Let’s look at why they chose Bats for the listing. They were originally going to go with Nasdaq, but in mid-2016, they filed an amendment changing the exchange to Bats. Press comment at the time stressed the advanced technology of the trading platform, hinting that the Winklevoss brothers were choosing the more forward-thinking option.
No doubt the technology is part of it, but it’s likely that a larger role was played by Bats’ experience with ETFs: it is the largest ETF exchange in the US.
Nasdaq is no slouch in the technology department. Of all the US exchanges, it has invested the most in blockchain exploration. Its Linq platform enables private company shares to trade on the blockchain, and it recently released the results of a blockchain-based voting trial it conducted with Chain in Estonia last year.
But Nasdaq has fallen behind Bats in market share, and does not have its clout in ETFs.
Also, Bats technology is by many accounts the best in the business (all of CBOE Holding’s operations will migrate to Bats’ platform, a strong vote of confidence). However, at its first attempt at an IPO in 2012, the technology failed and the IPO had to be withdrawn at the last minute. The systems have been considerably strengthened since then, but the SEC could see the dependence on technology as a vulnerability.
That is unlikely, though, since the trend for exchanges is to move to electronic trading. Bats was founded in Kansas in 2005 out of frustration at the duopoly of trading markets, shared between Nasdaq and the NYSE. Unlike other, older exchanges that have incorporated technology bit by bit into their operations, Bats was technology-first.
The merger with the CBOE could be interpreted as enhancing Bats’ stability and reputation. The new entity is expected to have a market capitalization of approximately $10bn, close to that of Nasdaq. While Bats is a relative newcomer, the CBOE is over 40 years old. While Bats is known for its technology, the CBOE still operates physical trading pits. And CBOE Holdings is poised to join the S&P 500.
Furthermore, the CBOE is strong in options, and already talk is circulating of the new enterprise developing an exchange for options on ETFs. This could enhance the revenue prospects in a sector suffering from declining volatility, tougher competition and lower fees.
Even if the SEC denies approval for the Winklevoss ETF fund, it is only a matter of time before a proposal is presented that it will approve. When that day happens, the exchange of choice will probably be Bats.
The merger with CBOE is likely to work in favour of the ruling: if the SEC harboured any doubts about Bats’ durability and reliability, the additional clout and growth potential should put those to rest. Furthermore, the expertise in ETFs should facilitate sensible governance and compliance. And the combined entity’s reach across financial products and geographical jurisdictions underscore the potential that innovation in ETFs could bring to a diversifying segment of the economy.
That does not mean that approval is probable – there are a host of other complications to consider. It does mean that the choice of exchange unlikely to be a negative factor.
The looming decision by the US Securities Exchange Commission (SEC) is, according to market analysts, putting wind under the bitcoin price sails. Market attention and media headlines seem to be focusing on the short-term impact. A pity… they’re missing out on a more interesting story.
A brief summary of the situation so far: in June 2013, Cameron and Tyler Winklevoss – the owners of the New York-based Gemini bitcoin exchange – submitted a proposal to the SEC for a bitcoin exchange traded fund (ETF) to list on Nasdaq. Since then, the Winklevoss Bitcoin Trust proposal has gone through several amendments, including switching to the BATS exchange (newer, and allegedly more technologically advanced) and establishing pricing mechanisms and custodianship procedures. After seeking public comment and using up all the deadline extensions available, the SEC is due to make a decision on approval by March 11th.
Many doubt that it will be approved. In fact, BitMex is running a book on the outcome, which places the probability at less than 40%.
Why would the SEC say no? The decision is a complicated one, but can be broken down into three sections: the intrinsic (issues pertaining to the fund itself), the extrinsic (issues pertaining to the market) and the bigger picture.
Amongst the intrinsic considerations are the suppliers of the various services that the fund will need. The Winklevosses propose that price determination and custodianship be carried out by their Gemini exchange. In the ETF world, it is unusual for one entity to fulfil both of those functions and at the same time be the sponsor.
The SEC also has concerns about bitcoin and its market. Its recent request for information included questions about forks, immutability and hacking, which reveals uncertainty over the strength of the technology. Furthermore, most of bitcoin’s trading volume is in China and Japan, which raises the spectre of manipulation of a US asset by foreign entities.
While structure and market concerns are fundamental, the SEC is no doubt also considering abstract issues such as its own reputation, and the possible effect on financial instruments. Here’s where the more interesting long game shows itself.
The SEC’s main purpose is that of protecting investors. Supporting innovation is not on its list of priorities. Given the relative youth of bitcoin and the potential vulnerabilities of the technology (mining decentralization, accidental forks, quantum technology), the risks are high. And if the SEC approves and something negative happens, that’s their reputation shot.
So, will the SEC embrace evolution and innovation, and acknowledge that bitcoin is here to stay? If so, that would mark a precedent that could shape expectations for years to come.
Or, will the SEC play it safe and defer difficult decisions until a later date? In which case, think about the message sent to change-makers. While it’s impossible to suppress creativity, a “no” decision could send innovators scurrying to find alternative (and less-regulated) outlets.
It’s also important to think about the bitcoin market beyond the immediate impact.
The Winklevoss proposal was recently amended to increase the initial amount from $65m to $100m, which signals strong initial demand. Analysts Needham & Company estimate that $300m could pour into the fund if approved, which given the limited daily volume (US$ trading is usually under $50m/day) would push up the price. How much of that is already priced in, we don’t know. And it’s worth remembering that the estimated inflow is just that, an estimate based on the performance of other similar funds (which is tricky, given that this is a first).
If the SEC decides “no”, it’s probable that the price will fall sharply. But bitcoin has many other fundamentals in its favour, and the price is likely to find support at lower levels (how much lower, I don’t know).
So, the immediate impact, even if the ETF is approved, is uncertain. The longer-term impact, however, is clearer.
There’s the liquidity aspect. If approved, the increase in bitcoin demand will boost trading volumes overall, which will reduce volatility, making bitcoin even more attractive to investors. Most of the increase will be in the US, since the fund will be doing its trading on the Gemini exchange. This will even out the current geographical imbalance in trading volumes, and calm the unease of regulators. It’s worth noting that Gemini is one of two bitcoin exchanges to have a BitLicense, which makes it one of the most highly regulated exchanges in the world.
Beyond price and liquidity improvements, there’s the reputation. Bitcoin will go from being “something criminals use” to “something approved by the SEC”, which would add a lasting veneer of respectability. Institutions and investors, not just in the US, would start to see it as an asset class rather than a libertarian speculation.
This could rattle economists and policy makers, since bitcoin represents an alternative to the established system. But it is in line with increased interest in blockchain technology from institutions. Central banks around the world are studying cryptocurrencies, some with a view to launching their own. And the recent appointment of bitcoiner Mick Mulvaney as Trump’s Director of Office of Management and Budget could herald a shift in the official attitude.
Finally, it’s important to bear in mind that an approved bitcoin ETF would be the first “mainstream” fund to be based entirely on a digital concept, with no tangible underlying asset. This could unleash a stream of creative financial engineering which could usher in a new era of opportunity. Or, it could end up increasing market instability, especially when combined with a federal policy of more relaxed regulation of financial institutions.
So, the ramifications go well beyond a “yes” or “no” and the resulting impact on the price. The initial swings will be exhilarating or horrifying, depending on your position. But the bigger picture, which affects us all, is much more compelling.
Let’s talk about bitcoin derivatives. I’m not an expert, and need to do more research on the actual figures, but my main worry has been this:
PoW supporters talk about the consensus working because “breaking” the bitcoin network would make participants’ holdings worthless. Miners won’t collude because they would lose not only the value of their bitcoin holdings but also the investment in the mining equipment (which is considerable). So, bitcoin is safe.
But what about short positions? A big enough short position could produce enough of a profit to make colluding to “break” bitcoin worthwhile.
My worry has been that bitcoin derivatives weaken the consensus incentives.
Now, I need to check into the volumes required, and the mechanism (can you even short that much, or are there limits?). So this is the beginning of a thought exercise rather than the sounding of an alarm.
My concern has (so far) been largely offset by a fascination for what bitcoin derivatives can tell us about sentiment. I thought that open positions could point to where the price was heading. Until I read this, that is, from Christopher Langner’s article on Bloomberg Gladfly, “Is Bitcoin Growing Up?”:
“The quarterly contract sold at Bitmex entered backwardation — the future price fell below the spot price — in January, shortly after the PBOC started cracking down on the exchanges. In a market with limited supply, the fact that most of the big traders are betting prices will go down must be bad news. So it proved, but this time hedging may have limited the downside.”
Let’s go beyond downside limitation. What if derivative positions were mainly used as a hedge, rather than as speculation in their own right? Backwardation could simply be an offsetting hedge on a large long position. The bearish signal would be false.
In other words, the derivatives traders are not necessarily betting that prices will go down – they could have a big long position (which means they think prices will go up), and the futures contract is a way to protect their downside if it turns out they’re wrong.
A smart trading strategy (assuming the premiums are not too steep – I need to look into that part some more). It does, however, make reading the tea leaves of futures contracts not much more than an entertaining pastime.
CoinDesk reported yesterday on the change in the pricing strategy of the three largest Chinese bitcoin exchanges: BTCC, Huobi and OKCoin. This weekend they announced that they were suspending their “no fee” policy and moving to a 0.2% flat fee, “in response to guidance from the People’s Bank of China”.
A bit of background: the “no fee” model may sound like an extraordinary business strategy (not charging for your main business), but it’s actually not very different from the “Freemium” models we see all over the place, in which most stuff is free, but some things not. The basic service is available to anyone, but for better content or service, you pay something. It’s an old strategy, even used by physical retail outlets – to get you in the store, they price some products so cheaply that they lose money on them. These are called “loss leaders”. The idea is that while you’re there, you’ll buy other stuff as well, and the store will make money there.
In the case of bitcoin exchanges, they don’t make money on the trades they execute, but they do charge a fee for entries and withdrawals. If you want to put money into your account, there’s a fee for that. If you want to take money out, also. But the trading you do in between, no charge.
The objective is to bring in liquidity. The result is to inflate volumes.
Since there is no charge for buying and selling, traders feel that they can churn holdings as much as they wish. And even small gains are worth it, especially if repeated several times during the trading day, since there is no associated monetary cost.
So, volumes are much higher under a “no fee” policy than they would be otherwise, and the PBoC regarded this as “fake volume” which added unnecessary volatility to the market.
In fact, the impact of no fees is so stark that Coinmarketcap (where I get my relative exchange volumes) only includes exchanges with fees in their main ranking (although you can get the whole list in another tab).
So, the volume hit was not a surprise. The announcement last week that the exchanges have halted margin trading (in which the exchange lends you the money to trade, which further encourages speculation) is no doubt also likely to have an impact.
The question now is: will this lower volatility? Or will it increase it?
Intuitively, less “churning” of holdings should make prices more stable. Trades are more “real” in that they are not about grasping at small gains. Positions are (in theory) held for longer, since changing them now incurs a cost. Less “fake” volumes, the PBoC’s reasoning goes, means more stable markets and less risk for non-professional investors.
But, lower volumes means lower liquidity, which means more vulnerability to swings due to large buy or sell orders. With higher liquidity, large orders have less of an impact as there are more funds available to settle those orders. Lower liquidity means that prices move more to tempt traders to take a side.
That, at least, was the argument that LedgerX gave in a CoinDesk interview yesterday. Here we have a derivatives exchange arguing that approval by the Commodity Futures Trading Commission (CFTC) would decrease bitcoin’s volume. Yes, you heard right, derivative trading can decrease volatility. Or so they say, and maybe they’re right, but I’m having a hard time getting my head around this.
The argument is that the increased liquidity from regulated bitcoin options will provide the market with a cushion to absorb large orders and avoid the price swings that usually result. My skepticism stems from the fact that it often is the need to close out derivative positions that generates these large orders in the first place, orders that often need to be filled in a hurry, at any price.
I do buy the argument that increased derivatives trading enhances price discovery, as future expected prices tend to react less to current events. And I understand that an active (and regulated) futures market can reduce the need to place large market-moving buy orders to “bet” on a certain direction – it’s cheaper and easier to buy futures contracts instead. They can also reduce the need to liquidate large positions, by “insuring” them at a relatively low cost.
However, here’s what has me worried: with derivatives, it is not very costly to accumulate large enough a position to benefit from sharp moves. It is conceivable that a speculator could accumulate a ton of puts, and then attack the bitcoin blockchain. The potential profit from the derivatives position from a sharp plunge in price could outweigh the cost of the attack.
And, I am not yet convinced by the increased liquidity argument. It could reduce volatility, but it could also increase it by encouraging speculative positions. That seems to be the PBoC’s position, that “fake” volumes are not good for the market nor for its investors.
As always, time will tell. And no doubt, other factors will throw in additional complications. Attributing changes in trends to any one announcement, in bitcoin as in life, tends to miss the bigger picture.
Since the Bitfinex hack we’ve been hearing the term “multisig security” thrown around as if it were supposed to be some sort of talisman that wards off the evil eye of bitcoin theft. So it’s time we took a look at how it works, so that maybe when we find out how the hack happened, we’ll understand (maybe).
A multisig transaction, as its name implies, requires several valid signatures for it to be accepted. Traditional, simple transactions involve me sending bitcoin to another address and signing with my private key. But what if my computer was hacked and my private key was copied? Then the hacker could create a transaction with my bitcoins and sign with my private key. How can I protect my funds against that happening?
I could establish a rule that more than one signature is necessary for a transaction. Instead of just one private key, my public address could have two private keys, one held by me and one held by a trusted third party. For the transaction to go through, it has to be signed by both private keys. That way, if someone does get hold of my private key and tries to send him- or herself my bitcoins with that signature, it won’t go through unless the second signature (with the second private key) is also applied. It’s a bit like the rule in some banks that two signatures are required for withdrawals. It puts a “check” in place, and makes it much, much harder for a thief to get at my account.
That sounds simple enough, but how do I know the third party won’t disappear or go offline? And what if I don’t want to give a third party that much access to what I do with my bitcoins? Isn’t one of the cryptocurrency’s main advantages independence and anonymity? Multisig transactions can be set up to be 2-of-3. Instead an address having two private keys, it has three. Two are held by me (one easy to access, the other in cold storage, for example), and one by the third party. Normally myself and the third party would sign. But if the third party refuses or can’t for whatever reason, and I really want to enable the transaction anyway, I can dig up my other key and commit the second signature with that.
Another potential application is that of e-commerce trust. What if I bought something with bitcoin, sent the transaction, signed it with my private key and then never received the merchandise? I can ask for my money back, but it’s unlikely I’ll get it. To make both myself and the vendor more comfortable, I could send the payment to an escrow account with multisig security, for which myself, the vendor and a trusted third party hold the private keys. The vendor sees I have done this, and releases the goods. When I receive the goods, I create the payment transaction, instruct the third party to add his or her signature, and everyone is happy. If I refuse to pay, the vendor could try to convince the third party that I am behaving badly. If the third party believes that the vendor should be paid, he or she and the vendor sign the payment transaction. Presumably I’m not happy, but at least the vendor isn’t out of pocket.
Although the term “multisig transaction” is often used, it’s actually the address that is multisig. Any movement of funds from that address needs to be co-signed. The address can be a one-time public key created for a specific transaction (in which case “multisig transaction” and “multisig address” are interchangeable). Or it can be a multisig wallet, from which all transactions require more than one signature. Most multisig wallets are HD (hierarchical deterministic), which means that a sequence of addresses can be generated from a “seed”. These addresses can be re-generated at any time from that seed, but it is impossible to determine the seed from one of the addresses. Each address generated in this way can in turn generate a series of corresponding private keys. This increases security even further, by allowing each transaction from a wallet to use a different address.
The most common configuration for co-signing is 2-of-3, in which three private keys are issued for an address, and any two of them are enough to authorize the transaction. But the combination could be anything: 5-of-7, 2-of-2, 6-of-10… And the multisig feature does not always have to involve a trusted third party. It could be your partner if you have a shared account. It could be you, your Treasurer and your COO for a company address. Or you could hold both keys, but on separate computers (or one online, one offline), to reduce the possibility of a hacker getting hold of both of them.
Multisig functionality was not part of the original bitcoin platform. It was added in BIP 11 (the first standard Bitcoin Improvement Proposal) in late 2011, but did not start to be widely used until 2014, as commercial services started to make it easier to configure. At the beginning of 2014, only 0.02% of all bitcoins were multisig protected. Today the figure is up to almost 12%. (Note the big slump end-July/beginning-August – yup, that’s the Bitfinex hack, the graph shows a significant amount of bitcoins being transferred out of multisig accounts).
There is no universal configuration format – each business case has different requirements, and each collaboration shares different priorities. Armory, for instance, introduced fully decentralized multisig functionality in July 2014, in which the user generates as many private keys as he or she wishes (up to 7), and can distribute and protect them separately. There is no “trusted third party” unless the user specifically designates one. As a digital custodian, Circle controls all the keys, in physical isolation, for the multisig security it uses to protect the bitcoins it holds for others. Xapo Vaults require 3-of-5 signatures from different cold storage vaults around the world.
In the bitcoin lifespan, multisig transactions are old news. They have been possible for 2/3 of bitcoin’s history (BIP11 was accepted in December 2011). But even now, they are not very widely used. Why? I suspect that it’s largely because of added complications. We’re lazy, and until we have a scare, we don’t see the point of implementing extra security measures. The recent Bitfinex hack could be enough to jolt us out of complacency, and send us searching for a safer option for our wallets. And wallet service providers will most likely continue to iterate and improve on their interfaces and their security. So multisig will increasingly become a relatively easy option, and who knows, perhaps even ending up as the default.
But the fact remains that multisig, as we have seen over the past week, is not as safe as we were led to believe. Once we know more about how the hacker managed to compromise two private keys, we’ll be able to draw conclusions about multisig’s reliability and needed updates.
Some potential weaknesses of multisig technology that come to mind:
In many cases, the third party signing is automated, and flags are only raised in certain circumstances (large amounts, sudden high volume of transfers, etc.). It would be theoretically possible for a thief to siphon off bitcoins without raising any flags.
Insider collusion. A hacker happens to work for a multisig wallet provider. He or she gets hold of the user’s private key, and then double-signs with the wallet’s key, diverting funds to his or her own account. Or, a hacker could be working in collusion with an insider. Or, a government could force the multisig third party to act a certain way…
The keys could be copied at time of creation. In some cases, the user’s two keys are sent to him or her by email. How hard would it be for a hacker to access that email?
Multisig configurations in which 2-of-3 keys are held by the user do not protect the user from coercion (sign this transaction with both of your keys or I’ll…).
As with any wallet software, you are trusting it has no “back door” for a hacker to use. The hacker would have to be either in collaboration with the software provider, or have created a convincing replica that he or she gets you to download instead.
We can’t go through life fearing every eventuality. No system is completely infallible, and all of the above situations are extremely unlikely. But they are possible. And the Bitfinex hack has shown us that multisig isn’t always enough.
Uncertainty is never good for any ecosystem, especially when the economic risk is so high. But knowledge is power, and identifying weaknesses does lead to additional strength. Multisig is a cool feature. It’s obviously not perfect, but as with most code, it can be tweaked and worked on to become even stronger.
The incentive to steal is as old as time itself. The incentive to protect ourselves from that theft has given birth to today’s technology, society, political systems and way of life. The bitcoin community continues to pour considerable time and effort into innovating, improving and staying one step ahead of the bad guys. And they will continue to do so because they have more to gain than the bad guys. After all, safe bitcoin deposits that are also easy to transact with, that will extend the use of the cryptocurrency and encourage a reform of the way we handle value – that’s a pretty good incentive.