cybersecurity

CRYPTO: Why Bitcoin Falls Down

Remember the mantra. Tech innovations swing between the extremes of meme and electricity. Memes are human sentiment, the animal spirits of the market shooting up and crashing down. Yahoo message boards, Reddit posts, Telegram communities, excited media articles. Electricity, however, is real. It's discovery and taming led to an industrial revolution, light and progress. Today's laundromats might be boring and tame, but imagine the first robotic clothes washer animated by electric powers unseen. All tech innovations have a bit of each. Crypto is enjoying its meme moment. Why is Bitcoin going down, after it went up? Let's talk about the factors that are adding up to the current sentiment.

(1) The first is definitional -- Bitcoin (and all crypto) is a volatile early stage technology asset and these massive run-ups and falls are a feature of the asset class, not an exception.

(2) The second is that data points about hacks and Ponzi schemes have been dominating the news. From Tether (which may be trying to print billions of sovereign currency) to Bitconnect (likely Ponzi scheme with a proprietary coin falling from $2.6 billion in marketcap)  the Coincheck hack ($500 million Japanese exchange hack), to Arise Bank ($600 million ICO shutdown by the SEC), billions of USD equivalent value keep are literally evaporating from the crypto economy due to bad actors. These issues are not new in the space, but now there is mainstream attention with nearly at trillion at stake, and the regulators are starting in enforcement actions.

(3) The futures market that so many crypto natives were excited about allow professional investors to actually take a bearish view. Oops. This sentiment should reflect back into the price mechanically.

(4) Decentralized systems will supposedly erode the control of centralized systems. So we should not be surprised when centralized systems fight back when coopted for this purpose -- from Facebook's Bitcoin ad block and regulator crackdown on fake bots, to the refusal of credit card issuers and banks to keep financing crypto purchases, to asset managers like Vanguard announcing they won't create vehicles for the asset class.

None of this should be new information. If in 2002 you asked the music labels whether they like Napster, not only would they answer with a resounding NO, but they would talk about Digital Rights Management and all their plans to fight back. Welcome to creating product-market fit.

CRYPTO: Hackery Hacker Hacks

7a5e8002-2148-4a9c-bfd7-1db57b9e0ce9[1].png

So how likely are you to get hacked and lose all your magic crypto beans? If we believe this list, over 20 exchanges have gotten hacked. In total, there are probably 125-250 exchanges (data point 12). So that would suggest that over a 4 year period, 5-10% of all exchanges have been compromised in some way. We also looked at Bitcoin and Ethereum hacks that are in the public domain and added up the USD impact as of the time of the hack. We then also took that USD value as a percentage of the outstanding Bitcoin and Ethereum market capitalizations at the time to arrive at percentage of funds that were hacked per year.
 
2014 was Mt Gox and 2016 was the DAO, thus the big outlier numbers in those years. 2017 saw more regular smaller events consistently tied to ICOs. Outside of programming errors, exchange servers hacks, and attacks on wallets, human behavioral hacking increased. Think about ransomware or phishing on social media. If you're interested in more granular data along these lines, see Chainalysis. The good news is that as the overall marketcap grew, these losses became smaller as a percentage of the whole. Going forward, we would expect 50 to 300 bps of the market capitalization of cryptocurrency to be at risk for loss from hacking or other cybersecurity failures. Or alternately, it looks like crypto hacking is a $200 million annual revenue industry.

7b8b138f-ad8f-4e8f-a877-923d8a5f0981[1].png

Can decentralized exchanges built into software, liberated from centralized servers to be their full capitalist selves, solve this problem? See Airswap, 0x. In theory, decentralized exchanges and atomic swaps should be more secure than centralized exchanges, which hold the keys for millions of user accounts on their servers. Decentralized exchanges are also much harder to shut down, as there should be no particular centralized counterparty once a project is off the ground. Think Bittorrent, rather than Napster. Napster was shut down, Bittorrent has spread all over the web and cannot be stamped out. But, decentralized exchanges face the same issue as the DAO. Bugs in the smart contract code itself, rather than in the security infrastructure, could lead to a smart hacker finding a way to trick the contract. Also decentralized exchanges may not be as liquid as centralized ones, something that is still being worked out.

SOCIAL MEDIA: World's Largest Botnet Born from Minecraft

Source: Minecraft

Source: Minecraft

This is a lego piece for the future. On the Internet (we're there right now!), a distributed denial-of-service attack ("DDoS") is when a group of computers access a server so many times that traffic spikes and the server crashes, taking down whatever it is hosting. So for example, if you don't like the NY Times, just overwhelm it with robots and bring the site offline. These robots, collectively a botnet, don't have to be particularly good computers -- one could for example hack into thousands of baby monitors over WiFi and then point them at a target.

In 2016, a tremendously powerful botnet attacked the internet infrastructure of the United States, like never before. It used 600,000 Internet of Things devices. Where did this weapon come from? The answer is the video game Minecraft. In 2014, the virtual sandbox had 100 million registered players and a GDP of $400 million. Part of these economics is hosting Minecraft servers for local communities, and the corrollary of that is that executing a DDoS attack against a competitor makes you a modern-day Minecraft mafia monopoly. The 21-year old creators of this infamous botnet built it to snipe out other video game tycoons and make more money on their Minecraft servers. Later, they used the same botnet to defraud advertisers (selling hundreds of thousands of clicks and traffic that came from robots, not humans).

At some point, the creators open sourced the software and it spread through the dark web. That means any black hat hacker can get the code, change it up, and try to create its own infection of IoT devices. We know that, for example, North Korea is pretty good at cyber attacks and is now hacking crypto currency infrastructure. The links between 21-year old computer savants, video games, Internet money, and international geopolitical power struggles are here to stay. Which world is more powerful?

CRYPTO: We Need Real Crypto Custody

Source: Coinbase

Source: Coinbase

Sure, the crypto economy has valuable infrastructure innovation that will change the world. But "code is law" is just not enough, because code is full of bugs and humans don't know what they want. The finance people are right about at least one thing. And that thing is custody.

In today's world, owning Bitcoin or Ethereum means learning a mish-mash of technical information while risking accidentally losing all your money. And if you don't lose your money through technical error, or the endless ICO phishing scams, there's a good chance something else can go wrong. We know of the hack last year that pulled $150 million from the DAO project on Ethereum, which was reversed through the hard fork but to the creation of Ethereum Classic -- $1.7 billion value out of the ecosystem. Another $160 million just got flushed down the drain, with users locked out of their money permanently due to a mistake in the fix of a previous $30 million hack of the Parity wallet for the cryptocurrency.

We can keep saying that there's nothing wrong with the blockchain technology, and it is the infrastructure providers like the Parity wallet, or the Mt Gox exchange, or the smart contract writers for the DAO that made the mistake. But that is a cop out. Users shouldn't care about why they lost money, if it happens to them by no reasonable fault of their own. The answer is to build safe storage of these assets up to the standards of the traditional financial economy. Sure, we may lose some crypto anarchists in the process to Monero and Zcash, but we will gain the global economy. The good news is that this is indeed in progress. Coinbase plans to offer institutional custody to crypto funds starting at a $100k fee (ouch!). And see Alex Batlin leaving BNY Mellon to start Trustology at Consensys, delivering crypto custody as a service. This is what needs to be finished before we invent the rest.