Why Henry III's gold penny failed

English gold penny minted by Henry III in 1257

A lucky metal detectorist just discovered a Henry III gold penny, one of the first English gold coins ever minted, on a farm in Devon in the southwest part of the U.K. My favorite thing about detectorist findings is that they give us a good excuse to learn about old coins. 

Minted in 1257, only eight of Henry III's gold pennies (pictured above) have survived. This is odd given that medieval historian David Carpenter's analysis of historical records indicates that 72,000 of these coins may have been produced within a year or two.

Why are there so few of Henry III's gold pennies still in existence? In this short post I'll suggest that the gold penny was a failure. Rather than circulating in trade, as one would expect of a coin, most of them were melted down within a year or two after issuance. And so there are very few gold pennies left for detectorists to find.

Leading up to the 1200s, demands of English trade for coinage was mostly met by the workhorse English silver penny. Because the yellow metal was expensive, gold coins were outside the day-to-day spending range of the average person.

But Europe was getting wealthier and this was creating more demand for higher denomination coins. According to Alexander Del Mar, gold bezants were already circulating in England by the 13th century (page 236, [pdf]). Minted by the Byzantines, bezants had dominated Mediterranean commerce since 300 AD or so (see Munro). To boot, a handful of 11th- and 12th-century Islamic gold dinars and dinar-inspired coins have been found in England, writes historian Caitlin Green in a blog post, further suggesting a nascent demand for high-value coinage (see photo below). Del Mar cites texts from the era mentioning the circulation of Spanish maravedis, a gold dinar copycat.

Arabic gold dinar (AD 1163-84) found in Suffolk [link]

Meanwhile, the Italian city states of Genoa and Florence had begun to mint their own gold coins in 1252, the Florin and the Genovino. In the century before these two cities had pioneered the creation of large silver coins, the grosso or groat (worth 12 silver pennies) which England had yet to copy.

And so Henry III may have been eager to issue his own gold coin, one with his face on it and not someone else's stamp. But his effort failed .

When Henry III issued his gold penny, he rated it to be worth 20 silver pennies. That is, if you were an English merchant in 1256 you were required to accept a new gold penny from a customer at the same rate as 20 silver pennies. As a backstop, Henry III himself promised to redeem the god pennies at 19 and a half pennies, the other half-penny being a fee. (See Evans, The First Gold Coins of England.)

In bimetallic coin systems, it was crucial for the monarch to choose the proper exchange ratio between silver and gold coins. If the chosen ratio diverged from the market's gold-to-silver rate, then Gresham's law kicked in. Undervalued coins disappear from circulation because they could be better spent elsewhere at their true market metal price.

In his paper Gold and Gold Coins in England in the Mid-thirteenth Century, Carpenter maintains that Henry III picked the right ratio between gold pennies and silver pennies.  A gold penny weighed the same as two silver pennies. At Henry III's chosen exchange rate of twenty silver pennies to one gold penny, this implied a price of ten grams of silver to one gram of gold. Carpenter says that this was in line with the prevailing 10:1 market rate between silver and gold bullion at the time.

But historian John Munro suggests otherwise. What Carpenter omits is that an English silver penny was only 92.5% pure, the remaining 7.5% being comprised of base metals. This means that Henry III's chosen exchange rate of twenty silver pennies to one gold penny actually valued the quantity of gold inside a gold penny at just 9.3 times that of an equivalent amount of silver, not 10 times.

Thus the king's chosen rate undervalued gold. And so Henry III's gold penny would have run smack dab into Gresham's law. It would have been more profitable for an English merchant to melt down 1 kg of gold pennies into bullion and buy 10 kg of silver with the proceeds at the going market rate than to spend that 1 kg of gold pennies as coins (since that would mean getting the equivalent of just 9.3 kg of silver).

Put differently, an English arbitrageur could engage in the following set of trades to make a risk-free return. He or she could spend 9.3 kg of silver coins to get 1 kg of gold pennies at Henry's official rate. Then they could melt that 1 kg of gold coins down and sell the gold bullion for 10 kg of silver at the market rate. Voila, our arbitrageur has magically turned 9.3 kg of silver into 10 kg of silver, earning a free 0.7 kg in silver. They would continue to execute this trade until the entire stock of Henry III gold pennies had disappeared.

There is additional evidence of the undervaluation of the gold penny. In 1265, just eight years after initially issuing them, Henry III increased the gold penny's rated value to 24 pennies from 20 pennies, writes Kemmerer (Gold and the Gold Standard, 1944). This rating would have been more in line with the market rate between gold and silver. But by then it was probably too late. All of Henry III's original issue of gold pennies would have been melted down. Nor was he minting any new ones. Specimens like those found this year in the farmer's field in Devon would have been one of a few to escape the melting pot. 

As for England's monarchs, they would only get gold coinage right in 1344 with the successful issuance of the gold noble.

Yemen's bifurcated monetary system

Over the last five years Yemen has stumbled into a unique monetary situation. I initially wrote about Yemen's odd currency status two years ago. Here is a quick update.

In brief, Yemen has split into two warring sides: the Houthi rebels in the North and the Saudi-backed government in the South. This split has also torn the nation's central bank into two branches – the Aden branch and the Sana branch.

Likewise, it has separated Yemen's stock of Yemeni rial banknotes into two different types of banknotes. The Houthi rebels in the North (who run the Sana branch of the central bank) have adopted rial banknotes printed before 2016. The officially-recognized Aden regime in the South controls all notes printed after 2016. (Read the original blog post for the full story.)

As a rule banknotes of different vintages, or years, are equal to each other. Put differently, cash is fungible. But not in Yemen. The value of the North's pre-2016 notes and the South's post-2016 notes began to diverge in 2019. Below is a chart published by the Cash Consortium of Yemen (which I've modified for clarity) showing how far that divergence has preceded. The value of rebel's old notes relative to the U.S. dollar has stayed stable at around 600 rials to US$1 (see red line). But the value of the official Aden government's post-2016 notes has inflated. A new rial is now worth less than half a pre-2016 note (green line).

The reason for this growing gap is that the rebel North can't increase the supply of pre-2016 notes. The supply of old notes is locked. The supply of new notes, however, is not fixed. The South has been printing up new paper money and spending it into circulation.

It would be as if the northern & southern U.S. states had a civil war, the North adopting pre-2016 Federal Reserve notes and the South post-2016 notes. The South keeps printing new notes to finance itself, but the North is stuck with a fixed stock of notes. So the U.S. dollar bifurcates.

A currency war of sorts developed last summer in Yemen. It began with the Aden government printing up new notes of the same size, shape, and appearance as the rebel's pre-2016 notes and then spending them. You can see why the Aden government would want to adopt this strategy. If it could spend the replica notes at the same purchasing power as old notes, which are more valuable, the Aden government would extract twice as much goods & services than it otherwise could. If Aden's replicas succeeded in filtering into the Northern economy, we'd expect the old notes—so stable till now—to finally succumb to price inflation. The price gap between old notes and new notes would collapse.

But this didn't happen. The Northern rebels reacted by banning Aden's replicas on the basis of serial number, according to the Sanaa Center. Notes with a serial number starting with the letter (أ) would be accepted, the rebels said, but those starting with the letter (د) would not be, presumably because د notes are all replicas. (According to the Sanaa Center, the government reacted by printing up serial numbers starting with أ.)

The exchange rates illustrated in the chart above suggest that the North's efforts to filter out the replicas was successful. The Northern rial notes are still worth just as much as before, around 600 rials to the U.S. dollar. Meanwhile, Aden's notes have inflated dramatically, from around 950 rials to 1290 rials per US$1.

My hunch is that some of the rebel's success may be due to the relative quality of the North's banknotes. Given years of active use, Northern rial notes must be relatively filthy right now. Crisp new notes from the South would immediately stand out. After Aden's new notes have circulated for a few years, it may become easier for them to pass as the rebel's old notes. Only then will the price gap start to shrink.

The fallacy of bitcoin and renewable energy

In my previous post on proof-of-work several commenters suggested that bitcoin, the biggest proof-of-work coin, is good for society because it spurs renewable energy production.

The full argument is worth reviewing. (See Nic Carter, here). Briefly, the supply of renewables like solar and wind is finicky and doesn't neatly overlap with demand. Luckily, bitcoin mining farms are flexible. They can shut down and turn back on quickly, consuming energy when it is plentiful (& cheap) and ducking & running when it is expensive. This miner-facilitated smoothing encourages power companies to install more finicky wind and solar power.

On it's surface this is a provocative argument. But if you read carefully it's a version of one of the oldest fallacies in economics: the broken window fallacy.

In the broken window fallacy, a boy breaks a shop window. Observing the flurry of economic activity ensuing from the mending of the broken window, the townspeople decide that the boy has helped the local economy. "Breaking stuff is good, let's do more of it!"

But we know that breaking stuff is not good for the economy. The economic activity devoted to fixing the broken window comes at the expense of economic activity that would have occurred otherwise, say repairing the shop's furnace or purchasing more inventory. Economists call this opportunity cost. The broken window parable forces us to recognize that the cost of any activity is all the things that could have been.

Let's bring this back to bitcoin. Bitcoin using up renewables isn't a benefit, it's a cost. There are many industries that can efficiently consume electricity in a staggered or interruptible manner, of which bitcoin mining is just one. If bitcoin miners use this electricity, then these other industries cannot.

And so bitcoin isn't good for society because it uses renewables. Rather, it should be judged whether it is the best use of renewables. Is the product a useful one? The market seems to think so.

What I've said up till now is just bog standard economics. Here's the more controversial bit:

I'd argue that bitcoin is NOT the best use of renewable/interruptible electricity.

What the average bitcoin owner values is bitcoin's up-and-down price movements. But fabulous amounts of renewable energy are not necessary to produce a volatile speculative vehicle. Unfortunately, most bitcoin holders aren't aware of the huge energy cost of maintaining bitcoin—they don't bear, or internalize, this cost.

If the bitcoin protocol were to shift to an energy-lite production method, or, alternatively, if bitcoin speculators were to swap into competing energy-lite coins, then users would still get to enjoy the same up-and-down experience—and other industries would be free to use the interruptible/renewable electricity liberated from bitcoin processing. That would be a good thing.

Tether vs the New York stablecoins

Stablecoins are the world's newest payments option. But not all stablecoins are the same. There are safe stablecoins and there are sketchy stablecoins.

The safest ones are the New York stablecoins: Paxos Dollar, Gemini Dollar, and Binance USD (BUSD). The New York stablecoins are issued by financial institutions supervised by the New York Department of Financial Services. Measures such as segregation, bankruptcy remoteness, and a trust company structure are used to protect customers funds. Customer money is invested in low-risk securities such as short-term U.S. government debt.

The risky stablecoins – best represented by BVI-based Tether – invest customer funds in higher-risk instruments like long-term commercial debt, loans to affiliates, or cryptocurrencies. They do not have clear protections for customers should an adverse event occur, nor do they have a regulator looking over their shoulder to make sure that they are running their stablecoin operations in a robust manner.

[For a more complete description of the differences between the New York stablecoins and other stablecoins, see my post here.]

Riskier assets should always offer investors a higher interest rate than safer assets. Interest is the extra carrot that we get for incurring financial danger. But interest doesn't exist in the world of stablecoins. That is, the risky stablecoins and the safe ones all pay holders the same 0% rate. Given the absence of a reward for bearing risk, one would expect a reverse Gresham's law effect to kick in: the community of stablecoin holders should gravitate to the safest stablecoins, the good money displacing the bad.

As the above chart suggests, this shift to safety is occurring. Since 2020, the three New York stablecoins have grown much faster (up by a factor of 60) than Tether (up by a factor of 17).

However, as the second chart below indicates, Tether still remains the largest stablecoin... by far. There are around $80 billion in outstanding Tethers circulating through the cryptoeconomy compared to $16 billion in New York stablecoins. This suggests to me that more stablecoin rationalization will occur.

Why is this reverse-Gresham process proceeding so slowly?

Tether has been around since 2014. The New York stablecoins didn't arrive until 2018. In that interim period of Tether dominance, a Tether standard of sorts emerged. Given a lone stablecoin option, the cryptoeconomy built up a dependence on Tether. Like any standard, once everyone is plugged in it's hard to shift to a superior standard. 

But just because it is difficult to switch standards doesn't mean it won't happen. Over the long term, there is no reason for the community of stablecoin users to continue using the riskiest 0%-yielding stablecoin. Either everyone will shift away from Tether, or Tether will be forced to adapt by becoming just as safe as the New York stablecoins, or Tether will start to pay interest in order to compensate for being the riskiest product.

A tax on proof-of-work

The world is overpurchasing proof-of-work (POW) blockchains. How do we fix this? 

Let me quickly outline the argument for why the world is buying too much POW. Blockchains such as Bitcoin, Dogecoin, and Ethereum provide coin buyers with a special sort of security – proof of work. POW requires huge amounts of electricity, so much so that Bitcoin and Ethereum together currently use up more energy than Italy.

It's not the energy-intensity of POW that's problematic. The issue is that the biggest buyers of POW coins – speculators and gamblers – care very little about POW security. What they value is the thrilling price movements that blockchain coins provide.*

Coin gamblers also have the option of buying non-POW blockchains. Non-POW coins offer gamblers the same wild price movements as Bitcoin, Dogecoin, and Ethereum. However, the security that these non-POW coins rely on requires far less electricity. 

On net, the world would be better off if all blockchain gamblers migrated away from POW coins and onto cheaper non-POW coins. The gamblers themselves would not be any worse off. They'd still get all the crazy up-and-down fun & entertainment as before. But the rest of us would benefit, since far less of the world's energy would be burned. That's what I meant at the outset when I said that we have a POW overpurchasing problem. Coin speculators are unwittingly over-gambling on energy-heavy POW blockchains and under-gambling on energy-lite non-POW chains.

Left to their own devices, it is unlikely that coin gamblers will migrate away from POW coins like Dogecoin and Bitcoin towards cheaper coins. (See here for why). Might it be worthwhile to adopt a policy that nudges speculators away from POW and into cheaper non-POW blockchains? 

A targeted tax on POW coins is one option. But how would we design this tax? I suppose we could tax people's holdings of POW coins while exempting their holdings of non-POW coins. Or we could tax POW coin purchases & sales on exchanges like Coinbase. Or would we could tax the POW miners.

The economics of taxation is not my strong point. So I'm going to farm this out the comments section: if we want to shift speculators away from POW blockchains, how should we design a POW tax?

---

*There is also a community of hobbyists and technologically-informed individuals who do indeed consume POW. That is, they can put out a coherent argument for what POW is and why they prefer it over other types of blockchain security. Unlike the gambling class, they are less interested in coin price fluctuations. But the size of the hobbyist community is dwarfed by the gambling class.

Should central bankers be afraid of crypto?

As crypto continues to move into the public's consciousness, curious people who aren't familiar with it often ask me if central bankers at the Bank of Canada or the Federal Reserve should be worried that crypto may replace the dollar. 

In this short blog post I'll suggest that they should not be worried.

For central bankers like the Fed's Jay Powell or the Bank of Canada's Tiff Macklem, controlling national monetary policy is probably their most important task. By altering the money supply or shifting interest rates, Powell influences the value of U.S. dollar. These policy changes get transmitted across the entire country thanks to the ubiquity of the U.S. dollar as a unit for expressing prices. (For his part, Macklem relies on the Canadian dollar's dominance as a unit-of-account in Canada to exercise monetary policy). 

Monetary policy is important. First, it keeps the dollar's purchasing power stable. Since our wages and contracts are denominated in dollars, a degree of sameness and consistency is important. Second, monetary policy is an important tool for offsetting broader economic shocks, say the pandemic or the '08 financial crisis.

Given that crypto is often marketed as a dollar replacement, might Powell and Macklem be losing some sleep? After all, if crypto starts to replace the dollar as America or Canada's unit-of-account then neither central banker can carry out national monetary policy.

Luckily for Powell and Macklem, crypto is not a threat to the dollar.

Crypto is no longer a very useful term, since it encompasses so many different types of phenomena. There is bitcoin, programmable blockchains like Ethereum, stablecoins, non-fungible tokens (NFTs), decentralized finance (DeFi), and more.

Let's start with Bitcoin. In this category I've included other volcoins like Dogecoin, Shiba Inu, Bitcoin Cash, and Litecoin. I call them volcoins because they are incredibly volatile.

In the early days, many of us thought it possible that Bitcoin might develop into a legitimate threat to the dollar. But enough time has passed now that we know this isn't case. The dominant reason people have for owning volcoins is to get exposure to their exciting price moves. That is, volcoins are a gambling technology, not a monetary technology. Rather than competing for dominance with the relatively stable payments instruments issued by central banks, volcoins serve as substitutes for casinos, meme stocks, lotteries, poker, and OTM options. None of these bets will ever be a credible threat to Fed or Bank of Canada dollars.

Let's move onto stablecoins. Whereas volcoins are wildly unstable, stablecoins are the tamer version of crypto. The stability of stablecoins means that they could credibly replace banknotes issued by the Fed and Bank of Canada.

Even if stablecoins become widely used, they won't subvert Powell and Macklem's ability to conduct monetary policy. Because they are pegged to central bank money, stablecoins effectively do the opposite: they extend central bank monetary policy power into blockchain environments. Stablecoins are therefore allies of the Fed and Bank of Canada policy makers, not enemies, in the same way that regular banks such as TD Bank or Wells Fargo are allies because they extend the range of central bank monetary policy into the regular economy.

[Yes, stablecoins involve financial stability issues. But this post is about monetary policy, not financial stability.]

Nor is decentralized finance, or DeFi, a threat to monetary policy. DeFi is just another component of a nation's financial edifice, albeit more decentralized than the other bits. If a stock exchange like the NYSE or Toronto Stock Exchange is no threat to monetary policy, then neither does a decentralized exchange such as Uniswap pose a threat.

Finally, NFTs are a hyperfinancialized claims on underlying digital art. Art never has been a threat to monetary policy and never will be.

In sum, Jay Powell and Tiff Macklem may have reasons to worry about crypto, but concerns of monetary policy impotence should not be one of those worries. Crypto is not going to replace the dollar anytime soon.

Is money a ponzi?

 Matt Levine entertains the possibility that all money is a ponzi:

"But of course crypto people will happily tell you that fiat currency is the biggest Ponzi scheme of all, and they are not really wrong are they?"

Here is my discussion with some crypto folks on Twitter making that claim.

I disagree. Here is a short (930 words, 3 minutes) blog post explaining why money is not a ponzi.

Aneroid is a small town in Saskatchewan. It has 100 inhabitants. Selma, one of the town's 100 inhabitants, starts a ponzi.

By ponzi, I am referring to a general class of economic phenomena that can only exist if additional people continue to join up. Under these schemes, old investors are paid with new investors' funds. Once the incoming flow of new entrants dries up, the ability to pay out funds to existing participants comes to an end. The scheme ends. This family of economic phenomena includes not only ponzi schemes but also pyramids, chain letters, MLMs, HYIPs, speculative bubbles, and Nakamoto schemes.

Out of the above options, Selma opts to go with a chain letter. She drafts one up on paper and sells a copy to her friends Tom, Sally, and Alice for $10. (I'm replicating the basic design of the notorious 1970s Circle of Gold chain letter). The letter requires the recipient to send $10 to the person at the top of the list, copy the letter (removing the name from the top of the list and writing one's own name at the bottom), and sell it on to three friends for $10.

Selma's chain letter proves to be popular. 99 inhabitants of Aneroid eventually buy a letter, send $10 to the person at the top of the list, and resell it.

But when Jack, the 100th inhabitant, buys a letter and sends $10 to the person at the top, he finds that he can't resell it. Everyone in Aneroid has grown tired of the game. The chain letter stops propagating, the flow of money ceases, and the whole enterprise dies. Jack $10 copy is worthless.

Does money have the same ending as Selma's chain letter?

Enter the Bank of Aneroid. 

The Bank of Aneroid is the town's sole issuer of banknotes. The Bank lends a $10 banknote to Selma secured by a $15 lien on her property. Selma spends the $10 note at Frank's hardware store who spends it at the grocery store etc etc, until it ends up in the hands of Jack. But to his dismay Jack finds that, for whatever reason, no one will accept the $10 note.

Alas, poor Jack. His $10 banknote now seems as worthless as his $10 chain letter.

Lucky for him, it isn't. Unlike a chain letter, Jack can return the $10 note to the original issuer, the Bank of Aneroid, for redemption.

Recall that the Bank of Aneroid owns Selma's $10 property-secured IOU. When Jack walks into the Bank and asks to have the note redeemed, the Bank of Aneroid makes good on its promise by selling Selma's debt in the debt market for $10 worth of gold or central bank money. It then pays this amount to Jack. The Bank of Aneroid then destroys its $10 note.

(Alternatively, the Bank of Aneroid can tell Selma to repay her $10 loan, the proceeds being used to pay Jack. Or the Bank can take the more extreme measure of seizing Selma's property and selling it in order to make good on its promise to redeem Jack's $10 banknote.)

As you can see, what I'm describing is not a ponzi scheme. That is, the Bank of Aneroid's $10 banknote isn't valuable because a new buyer keeps arriving to take it off of the previous owner's hands. It is valuable because the original issuer, the Bank of Aneroid, will always repurchase its note using its resources, i.e. its portfolio of loans.

Careful readers will protest at this point. "C'mon JP, you're talking about redeemable bank money. Of course that's not a ponzi. It's the non-redeemable stuff, fiat money, that's a ponzi!"

But I'd argue that the same principles apply to fiat money. I'm going to define fiat money as a banknote that can't be redeemed on demand by its holder into an underlying instrument, perhaps gold or government money. 

In our example, let's modify the Bank of Aneroid so that it issues fiat banknotes, not redeemable ones. Apart from that, everything remains the same. Now when Jack takes his unwanted $10 banknote back to the Bank of Aneroid for redemption, the bank refuses to convert it into an underlying medium.

Jack's $10 won't be worthless like the $10 chain letter, though.

"Sorry Jack, we can't redeem it," says the bank manager. "Our banknotes are non-convertible fiat notes. But Selma's $10 loan is due next week. To pay us back she's going to need your $10 note. Why don't you talk with her?"

And so Jack walks over to Selma's house and offers to sell her the $10 note. And Selma will buy it since she'll need it to repay her $10 debt to the Bank.

So in the end, Jack's $10 banknote is valuable—not because a ponzi process props it up—but because the bank that originally issued it reaccepts it. The support that a bank offers to its banknotes is more obvious when a banknote is immediately redeemable by its issuing bank at par. But even an non-redeemable fiat banknote has an underlying linkage back to the issuer that helps support its value.

By contrast, a chain letter (or any other ponzi-like instrument) lacks this connection and only has value as long as a new player emerges.  

---

PS. This note is for Ethereum fans.

Another way to think about the question of fiat money is to bring in some stablecoin analogies. The Bank of Aneroid's non-redeemable fiat notes are equivalent to Rai or MakerDAO's Dai (before Maker introduced the PSM). 

Rai and pre-PSM Dai are fiat monies. Neither are directly redeemable into underlying USDC, Tether, or bank dollars. But this doesn't prevent Rai and Dai from staying close to their targets (in Rai's case $3-ish and in Dai's case $1.) In the absence of direct redeemability, the main force pushing these tokens towards target is the requirement that vault owners (i.e. debtors) repurchase Rai and Dai to repay their Rai- and Dai-denominated debts to the system. This is the same force that stabilized the Bank of Aneroid's $10 fiat note in my story. Recall that Frank's $10 note was valuable because Selma needed it to close her debt to the Bank of Aneroid.

Adding an on-demand redemption feature to the Bank of Aneroid's notes only makes this stabilization more direct and immediate, much like Maker's addition of a direct redemption mechanism, the PSM, resulted in a more direct fusion of Dai to its $1 target. (The PSM means that Dai has become non-fiat money.)

Another force keeping Rai and pre-PSM Dai anchored to their respective targets are the threat of Rai's "global settlement" or Maker's "emergency shutdown." Basically, in extreme scenarios both systems can be completely unwound. When this happens all the collateral held in the system gets distributed back to its respective stakeholders, including the owners of Rai and Dai. The knowledge that this could happen helps nudge the price of Rai and Dai closer to their targets.

The Bank of Aneroid's notes are also subject to their own version of emergency shutdown. At any point in time the owners of the Bank of Aneroid can wind up the bank. By collecting on all of their debts, selling those debts to others, or seizing collateral, the Bank can buy back all of the notes they have issued at par. The possibility that this could happen helps pull the Bank of Aneroid's fiat notes towards a stable terminal value.

Sure, there are stablecoins that depend on an underlying ponzi process to stay pegged to $1. But Rai and Dai do not fall into that category of stablecoins. Rai and Dai use non-ponzi mechanisms to create a stable version of the dollar. The Bank of Aneroid's fiat notes are not ponzi-ish for the same reasons that Rai and Dai are not ponzi-ish. And the same goes for Federal Reserve dollars, Bank of Canada dollars, and Bank of England pounds, which operate on the same principles as the Bank of Aneroid's fiat notes.

Play Bitcoin: Remember, It's Just a Game

[[My first article with Breakermag was published in September 2018. Alas, Breakermag closed its doors in 2019. The website remained up for a while but it seems to have recently been decommissioned, so I'm salvaging this story from the abyss of disappearing internet content. I think it succinctly captures a point I make over and over. When we go to a casino, the verb we use to describe this activity is 'playing,' not 'investing.' Likewise, we should be using the word 'play' when we talk about what we do with crypto. Drill into what crypto is about and it's mostly (not always) gambling games—yes, novel games, but gambling nonetheless. Getting the semantics right is important. Owning crypto is fun and entertaining (and potentially problematic). So is going to the casino. But players shouldn't be fooled into thinking that they are engaging in a productive and socially beneficial enterprise.]]

No one invests in the lottery; they play it. Rather than investing in bitcoin, let’s play bitcoin.

On December 8, 2017, just a few days after bitcoin crossed the $10,000 mark for the first time, Coinbase CEO Brian Armstrong published a blog post asking customers to “invest responsibly.” A week after Armstrong’s appeal, the price of bitcoin hit $19,801, paused, and then proceeded on what has been nerve-wracking decline ever since.

In hindsight, Armstrong’s “invest responsibly” post seems timely. Any novice would have saved themselves much money and stress if they’d taken his advice to be careful and had either reduced the amount they purchased or stayed entirely out of the market. These days, Reddit is littered with stories of disillusioned buyers who diverted large amounts of their savings into bitcoin or some other cryptocurrency near the December 2017 highs. One story, recounted in the New York Times, describes a 45-year-old Korean teacher who borrowed money to buy $90,000 worth of cryptocurrencies, only to lose most of it.

I have a problem with the words that Armstrong chose for his blog post. Most people do not invest in bitcoin. They play bitcoin. Using the correct word to describe the relationship that the great majority have with their bitcoins would be a powerful way to ensure that new buyers of bitcoin do not get the wrong expectations about what they are getting into.

Bitcoin lies in the same economic category as financial games like poker, roulette, and the lottery. These are all zero-sum games. The property binding all zero-sum games together is that the amount of resources contributed to the pot is precisely equal to the amount that is paid out. Because nothing additional is created in a zero-sum game, for every player who wins something from the pot, there must be a loser.

Compare this to win-win financial opportunities like stocks or bonds. In the case of a stock, each shareholder’s contribution is used to support the underlying firm’s deployment of capital. This cocktail of machinery, labor, and intellectual property is combined to create products, the sale of which generates a return. Put differently, as long as the firm’s managers deploy the money in the pot wisely, the firm can throw off more cash to shareholders than the sum originally put into the pot.

This generative capacity does not exist with zero-sum games. Take poker, for example. If five players have all bought into a poker game for $1,000, there is no way that the winner of the game can get more than $5,000. A zero-sum game cannot generate more than the sum of its parts. Likewise with bitcoin. The only way that a buyer at today’s price of $6,442 can avoid being a loser is if someone else is willing to buy that bitcoin at a higher price, say $6,995. Unlike a shareholder in a firm, bitcoin holders have not bought into a value-creating business. Their only escape is the next person in line.

What makes bitcoin different from other zero-sum games is the method for splitting the pot. Poker awards pots to whoever ends up with the best hand of cards. In the case of the lottery, the pot goes to the lucky number. Bitcoin divides pots on the basis of entrance order. Early birds are rewarded by late-comers.

This first-in-line redistribution mechanism is by no means bitcoin’s only unique feature. Rather than being hosted at a Las Vegas casino, bitcoin is a decentralized online game. This means that there is no way for the authorities to march into the casino and shut the game down. Nor can the system operator prevent people from participating. Whereas casino operators regularly bar people from entering, bitcoin is maintained by a network of independent validators that cannot easily censor users from making bitcoin wagers. Finally, bitcoin is automated by open source code, unlike say a human croupier who can make mistakes in redistributing a roulette pot. This code is fully auditable. Everyone can see what the rules are and check that they are being abided by. Contrast this with a lottery which reveals nothing of its inner workings.

In suggesting that bitcoin should be labelled a game rather than an investment, I don’t mean to belittle it. Financial games provide value. A casino employs not only croupiers but also managers, marketers, cooks, cleaning staff, programmers, security guards, and more. These jobs help the economy. People fly to Vegas for a reason. In moderation, financial games are fun, sort of like how going to a horror movie provides thrills.

Likewise, bitcoin’s price contortions can be entertaining. Combine this with the constant soap opera generated by the personalities involved in the space, and you’ve got a form of recreation that competes head on with Netflix, League of Legends, or the NFL. Bitcoin and its many ancillary services—exchanges, payments processors, and wallet providers—create jobs for programmers, marketers, lawyers, and economists.

If financial games were illegal, then the provision of lotteries, poker, and other forms of betting would shift to the underground economy. Not only would the quality of the product decline, but violence could rise as criminal organizations fight to control their gaming turf. Bringing these activities into the light—in bitcoin’s case by implementing an open and transparent online version—makes society safer.

And of course, there are times when bitcoin serves as more than just a financial game. In 2011, for instance, Wikileaks relied on bitcoin to maintain its connection to donors after being cut off from the banking system. This payments function was why bitcoin was originally created, but it has taken a distant back-seat to the technology’s dominant role as a decentralized financial game. Indeed, what makes bitcoin such a thrilling game—its rollercoaster peaks and troughs—is the very feature that militates against its usage as a medium of exchange. People don’t want volatile money, they want stable money.

This gets me back to Brian Armstrong’s admonition to Coinbase’s customers to invest responsibly. His warning label just doesn’t cut it. No one invests in a zero-sum game, they play it. A casino owner daring to suggest that playing roulette is akin to investing would be justifiably pilloried for engaging in purposeful deception or, at best, sloppy word usage. Same with a lottery operator who advertises Powerball tickets as an investment. Likewise, people buying bitcoins should not be encouraged to believe that they are engaging in the age-old art of investment appraisal. They are playing a zero-sum game. The word “investment” should be reserved for the act of allocating capital to win-win games like shares in private businesses, publicly traded stocks, and bonds.

I am not singling out Armstrong. The idea that bitcoin is an investment plagues the entire sector. Chris Burniske, a well-known bitcoin trader with more than 100,000 Twitter followers, has entitled his book (written with Jack Tatar) Cryptoassets — the innovative investor’s guide to bitcoin and beyond. Or take the recent CNBC interview of Meltem Demirors, CoinShares chief strategy officer, in which she made the curious analogy between bitcoin—a zero-sum game—to Amazon, a security that falls within the realm of investment analysis. I am also reminded of Litecoin creator Charlie Lee’s own “invest responsibly” moment on Twitter last December, even as he was dumping his holdings on novices at prices that would eventually prove to be near their peak.

The majority of newcomers are attracted to the crypto scene not for ideological reasons, but by the scent of big winnings. Many are betting a big part of their wealth on bitcoin or other cryptocurrencies. And no wonder. If a 20-year old with life savings of $1,000 can turn that amount into $10,000 in just a few weeks, they will have advanced their financial status far faster than by toiling away at a job, or putting it in a savings account. The dark side is that this $1,000 in savings can just as easily be destroyed by bitcoin’s inherent volatility. Dropping the word “investment” and replacing it with “game” would be a more accurate description of the activity in which bitcoin owners are participating. The flocks of new entrants might get a better inkling what kind of door they are entering. Maybe they will avoid doing serious damage to their futures.

With a game, nothing is assured. Games are something to dabble in, not vessels for one’s retirement savings. A problem gambler, someone who continuously bets their savings on zero-sum financial games despite the financial harm being inflicted on themselves and their family, doesn’t need the affirmation that the word “investing” brings to their activities. Instead of asking Coinbase users to “invest responsibly,” Armstrong should have used a version of the disclaimer that most American lotteries use, including Powerball: “Play Responsibly. Remember, it’s just a game.”

Tornado.cash and money laundering

All Ethereum transactions can be tracked.

But there is a neat little tool that lets you remove this traceability: Tornado.cash. Alice submits her Ethereum tokens to a Tornado.cash smart contract where it gets commingled and mixed up with other people's tokens, then re-sent back to Alice at a separate address. (There are some extra things that happen, too. Read here.) Voila, the transaction trail has been obfuscated. All that an outside observer knows is that Alice's coins have been sourced from Tornado (for the rest of this post I'll use Tornado and Tornado.cash interchangeably). They know nothing about their history before then.  

Who uses Tornado? 

Some users are hobbyists and advocates of anonymity. They're not engaged in anything illegal. They want to consume privacy as a financial service. We'll call them legitimate users.

The other batch of users are criminals keen to hide the provenance of the Ethereum tokens that they've stolen by hacking or exploiting exchanges and other financial tools. When BitMart, an exchange, was hacked on December 4, $200 million was laundered through Tornado.cash. A few days later, $1.75 from an 8eight Finance exploit was processed by Tornado. (If you want more examples, ask me in the comments).

My question is this: given the presence of criminal funds on Tornado.cash, is it dangerous for legitimate users to connect to it? More specifically, does a legitimate user who submits their Ethereum tokens to a Tornado smart contract risk a money laundering conviction given that they may be interacting with criminally-derived money?

In the U.S., an individual can be convicted of money laundering if they knowingly conduct transactions in criminally-derived funds. For example, if Joe, a car dealer, sells a Lexus to a criminal for $75,000 in dirty cash, and knows that the transaction was made for the purposes of evading the authorities, then Joe can be found guilty of money laundering. It's a serious offence punishable with up to 20 years in jail.

Would the same principles apply to Tornado.cash users?

If a thief steals some Ethereum and deposits it into a Tornado smart contract where it is commingled with deposits made by a legitimate user, and this legitimate user withdraws their portion of that amount, then it seems to me that the legitimate user may have engaged in money laundering. That is, it's possible that they have conducted a financial transaction that involves the proceeds of an unlawful activity.

But that's not quite enough to establish money laundering. As I said earlier, to be convicted of money laundering a mental state of knowing has to be proven.

Many legitimate Tornado users interact with the tool without knowing much about it. They've never considered the possibility that by connecting to Tornado, they may be serving as a nexus for the laundering of criminally-derived property. Since knowing can't be established, then these users probably can't be judged guilty of money laundering.

But other legitimate users are not so unwitting. It's common knowledge that hacks and thefts are laundered on Tornado.cash. Some of the larger and more savvy Tornado users are no doubt aware that by commingling their funds in a Tornado smart contract they are providing criminals with a means of concealing the source of proceeds of unlawful activity. With knowing having been established, it's possible that their usage of Tornado.cash transcends into money laundering.

But even if the mental state of knowing can be established, one thing is still missing. There doesn't seem to be a clear and well-defined exchange of dirty crypto for clean. That is, when some stolen Ethereum gets deposited into a Tornado smart contract along with legitimate Ethereum, and then later withdrawn, there doesn't seem to be any way to explicitly link the withdrawal of that stolen Ethereum to a specific person. It's hidden by the software.

Put differently, there's no smoking gun.

I think it might be useful at this point to introduce an analogy using physical cash. It is clearly illegal for Joe, our auto-dealer, to knowingly take a criminal's $75,000 in cash. But let's imagine that Joe and the criminal decide to interpose a cash mixing box between themselves. Joe figures that this mixing box will allow him to receive payment without actually taking the criminal's banknotes. Does that make it legal?

It works like this. Two third-parties – Ted and Alice – put in $75,000 in "clean" cash into the mixing box. The criminal puts his dirty $75,000. Ted and Alice's $75,000 gets mixed with the criminal's $75,000. Ted and Alice each remove $75,000. Joe, the auto dealer, also removes $75,000. Joe then transfers the criminal the car.

There is no way for law enforcement to prove that the actual banknotes that Joe has received are the specific banknotes that were deposited by the criminal. Because they were commingled with legitimate money, Joe can deny having accepted criminally-derived funds. (As can Ted and Alice).

But does this set up absolve Joe of guilt? I doubt that the interposition of a cash mixing box would be perceived by a judge as altering the underlying relationship between Joe and the criminal. The mixing box would rightly be seen as a contrivance to throw the cops off. (See last footnote, below)

What about Ted and Alice? If Ted unwittingly contributes his $75,000 to the mixing box – i.e. he doesn't realize that he is helping to obfuscate the criminal's funds – then he probably wouldn't be found guilty of laundering money.

Alice, however, suspects that her contribution to the mixing box will be used to obfuscate the transaction trail between the criminal and Joe, but contributes anyways. The establishment of intention surely increases Alice's odds of a money laundering conviction. She might hope that she can get off because the commingling provided by the mixing box breaks the cash trail between her and the criminal. But again, there's a good chance the judge won't buy this argument.

It's important to keep in mind that Alice may have her own specific reasons for using the cash mixing box. Perhaps she values privacy and therefore periodically mix up all her notes. Maybe she likes to collect certain banknote serial numbers (i.e. ending in 2) and a cash mixing box is a convenient way for her to get exposure to a broad range of potentially collectible pieces.

A judge would somehow have to balance Alice's legitimate reasons for using the mixing box against the fact that she has knowingly conducted transactions in criminally-derived property. Is her right to pursue a peculiar hobby more important than protecting the public's welfare? I'm not sure how that balancing act would end up.
 
Bringing this back to Tornado.cash, I do wonder how safe it is to be a Alice. That is, I wonder how safe it is to be someone who knows that there are stolen Ethereum tokens inside Tornado smart contracts looking for an exit, yet despite the presence of this taint contributes Ethereum to that contract anyways. Even if Tornado obscures any explicit link between Alice and criminals, a judge could look past that.

Alice may say that "I used Tornado.cash because I value my financial privacy." This may be an adequate defence. Maybe not.

Clouding the story is the fact that Tornado.cash is currently paying a juicy financial reward to anyone who puts their cryptocurrency into its smart contracts. (See this video). The fact that Alice is earning 30-40% a year might make her claim to be a mere consumer of financial privacy less credible.

Perhaps one day we'll see a court case where this all gets thrashed out. A decent result would be if a judge ruled in favor of Alice, or at least partly so. The judge suggests that any incidental laundering of funds on Tornado.cash by licit consumers of privacy (like Alice) should be a non-criminal matter, subject to limit. Consider how several U.S. states have decriminalized the possession of small amounts of marijuana for personal use. In that same vein, a fixed amount of intentional commingling of funds on Tornado should be tolerated, the judge suggests, but only for the purposes of personal consumption. Anything above that would remain a felony.

---

PS: Privacy advocates, please don't shout at me that money laundering laws are unethical. I am making a positive claim here, not a normative claim. That is, I'm not suggesting how things *should* be, but how they actually are. And my positive claim is that there is a risk, perhaps only a small one, that a legitimate user of Tornado.cash could be accused of money laundering. Yes or no?

PPS: Notice that I am no making the claim that Tornado.cash is itself engaged in money laundering, or that the people who have written the Tornado smart contracts are money launderers. I'm treating Tornado.cash as mere software, a digital hammer. A hammer doesn't break the law, people do. My assumption in this post is that society's rules against money laundering fall on the *users* of this software, not on the software itself or on the people who have developed the software.

PPPS: For software developers, if my positive claim is accurate (i.e. that it is risky to use Tornado.cash), is there a way to redesign the software that would solve the problem? More specifically, is there a way to limit the tool to licit users i.e. those who have a legitimate desire to consume anonymity, and keep out criminals? 

PPPPS: It's worth giving U.S. money laundering laws a read. Two of the big ones are located at 18 U.S.C. § 1956 and 18 U.S.C. § 1957. See here.

PPPPPS: On commingling... "Moreover, we cannot believe that Congress intended that participants in unlawful activities could prevent their own convictions under the money laundering statute simply by commingling funds derived from both 'specified unlawful activities' and other activities." U.S. v Jackson, 1991