Monday, January 27, 2020

What happens when a 96 bitcoin ransom payment ends up on Bitfinex?

"Hello, to get your data back you have to pay for the decryption tool, the price is $1,200,000... You have to make the payment in Bitcoins."

This is a snippet from a recent court case concerning ransomware that just crossed my desk. Companies that fall victim to ransom attacks fear the publicity it might attract, so the details of these attacks are usually swept under the table. But in this case, the ransom payer—a British insurer that traced the bitcoins to Bitfinex, a major bitcoin exchange—has appealed to the UK High Court for an injunction, thus providing us with a vivid peak into the inner workings of an actual attack.

Ransomware is a big issue these days. A hacker maliciously installs software on a victim's computers, encrypts various files, and then asks for a bitcoin ransom to fix the problem.

It's the bitcoin leg of this transaction that has made these attacks economical. Prior to bitcoin, running an illicit business based on ransom payments was fraught. Bank accounts leave a paper trail. Cash, though anonymous, can't be transferred remotely. And gift cards are limited to small amounts. With bitcoin, hackers finally gained access to a form of electronic cash that allowed them to not only make remote ransom demands, but large ones too.

A steady parade of ransomware has since emerged. While early types of ransomware like WannaCry, CryptoLocker, and Locky targeted personal computers for small amounts of money, the most recent strains—Maze, Sodinokobi, Nemty, and others—attack governments and enterprises for million dollar amounts. The Nunavut government, a territory in Northern Canada, was a recent victim:

One thing I've never really understood is why ransomware can be so widespread given that all bitcoin transactions are written to the public blockchain. I mean, can't a bitcoin ransom payment be easily tracked to its final destination, say a bitcoin exchange, and frozen?

The court case in question, AA v Persons Unknown & Others, Re Bitcoin, provides some insights into just that. Although the judge heard the case back on December 13, 2019, the text of the injunction was only released a few days ago.

It makes for entertaining reading. Here's a short timeline:
  • In Autumn 2019, a Canadian company was hacked. The hacker installed BitPaymer, a strain of ransomware, which encrypted the company's files
  • The hacker demanded $1.2 million in bitcoins
  • Luckily, the Canadian company had cyber crime attack insurance with a British insurer
  • The British insurance company hired an "Incident Response Company" to pay the ransom
  • The response company negotiated for a reduction in ransom to $905,000
  • The bitcoins were acquired and sent to the hacker on October 10, 2019. According to the injunction, the purchase of the 109.25 coins was conducted by "an agent of the Insurer, who was referred to as JJ."
  • Having receive the ransom, the hacker provided the fix. The files were successfully decrypted
  • The insurance company wanted its money back, so in December it hired a blockchain analytics company, Chainalysis, to trace the ransom payment
  • Chainalysis tracked 96 of bitcoins to an address linked to Bitfinex, a major bitcoin exchange
  • The insurer then went to British High Court to force Bitfinex to reveal the identity of "PERSONS UNKNOWN WHO OWN/CONTROL SPECIFIED BITCOIN" and to freeze the 96 bitcoins.

So were the 96 bitcoins returned to the insurer?

For now, we don't know the final outcome. The document only brings us up to December 13, 2019, when the judge gave Bitfinex till December 19 to provide the names of “persons unknown”, the owner of the 96 bitcoins. To prevent "persons unknown" from getting wind of the proceedings and fleeing with their coins, the hearing was held in private and the text of the case suppressed. The document having been made public, we can assume that some sort of resolution was arrived at.

It's interesting to speculate what this resolution might have been. Bitcoin is still a relatively new, and thus largely undefined, phenomenon. As bitcoin cases slowly trickle into the court system, the decisions made by judges will be important in determining the eventual legal status of cryptocurrencies.

It could be that "persons unknown" is the same individual who perpetrated the initial ransom attack, and they just haven't yet sold the 96 bitcoins yet. In which case the conclusion is simple: the guilty party will be prosecuted and Bitfinex will return the bitcoins.

But it is more interesting (and more likely) that "persons unknown" is a third-party (say an over-the-counter broker) who bought the bitcoins from the hacker, and deposited them at Bitfinex, and hasn't sold them yet.

This third-party could be entirely innocent about the origin of the coins. They might try to say to the judge: "hey—we didn't know the 96 bitcoins we bought were linked to ransom payments. We shouldn't have to give them back."

But that's not how property law works. Even if you accidentally come into possession of stolen property—and surely ransomed bitcoins qualify as stolen—then a judge can still force you to give them back to the rightful owner. This would be bad news for the innocent broker. Being obliged to cough up 96 bitcoins could easily bankrupt it.

"Persons unknown" might respond to the injunction by pleading that the 96 bitcoins are a form of money, like banknotes, and so they needn't be returned. Banknotes, coins, and other highly-liquid paper instruments have a very special legal status. If you unknowingly accept some banknotes from someone who just obtained them illegally (say via ransom or theft), the law can't compel you to give those banknotes back to the original victim. Money, as the great British jurist Lord Mansfield once declared, isn't like regular property: it "can not be recovered after it has passed into currency."

This special legal status (which I’ve written about before) was granted to banknotes centuries ago in order to ensure that these early forms of money remained highly liquid. If every merchant had to verify that the notes they were about to receive weren't stolen, the wheels of trade would have ground to a halt. Whether a modern judge would be willing to extend this sanctuary to cryptocurrency, and thus allow “persons unknown” to keep the 96 coins, remains to be seen. But I’m skeptical.

Another possibility is that the person (or company) that innocently accepted the 96 ransomed bitcoins and deposited them on Bitfinex has already sold them. If so, which party does the British insurance company have to pursue? Some entity (or group of entities) must now be in possession of the 96 bitcoins, right? Can’t the insurer just go after the next person down the chain?

I don't know the specifics about how an exchange like Bitfinex hold bitcoins for clients, but it may be very difficult to pinpoint who actually has title to those specific 96 bitcoins. When bitcoins are deposited at an exchange, they are sent to the exchange's hot wallet along with all other incoming bitcoin deposits. So the ransomed bitcoins would have been commingled with a bunch of clean bitcoins.

When the person who originally deposited the 96 bitcoins on Bitfinex put in an order to sell on the exchange's order book, the unsuspecting buyers (all of them Bitfinex customers) would now have a claim on various bitcoins held in Bitfinex's hot wallet. Are the bitcoins on which they have a claim necessarily the ransomed ones, and thus subject to the injunction? Or do the buyers just have a general claim on any random bitcoin held on their behalf by Bitfinex? If so, would that mean that Bitfinex itself is on the hook for paying the insurer 96 bitcoins?

Anyways, you can see how this all gets complicated very fast. A lot is riding on how thoroughly the history of unspent bitcoin outputs can be traced.

Given bitcoin traceability and the ease of getting an injunction, one can imagine that it might make sense for insurers, bitcoin exchanges, and over-the-counter traders to build some sort of private "ransom registry". The moment that an insurer pays a ransom to a hacker, that insurer simultaneously announces the offending address to the registry. A verified OTC trading desk can now protect itself from potential bankruptcy by always checking the registry to make sure that any bitcoins offered to it are "good" bitcoins. Exchanges too would likewise cross-check incoming bitcoin deposits against the registry.

This would be good news for potential ransom victims. With the exits for ransom payments being choked off, these sorts of exploits would become less feasible. Extortionists may simply stop trying to run their schemes.

You could also imagine hackers coming up with strategies for dissuading victims from posting transactions to the ransom registry. "If you announce the ransom payment to the registry, we'll leak your files to the public," or something along those lines.

Or maybe extortionists will simply start to use bitcoin mixers more. Mixers are services that allow people to commingle their bitcoins in order to preserve anonymity. Astonishingly, most ransom payments don't currently go through mixing services. According to Chainalysis, the company that was hired by the British insurer, around half of the addresses to which ransom is paid redirect the bitcoins to an exchange.

But even if hackers did use mixers, bitcoin exchanges may be reticent to accept incoming deposits. Binance, for instance, recently refused to make a payout to Wasabi, a wallet that automatically mixes bitcoins. Should exchanges like Bitfinex all refuse to accept bitcoins that have been mixed, that chokes off the ability to extort people using bitcoin as ransom.

For now, we don't know how the defendant’s responded to the injunction. But in any case, it makes for interesting speculation.

Sunday, January 26, 2020

Monetary policy is not a tightrope

[This is a guest post by Mike Sproul. Mike has posted a few times before to the Moneyess blog.]

Here is a summary of the Federal Reserve’s Principles for the Conduct of Monetary Policy, which aims at “walking the tightrope” between inflation and unemployment:
…the central bank should provide monetary policy stimulus when economic activity is below the level associated with full resource utilization and inflation is below its stated goal. Conversely, the central bank should implement restrictive monetary policy when the economy is overheated and inflation is above its stated goal.
In contrast, here is the real bills doctrine:
Money should be issued in exchange for short-term real bills of adequate value.
The real bills doctrine was developed by practicing bankers over centuries of experience, and was written into the Fed’s original charter. The real bills doctrine survived for centuries because banks that obeyed it survived. They tended to stay solvent, and they provided an elastic currency that grew and shrank with the needs of business. At the same time, the real bills doctrine helped banks to avoid inflation, recession, liquidity crises, and bank panics.

In this essay, I hope to make the point that as long as the Fed obeys the real bills doctrine, it cannot go wrong in issuing as much money as the public will absorb. In other words, monetary policy is not like walking a normal tightrope. It is perfectly safe to lean in the direction of “too much money”, but dangerous and pointless to lean in the direction of “too little money”.

A few points to notice:

1. As long as new money is issued in exchange for adequate backing, the Fed’s assets will move in step with its issue of money, and there will be no inflation. This explains (among other things) why the Fed was able to issue enormous amounts of money after 2008, without causing inflation.

2. If unemployment is a threat, then the Fed should not hesitate to issue new money (adequately backed). Unemployment is often caused by a tight money condition and accompanying liquidity crises. Issuing new money in this situation will relieve the liquidity crisis, thus reducing unemployment. Meanwhile, adequate backing assures that the new money will not cause inflation.

3. If inflation is a threat, then a restrictive monetary policy will only succeed in creating a tight money condition, without addressing the real problem, which is too little backing per unit of money. The right solution to inflation would be to correct whatever problem is causing the Fed’s assets to fall relative to its issue of money, and then, so long as backing is adequate, issue as much money as the public will receive. The only drawback is that the public might be faced with unwanted cash piling up in vaults and mattresses, but the storage cost of too much cash would be insignificant in comparison to the recessionary effects of too little cash. Besides, unwanted cash can only pile up so much before it simply refluxes to its issuer.

The recessionary effects of tight money, as well as the stimulative effects of issuing new money, have been noted by nearly all observers of monetary history.
The remedy was forthcoming in a scheme prepared at a meeting which had been held a week earlier (April, 1793) at Pitt’s private house. It provided for the creation of additional liquid assets in the shape of Exchequer bills, to be lent to temporarily embarrassed firms. By this means the channels of trade were successfully thawed, and, as it proved, without loss to the Treasury. Clearly, therefore, the panic was due to a temporary need for greater liquidity, which the Bank could not this time meet by contracting advances to the government, since these were needed to prosecute the war. (Ashton and Sayers, p. 10, 1953).
The real bills view is that the Fed should not only provide liquidity in times of crisis, but should provide abundant liquidity at all times, in order to assure that crises never get started in the first place. So the real bills doctrine tells us not to worry that the Fed’s balance sheet has been exploding over the last few months. An exploding balance sheet may be exactly what the economy needs. But the “tightrope” mindset makes the Fed wary of issuing too much money, for fear of causing inflation. This fear is unjustified. On real-bills principles, the Fed need only take the simple precaution of only issuing cash in exchange for assets of adequate value, and inflation will cease to be a threat. We have nothing to fear from too much money, and everything to fear from too little. Rather than unwinding the Fed’s balance sheet, the Fed should unwind its “tightrope” approach to monetary policy.

Wednesday, January 15, 2020

Flooding or marijuana? Two theories for falling cash demand

When Canada legalized marijuana in October 2018, the amount of banknotes in circulation took a sudden plunge.

In a 2019 paper available here, economists Charles Goodhart & Jonathan Ashworth theorized that because the marijuana trade has always been conducted using anonymity-providing cash, legalization meant that Canadians could now buy pot with debit and credit cards. Thus the big drop in cash held that October.

Here is one of the charts that the pair used:

Source: Goodhart & Ashworth

Goodhart & Ashworth went on to suggest that October's $1.5 billion decline in cash outstanding (1.4% of all banknotes!) provided early evidence that Canadian Prime Minister Trudeau’s 2015 promise to keep "profits out of the hands of criminals" had been successful.

Hold on! said Bank of Canada researchers Engert, Fung, Molnar, & Nicholls. In a paper published at the end of 2019, Engert et al confirmed that there had been a huge decline in notes outstanding in October 2018. (In fact, it was the biggest October decline since the Bank of Canada, our central bank, was founded in 1935.)

But unlike Goodhard & Ashworth, who could only rely on public national data on banknote usage, Engert et al had access to non-public information. The Bank of Canada economists disclosed that when huge amounts of rain inundated the city of Toronto in August 2018, two of Canada's big banks lost access to their regional note distribution centres.

Regional distribution centres are where banks bring excess banknotes collected from their customers. The centres are equipped with machines for sorting notes for quality. Good notes can be recycled back into the economy. Bad ones get sent back to the Bank of Canada. Distribution centres are also used to receive new notes from the Bank of Canada to stock bank ATMs. 

Perhaps the two banks couldn't get physical access to their Toronto centres because the vault doors were blocked by water? Were the sorting machines damaged? Maybe the notes were water-logged and had to go through the Bank of Canada's lengthy mutilated banknote redemption process? 

Whatever the case, the banks could no longer bring excess notes to their Toronto distribution centre for sorting and eventual return to the Bank of Canada, or to recycle back into the economy. Furthermore, to keep their customers happy with fresh bills, the two banks had to get extra "contingency" banknotes from the Bank of Canada. This clogging up of the system translated into far more banknotes in existence than normal. When the two banks finally "regained access" to their "quarantined" notes in October, they sent the entire surplus back to the Bank of Canada.

Using data from the Bank of Canada's proprietary Bank Note Distribution System (BNDS), which breaks down the banknote statistics for each of the Bank of Canada's 10 regional distribution points across the country, Engert et al produce the following chart for the Toronto area.

Source: Engert et al

August 2018 had a big jump in "net withdrawals" (presumably as the two banks asked the Bank of Canada for contingency banknotes and hoarded customers' unwanted and unsorted notes) followed by the huge compensating decline in October as they returned their excess note supplies.

Since Toronto is Canada's biggest city by a long shot, it biased the national statistics observed by Goodhart & Ashworth. By contrast, proprietary BNDS data shows that Montreal, Vancouver, Calgary, and other distribution points (which did not have flooding) did not show any decline in cash circulation during the October legalization of marijuana. But Montrealers smoke plenty of pot. If Goodhart & Ashworth's theory is right, we would have expected to see a big drop in Montreal regional net withdrawals of cash too.

It's not that Goodhart & Ashworth's theory about a general linkage between marijuana and cash usage is wrong. It's probably true that legalization of marijuana could get reflected in national banknote stocks.

But in Canada's case, the rollout of legalization hasn't gone smoothly. According to a recent Statscan report, only 28% of cannabis users reported obtaining all of the cannabis they consumed from a legal source. Much of this is due to the fact that prices are much higher at official stores Crowd-sourced data from Statscan shows that whereas it costs $10.23 per gram in a store, illegal pot goes for just $5.59.

Be careful of patterns in the data. They're not always what they seem.

Sunday, January 5, 2020

Cryptocurrency in a land of strict gambling laws

Kim Jin-Woo, K-pop star jailed for online gambling [source]

I recently read that South Korea will not be taxing capital gains on cryptocurrencies next year. Young Koreans who became paper multi-millionaires when XRP or some other cryptocurrency skyrocketed from 0.1 cents to 25 cents have reason to celebrate. They can sell without having to give up a single won of their winnings to the Korean tax authority.

Letting off the crypto-rich may sound like a bad tax policy. In this post I'll make the argument for why it isn't. Cryptocurrency gains enjoyed by a retail clientele probably shouldn't be taxed (nor should a big loss on their cryptocurrency holdings allow them to reduce their taxable income.)

Few nations have taken to cryptocurrency with as much gusto as South Korea. In a study from earlier this year, Larry Cermak found that on a per capita basis, South Koreans generate more visits to cryptocurrency exchanges than any other nation except for Singapore.

Why do South Koreans like crypto so much?

Korea's gambling industry may give us some insights. While gambling has been slowly liberalized in many parts of the world, South Korea's gambling rules are positively draconian.

To begin with, casino gambling is illegal in Korea. Not only that, but under the Habitual Overseas Gambler law Korean citizens are prohibited from gambling in other countries too. Earlier this year K-pop star Seungri was accused of gambling in Vegas while Shoo, another star, was convicted for visiting Macau's casinos.

Oddly, there are 23 casinos in Korea. The catch? Only foreigners can visit them. Just one of these casinos is open to South Koreans, the Kwangon Land Casino. But it is located in a coal mining area far from any big city. Given huge demand and restricted supply, gamblers who visit Kwangon must "reserve seats for blackjack and baccarat and, while waiting, wade into thick crowds to place a bet on other players’ hands."

Some Koreans try to evade harsh gambling rules by frequenting foreign gambling websites. But this requires a degree of tech savvy. Foreign currency must be snuck onto an online wallet like Skrill, and a VPN will probably be necessary since foreign casino sites are often blocked by the Korean government, redirecting to to

This roundabout route to betting isn't without danger. K-pop star Jung Jin Woo was recently imprisoned for online gambling (see image at top).


Enter cryptocurrencies, a new type of gambling technology. People who buy cryptocurrencies such as bitcoin, litecoin, and XRP are making a bet on what they think a subsequent round of players will pay for the tokens, the second round's expectation in turn a function of what they believe the third wave of players will pay. If they get this guessing game right, the earliest players win at the expense of the late ones.

The prices generated by these 24/7 mind-games are incredibly volatile. But that's part of the excitement. Bet correctly and one's entire financial life can be upgraded. With so few opportunities for wagering, no wonder that Koreans have flocked to these new financial games.

If cryptocurrencies are just another form of gambling, why hasn't the Korean government blocked them? I can think of two reasons. First, since cryptocurrencies are decentralized bearer instruments, it is difficult to screen them out. Sure, centralized exchanges can be shut down. But the stuff will squeak through informally anyways. Secondly, cryptocurrencies have been mis-marketed as a monetary technology rather than a gambling technology. The term cryptocurrency, for instance, misappropriates the word currency while bitcoin co-opts coin. Tricked into thinking that these new tokens are a form of money or currency, the Korean government has allowed them to slip through its gambling dragnet.

[Yes, there are a few niche cases in which cryptocurrency does serve as a genuine monetary technology. For instance, Matt Ahlborg has a great article chronicling how Nigerian remitters are using a combination of gift cards (iTunes, Steam, Best Buy, etc) and bitcoin to evade Nigeria's capital controls. But the majority of cryptocurrency activity is still generated by gamblers in rich developed nation, the few developing nation monetary use-cases piggy-backing on top.]

Which finally gets me back to the topic of taxing cryptocurrency winnings. In most nations, gambling winnings are not subject to capital gains taxes. (Nor can losses be used to reduce taxes). If you win $10,000 in roulette up here in Canada, you don't have to worry about the tax harvesters at Revenue Canada taking any of it. Lose $10,000, however, and the opposite applies. You can't deduct that $10,000 loss from your taxable income. The US is an exception. It is one of few nations to tax gambling gains.

There are decent reasons for eschewing a tax on gambling winning (and its converse, a tax rebate on gambling losses). Tim Worstall had a good post about this a few years back. "The point about betting of all types," says Worstall, "is that the winning of some people are, and must be, entirely offset by the losses of others." Gambling, in other words, is a zero-sum game. So if a government taxes winning roulette players and offers a tax rebate to losing roulette players, the two flows cancel each other out. On net, no taxes on roulette will be collected.

That seems like a pretty dumb tax. It has all the administrative hassles of a regular tax without generating any of the tax income.

Cryptocurrencies, like other gambles, don't generate any real wealth. Everything that a winning cryptocurrency player earns is necessarily paid by an eventual loser. Since winnings are equivalent to losses over the life-time of a cryptocurrency game, any tax income that a government collects on crypto winnings will eventually be offset by the rebate that it disburses on crypto losses. Like the roulette tax of the previous paragraph, there doesn't seem much point in bothering.

(There are some complications here. All cryptocurrencies are international gambling games--they are played across many national borders. Citizens of certain nations may have gotten into the game earlier than others. Assuming that the average Korean punter bought into bitcoin and XRP later than Americans and Europeans, a Korean capital gains tax may actually generate large losses to the Korean government. This is because the Korean government will end up paying out far more in tax rebates to losers than the taxes it collects from winners.)

By comparison, the tax situation with stocks is entirely different. A tax on stock market capital gains  and associated tax deductability of capital losses don't precisely offset each other. This is because companies like Microsoft or Exxon are not zero-sum games. The underlying businesses generate consistent income that accrues to investors. And so the revenues that the government enjoys from taxing winning stock owners far exceeds the government's payouts to losing stock owners.

So in sum, there are good reasons not to implement a gains/losses tax on betting games like roulette, poker, or cryptocurrency. Interestingly, a decision to avoid taxing cryptocurrency gains may actually help promote their usage as monetary instruments. Calculating how much tax one owes after each purchase made with cryptocurrency is a pain. Remove that headache and people may be more willing to spend them.