Tuesday, June 22, 2021

A short and lukewarm defence of anti-money laundering standards

These days it seems that everyone is a critic of anti-money laundering rules. In this post I want to try and defend our current approach to anti-money laundering.

I'm writing from the perspective of an outsider. That is, I'm not a regulator. Nor am I a member of the growing anti-money laundering industry. Mine is a lukewarm defence. I'm not terribly wedded to my views.

First, a quick definition. What I mean by anti-money laundering rules are the set of standards that banks and other financial institutions have to follow to prevent criminals from using them. For instance, a cryptocurrency exchange is required to verify ID before it can open a new account. For international wires, a bank must follow the travel rule and send their customer's personal information to the recipient bank. This is just a sample. There are hundreds of rules.  

I want to start waaay back at the beginning with first principles.

1) Should money laundering be a criminal offence?

Society has criminalized money laundering. But we could also imagine living in an alternative universe where money laundering is perfectly legal. In this parallel world a criminal could walk into a bank with $1 million in cash, announce loudly that they had stolen it, and the banker could casually accept the criminal's deposit without ever having to worry about being indicted for laundering money.

But we don't live in that world. It's illegal for the banker to knowingly accept a $1 million deposit of dirty money.

When I think about money laundering I put it in the same category as fencing. Criminalizing money laundering makes sense to me for the same reason that fencing is illegal.

A fence is a third party who specializes in providing burglars and thieves with a market to re-sell stolen property. The fence knows full well that they are contributing to the process of facilitating property theft. They may have an explicit relationship with the thief, or they may only have a pretty good idea that the goods they are buying are stolen. But they partake anyways. And so like the original thief, they are guilty of hurting innocent victims.

A banker who launders money is like a fence. They specialize in providing fraudsters and mob families with a venue for depositing and converting stolen money. Because they are knowing participants in this transactional chain, these bankers abet the original crime, just like a fence does.

We could decriminalize the acts of money laundering and fencing. But I think this would be a mistake. Any financial intermediary who deliberately specializes in serving a criminal clientele is engaging in the very same act as the criminal themselves. It's wrong and deserves to be made illegal.

2) Should we have anti-money laundering standards?

If you accept my premise that money laundering should be criminalized, I think that you should also accept that we need an anti-money laundering standard. That is, you should agree that we need a minimum set of anti-money laundering rules that all financial institutions are required to implement.

Consider Jack, a banker. He specializes in providing financial services to criminals. If money laundering is declared illegal, Jack can avoid prosecution for money laundering by following a policy of don't-ask-don't-tell or ask-but-don't-check. That allows him to continue serving his criminal clientele while not explicitly running afoul of society's prohibition on laundering money.

To close these don't-ask-don't-tell and ask-but-don't-check loopholes, we need a standard, a minimum set of anti-money laundering rules that Jack and all his banking competitors must implement. Without a standard, the criminalization of money laundering is meaningless. We'd be letting the Jacks run rampant, and that equates to living in a world where money laundering is "illegal" but is actually permitted.

Put differently, if you don't support anti-money laundering standards, then you effectively support a decriminalization of money laundering.  

3) Is our current standard the right standard?

You may agree that money laundering should be criminalized, and you may also agree that we need to augment this with a standard set of rules to prevent folks like Jack from exploiting loopholes. Which gets us to our third and last point: is our current standard the right one?

Our current standard involves requiring every bank to set up strict know-your-customer (KYC) procedures, thus (hopefully) keeping criminals out of the system.

KYC comes at a cost. First, it is expensive for financial institutions to implement, favoring incumbents. Second, KYC shuts those who lack ID out of the financial system. Lastly, according to the UN, privacy is a fundamental human right. Universal KYC sacrifices this right by forcing everyone to give up their valuable personal information to an assortment of financial institutions.

Privacy advocates are appalled at the costs of KYC. On the other hand, calling for the abolition of KYC requirements on human rights grounds would be tantamount to endorsing the decriminalization of money laundering. After all, without KYC we would be allowing dirty bankers like Jack to operate with impunity. One of the two ideals, either the criminalization of money laundering or privacy as a fundamental human right, inevitably has to give.

For now, we accept the costs or KYC as the unfortunate by-product of our original choice to make money laundering illegal. It's not an easy compromise, but we're plowing ahead with it.

What if it was possible to improve our current standard so we could reduce the aforementioned deficiencies while still catching the Jacks of the world? Dave Birch recently described a different sort standard. Instead of keeping criminals out, maybe banks should let them into the financial system (by setting up minimum KYC) and then use AI and analytics to catch them. (Presumably all of those good actors who formerly lacked ID can now get the financial services they deserve.)  

It's an interesting idea.

So to sum up, I'm tepidly in favor of current anti-money laundering standards. First, I support the criminalization of money laundering. And second, I accept that we need a minimum set of rules and standards to out the Jacks of the world. Third, I'm not sure if our current standard is the best. Maybe it is, maybe it isn't. I'd like to learn more. If we can squeeze out a bit more privacy while still catching the same number of money launderers, I'm all for it.

Friday, June 11, 2021

Why do ransomware gangs like bitcoin? It's the censorship resistance

A new type of crime has recently emerged: big-ticket repeatable ransomware. Bitcoin is the chosen payments method for ransomware gangs. But these gangs don't use bitcoin because it is anonymous. They've chosen it because it is censorship-resistant.

Here's a quick illustration of how ransomware works. A university's servers are encrypted by a ransomware operator. Common victims also include corporations, hospitals, or police departments. Only a payment of, say, $1.14 million in bitcoins will release them (see below). The gang may up the ante by threatening to auction off the institution's data if a ransom isn't paid.

Ransomware isn't new. What is new and unique about the recent spate of ransom attacks is that they are:

That is, the average size of these attacks registers around $170,000, according to Sophos. Prior bouts of ransomware involved much smaller amounts. Secondly, these aren't isolated one-off attacks. They are manufactured at industry-scale with gangs like Ryuk or REvil carrying out dozens of attacks each day.

What makes bitcoin such a great tool for carrying out big-ticket repeatable attacks?

It's not the anonymity. A lot of people think that bitcoin is anonymous it's actually pseudonymous. All bitcoin transfers can be seen on the blockchain, or Bitcoin's public ledger. This is inconvenient for ransomware gangs because a ransom can be tracked from the original victim to its final destination. While it's possible to use a tool called a mixer to obfuscate one's bitcoin transactions, most ransomware gangs don't bother. Nor do gangs use cryptocurrencies that provide native anonymity, like Monero.

All of this points to the fact that anonymity is not really important to Ryuk, REvil, and other ransomware operators.

So what is it about Bitcoin that is attractive to these gangs? The feature they are after is something called censorship resistance. That is, Bitcoin allows value to be electronically transferred across vast distances without being halted or frozen. A ransomware gang can extort $1.14 from a victim in a country like the U.S. with strong law enforcement and repatriate it to a country with weak law enforcement like Russia, and then sell it for hard cash all without having to worry about a bank or the FBI freezing their funds somewhere in-between.

Bitcoin isn't the only censorship resistant payment network.

You wouldn't think it, but gift cards like iTunes and Google Play cards are (semi) censorship resistant payments networks, and it is for this reason that they've become popular with criminals. Scammers in call centres located in India frighten their U.S. victims with the fake threat of being apprehended by IRS agents, then tell the victim send a $500 gift card number by text in order to be exonerated. The gang will either resell the card number for cash or spend the balances in an app that they control. Gift card issuers don't have effective measures to freeze balances, so the bad guys can more-or-less use gift card networks with impunity.

So why are today's ransomware gangs using bitcoin instead of gift cards to extort money from the likes of the University of California San Francisco?

At the outset of this post I specified that one of the unique features of modern ransomware is that it is big ticket. A gang that wants to extort a victim for $1.14 million can't do so using gift cards. The maximum gift card size is $500. University of California San Francisco would have to buy 2,500 cards and send the attacker all the card numbers. And then the gang would have to launder all those cards. It's just too inconvenient. 

No, some other payment rail is necessary to do big ticket ransoms. Bitcoin is perfect for this there is no limit on transfer size.

What about carrying out big ticket ransom attacks via wire transfers? A wire transfer is an electronic payment from one bank account to another, often overseas.

Wire transfers are ideal for big ticket payments, but they aren't censorship resistant. Banks require identification and can freeze suspicious transfers. Our ransomware gang might be able work around this by setting up a network of money mules and accounts using fake ID in a foreign jurisdiction with weak law enforcement. They could then order a victim such as the University of California San Francisco to wire $1.14 million to the gang's foreign bank account. If the $10 million successfully arrives without being frozen, the gang  quickly withdraws the funds as cash before an injunction arrives.

But remember, the second key feature of modern day ransomware is that these gangs are carrying out multiple attacks each day. Setting up fake accounts at various foreign banks in order to receive wire transfers requires a lot of effort. Once one account has been used, it is compromised forever. By contrast, using the Bitcoin network over and over is a cinch. 

In short, wire transfers don't scale. Only Bitcoin allows for the mass production of ransom payments.

So now we know why ransomware gangs like to use Bitcoin. It's not the anonymity. Rather, Bitcoin opens up the field to big-ticket repeatable censorship-resistant payments. 

The next question we may want to ask ourselves is this: should we try and modify the Bitcoin payment network to stop these attacks?

We have a long history of making changes to payments systems that have become popular with criminals. When electronic gold issuer E-Gold became a tool for carders, it had to introduce a customer identification program. Western Union became a haven for “wire money to get me out of jail!” scams. It was fined and introduced much stricter know-your-customer rules. In the early 2010s Green Dot's MoneyPak became a popular network for FBI scams. Green Dot shut MoneyPak down for a year and rebuilt it from scratch to make it much harder for scammers to penetrate.

Bitcoin can't be modified, though. It is censorship-resistant. Which means we need other responses.

One possibility is to ban cryptocurrency. But as I wrote in a recent article for the Sound Money Project, I'm not a big fan of that solution. It seems like overkill. Rather, I suggested putting an embargo on the ransom payments themselves in order to cut off ransomware gangs' revenue. (I also fleshed this idea in an article for Coindesk in 2020.)

Here's another option. The U.S. government could make it difficult for ransomware operators by dusting off Section 311 of the USA Patriot Act. Let me explain how this would work.

A big chunk of the ransom payments that gangs like REvil collect are routed to cryptocurrency exchanges in jurisdictions with minimal anti-money laundering controls. The bitcoins then get converted into cash. Without these liquid offshore exchanges, it would be difficult for ransomware operators to launder their funds into spendable cash.

According to cryptocurrency analysis firm Chainalysis, one large Russian cryptocurrency took in nearly 44% of all ransomware funds sent to exchanges in 2019. (Chainalysis refused to name names). More recently, I stumbled on the following anecdote. It shows how a certain Russian exchange (perhaps the same one that Chainalysis mentions?) converts incoming bitcoin ransomware directly to U.S. dollar banknotes.

Now, without rogue exchanges such as the one above it would be difficult for ransomware operators to engage in business. But these exchanges are usually located outside of U.S. jurisdiction, so there seems to be little that the U.S. can be done about it.

This is where Section 311 comes in.

Section 311 allows the the Financial Crimes Enforcement Network (FinCEN), an arm of the U.S. Treasury, to designate any foreign based financial institution (like our Russian cryptocurrency exchange) as a primary money laundering concern. Once so designated, it becomes illegal for any U.S. financial institution to interact with the listed entity. 

For those readers with long memories, Section 311 was used to shut down Liberty Reserve, a Costa Rican-based electronic money issuer that became popular with criminals involved in identity fraud and credit card theft. Below is a list of entities that have been designated under Section 311.

Entities designated by FinCEN under Section 311 of the Patriot Act

What really provides Section 311 with the extra oomph for reaching rogue exchanges is that it allows FinCEN to require that U.S. financial institutions stop doing business with any other entity that provides banking services to the designated entity. Think of this strategy as the friend of my enemy is my enemy. Any Russian bank that offers an account to the offending Russian cryptocurrency exchange could be cut off from the U.S. banking system, too. Because the U.S. market is such an important market, most Russian banks will stop doing business with the exchange just to stay friendly with the US.

So Section 311 would cripple ransomware-friendly exchanges by severing them from the financial system. And without these rogue exchanges, it becomes much trickier to be a ransomware gang.

To sum up, Bitcoin is censorship-resistant. That's why ransomware gangs like it. This very same feature also prevents democratic societies from modifying the Bitcoin protocol to exclude ransomware gangs. Bitcoin may be censorship resistant, but the venues where it is traded are not. Section 311 and other tools that allow for leverage over these venues remain one of the best ways to attack bitcoin-based ransomware.

Tuesday, June 1, 2021

A bronze currency in ancient Europe?

Metal scraps from a soldier’s pouch found at the Late Bronze Age battlefield of Tollensee Valley (source)

1) Last month I wrote about hacksilver currency in the ancient Middle East. This month I thought I'd share some fascinating archaeological research exploring what Europeans may have used as money during the Bronze Age.

2) By Bronze Age Europe, what is generally meant is the period beginning with the first appearance of bronze, a product of copper and tin, in southern Europe around 3000 BC and spreading north into the rest of Europe. It lasted till the introduction of iron between 1000 BC - 600 BC, depending on the region.

3) Did Bronze Age Europeans develop the idea of using metal as a common medium of exchange? There's a big hurdle to answering this question. Europe lacks textual evidence.

4) This isn't a problem in the Middle East. Thanks to the survival of "texts" such as cuneiform tablets, it is commonly accepted among archaeologists that hacksilver, or bits of cut up silver, circulated as a medium of exchange in the Near Middle East (i.e. Turkey, Israel, Iraq, Egypt, Iran). Europe, by contrast, hadn't yet developed written language -- that wouldn't come till around 500 BC. And so archaeologists don't have textual evidence that they can use to get hints about what Europeans used (or not) as money during the Bronze Age.

5) One curiosity from Bronze Age Europe is why cut up pieces of bronze are habitually found at dig sites all over Europe. Here is a picture of a bronze hoard found in France that I screenshotted from a paper by Dirk Brandherm (2018).

6) Europeans liked their bronze fragments. As time passed, evidence from hoards shows that more and more bronze was used in Europe. And the proportion of bronze being subject to fragmentation increased over time as well.

7) Archaeologists have long speculated why Europeans cut bronze into pieces. One theory is the owners of the bronze intentionally did so just prior to burial for religious reasons. Brandherm (2018) goes into this theory in some detail. Breaking up bronze may have been part of a ritual of "killing" objects perceived as being animate beings. These bronze fragments may have been intended for use in the afterlife or as votive offerings.

8) Archaeologist Rob Wiseman (2018) recently flagged a problem with the religious theory of intentional bronze fragmentation.

If bronze was purposefully broken up, there should be a discernible pattern in the weight and/or length of pieces making up individual hoards. For instance, one hoard might have a lot of smaller fragments, and another larger ones. That would demonstrate intentionality. However, the characteristics of bronze hoards (Wiseman studied British ones) shows that they can be best modeled as if they had each been accumulated randomly.

9) According to Wiseman, Europe's bronze hoards are best thought of as personal stashes of bronze haphazardly assembled from already-circulating bronze fragments. These bronze hoards were probably only meant to be buried for a few weeks or months. Instead they ended up being forgotten or lost.

10) Which gets us to our next theory for Europe's bronze fragments. If the bronze was not fragmented just prior to burial for religious reasons, but while it was still in circulation, might it have been fragmented for commercial reasons? More specifically, was bronze a form of currency?

11) In a recent paper, Nicola Ialongo and Giancarlo Lago provide what they believe could be evidence for the currency theory. Through a careful statistical analysis, the two archaeologists have found a relationship between bronze fragments and balance weights used by ancient Europeans to measure mass. They believe that this compliance of bronze pieces to a system of weights and measures is a good indication that bronze fragments were used as currency.

12) The technology for weighing things -- balance weights and bone/antler balance beams -- arrived in Southern Italy in Early Bronze Age (2300 to 1700 BC) and by 800 BC had been adopted all across Europe.

Bronze age balance weights from Southern Italy (source)

13) In an earlier paper published in 2018, Ialongo teamed up with Lorenz Rahmstorf to analyze around 500 stone and bronze balance weights found all across Europe. They find that these balance weights tend to form a sequence, illustrated below in a frequency distribution chart.

The frequencies of balance weights for each weight in grams (source)

As you can see, the balance weights mostly fall within a number of major clusters. Taking the cluster of weights at 9.6 grams as the base unit, it's possible to see a logical sequence of roughly 1⁄3, 2⁄3, 1, 2, 3, 4, 5, 6, 10, 12, 15, 20 for all weights between 3.1 grams and 393 grams.

It's pleasing to see this regularity, because it's what you'd expect of weights -- a degree of standardization.

14) In his subsequent paper with Lago, Ialongo searched for a link between these balance weights and the bronze fragments found in hoards. The two archaeologists measured the weight of 1411 bronze fragments found in modern-day Italy, Poland, and Germany. They then compared this data to balance weights found all across Bronze Age Europe. What they found is that the bronze fragments seem to have been systematically broken up in a way such that their mass aligns with the system of weights.

15) Below is a chart that illustrates this statistical relationship.

Bronze fragments (right) comply with balance weights (left). Source

(The archaeologists have used a tool called cosine quantogram analysis to pin down this relationship. If you are interested in the details of this process, please refer to their papers. But to understand what this chart is saying, read on.)

16) On the left, the data for the balance weights is depicted. The bell-shaped purple region between 9 grams and 11 grams is where most of the balance weights lie (with a best fit of 9.6 grams). That is, most of the balance weights either had a mass of ~9.6 grams or some multiple of 9.6 grams. As a multiple of 9.6 grams, that means they may have clocked in at 19.2 grams (9.6 x 2) or 96.2 (9.6 x 10) or some other even multiple.

Likewise, the chart says that weights were unlikely to clock in at a weight of, say, 6 grams, or some multiple of 6 grams (like 12 grams, 18 grams, 60 grams etc). There is no bell-shaped concentration on the chart at 6 grams.

17) Ialongo and Luca describe this regularity as evidence of a pan-European weight unit, a shekel, of about 9.4 grams to 10.2 grams, the same unit Ialongo pinpointed with Rahmstorf a few years before.

18) The right side of the chart shows that the bronze fragments are broken up in a way that aligns with a theorized European shekel. The bronze fragments tend to fall in the orange zone, with a best fit of 9.8 grams. That means they either weigh about 9.8 grams or an even multiple of 9.8 grams. (But they almost never weigh 6 grams or a multiple of 6 grams).

I don't know about you, but I find this three thousand year-old regularity remarkable. Both the fact that it existed and that we teased it out so many years later.

19) Why might bronze have been fragmented in a way that seems to comply with the 9.4 gram European shekel? 

Presumably if bronze pieces were being used as a medium of exchange, then it would be convenient for those engaged in trade if those pieces were broken up into standardized 9.6 gram chunks (and its increments such as 19.2, etc). The possession of multiple cleanly cut pieces would have sped up the process of exchange, sort of like how having five $1 dollar bills and three $5 bills in your wallet is more convenient than having just one $20 bill. Having many denominations allows one to cleanly reach a wider number of amounts, buy more things, and transact with more people.

20) I don't think this quite gets us over the line to currency, though. 

Bronze could have simply been a popular commodity at the time, not a medium of exchange. But why did bronze fragments comply with the weight system if there was nothing monetary about them? Because it was convenient. Even if bronze was just a commodity, cutting it up in a standardized way would have simplified the process of trading it.

21) Ialongo and Lago don't stop there, though. They turn to the Middle East for an analogy. Evidence shows that hacksilver (bits of broken up silver) found at Ebla, a dig site located in modern day Syria, complied with balance weights found all over the Near Middle East. In a 2018 paper with Luca Peyronel and Agnese Vacca, Ialongo illustrates this relationship with a chart.

Middle Eastern balance weights and hacksilver (in green) tend to overlap (Source)

Both the balance weights (in non-green colours) and the hacksilver (in green) tend to accumulate at regular intervals such as 8.36 grams, 16.58, grams (which is 2 x 8.36), 82.77 (which is 10 x 8.36) etc. This makes sense, since archaeologists have long believed that ancient Mesopotamia used a standard weight unit of 8.4 grams

22) To continue with Ialongo and Luca's analogy...

The statistical relationship between metal fragments and balance weights that we see in Bronze Age Europe is very much the same as the one we see see in Middle East. But in the Middle East we have textual evidence that hacksilver was a popular medium of exchange. Europe lacks textual evidence. Given that we know that hacksilver was a form of currency in the Middle East, and said currency aligned to a system of weights, could that mean that the alignment of bronze fragments to a system of weights in Europe indicates that bronze was also a type of currency?

23) It's a provocative argument. Ialongo and Luca's paper is still new, so it'll be interesting to see what their peers have to say.

24) Even if you don't buy the currency argument, it's still neat to see how bronze pieces all over Europe were being fragmented according to the same European weight standard. It implies that Europeans weren't primitive and isolated. They were engaged in continental commercial trade with each other, and were connected enough to merit the development of standardized systems of weights and measures.

Saturday, May 15, 2021

The overconsumption theory of bitcoin (and decentralization in general)

Bitcoin mining farm (via CoinDesk)

There are two extreme theories about cryptocurrency energy consumption, both of them bitterly opposed to each other. The first I'll call the big waste theory. Cryptocurrencies such as Bitcoin and Ethereum serve no useful purpose. Yet they are sucking up huge amounts of useful electricity. Let's ban them.

The second theory is the vital cog theory. Cryptocurrencies are a useful bit of global financial infrastructure. And so the huge amounts of energy that they are consuming is beneficial. Let's not impede them.

(This is an adaptation of an article I wrote for the Sound Money Project. Do head over to read it.)

In this post I'm going to trace a reasonable path between these two extremes with an overconsumptionist theory of bitcoin and decentralized technologies.


The vital cog theorists are right about one thing. Decentralized technologies like Bitcoin, Dogecoin, and Ethereum are useful.

But here's my modifier. These curious technologies are only inherently useful to a small group consisting of hobbyists, outsiders, and criminals. It's in the nature of a hobbyist to seek out complex and obscure things (such as decentralization, rare stamps, or ham radio) and consume it in abnormally large quantities. As for outsiders, they may get cut off from centralized service providers because they are engaged in legal but unfashionable activities. They need a decentralized alternative that can't censor them. Finally, criminals are drawn to places where they can operate unimpeded. Decentralized technologies are perfect for that.

For mainstream audiences, however, decentralized services are without value. Regular folks don't have a hobbyist's sensibilities for abstruseness, nor do they have the outsider's problem of being cut off from mainstream technologies, nor do they engage in criminal behavior. Introducing them to Bitcoin or Ethereum is like opening up a $5000 '67 Merlot for a friend who thinks all wines are the same – it's overkill.

Which gets us to the big waste theorists. They are right. Huge amounts of energy are being wasted by decentralized technology. Electricity thrown down the toilet.

But electricity isn't being wasted for the reasons that the big waste theorists typically put forth. Decentralized technologies are truly useful for passionate hobbyists and disconnected outsiders.

Rather, let's blame all the mainstream users who have decided to onboard themselves into these expensive energy-intensive technologies. Most mainstream users don't get any utility from decentralization. And so the huge amounts of electricity being devoted to their activities is wasteful.

More concisely, the problem isn't that bitcoin is wrong. The problem is that society is consuming too much bitcoin.

Next, I'm going to try and explain why mainstream users are over-consuming decentralization.

No doubt about it. Decentralization is EXPENSIVE. The process of securing a decentralized ledger requires thousands of competing computers, or miners, to perform redundant calculations. I’m not going to give a detailed description of how this mining process works. Suffice to say that it demands massive amounts of electricity. The miners who burn this energy don't work for free. They have to be paid significant amounts of money to cover their energy bills.

By contrast, centralized ledger technology, say an Excel spreadsheet, sips energy. That's because storing and updating a centralized ledger requires a single computer. Here is Matt Levine on ExcelCoin:

If decentralized ledgers are so pricey, why are mainstream users migrating over to them? Your neighbour owns Litecoin, your daughter holds Dogecoin, and your brother-in-law has some Bitcoin. Shouldn't these people be sticking to cheaper centralized options like ExcelCoin? After all, regular folks don't typically pay $6,000 for a '67 Merlot. They're perfectly happy buying a 2018 Pinot for $12.

I suspect that mainstream users are switching over because they don't directly experience the huge costs of decentralization. That is, they don't see the a line item called  "decentralization costs" in their monthly bills. There is no uncomfortable feeling of fees draining out of their wallets to pay electricity guzzling miners.

But these costs do exist. The problem is that they get paid in a very opaque way. Most of the costs of supporting decentralized networks come in the form of "inflation," or the issuance of new coins.

Below I've built a table showing how much it costs in inflation, or new coins, to support seven popular decentralized networks:

So for instance, every 13.2 seconds the Ethereum network creates two new Ether tokens out of nothing to pays to miners. At a price of $3,780 per token, this comes out to around $49 million per day, or $18 billion per year. Given that the value of the entire Ethereum network is $440 billion, this $18 billion in maintenance amounts to 4.1% per year.

4.1% is a lot. It's waaaay more costly than Matt Levine's ExcelCoin. My Vanguard ETF management fee comes out to just 0.1% or so.

But as I said, Ethereum users don't actually feel the pain of a yearly 4.1% fee. If you hold 10 Ether tokens, it's not as if 0.41 of that gets deducted from your personal stash each year.

The same goes for Bitcoin. Around $16 billion in new bitcoins gets paid to miners each year. That's 1.8% of the total value of the network. But bitcoiners don't actually see their balances being docked a 1.8% fee. Nor do Dogecoin holders have to foot Dogecoin's 4.1% maintenance, or Litecoin fans feel the pain of Litecoin's 3.9% mining costs.

Some of you are probably thinking: Ok JP, maybe you're right. Cryptocurrency users don't have to pay explicit fees. But surely mining costs are personally felt because they dilute the value of everyone's holdings? Doesn't this dissuade mainstream users from switching over to crypto?

Put differently, the point being made is that the $18 billion (or 4.1%) in new Ether push down everyone's Ether balances by a corresponding 4.1% each year. Likewise, Bitcoin's 1.8% inflation push everyone's bitcoin balances down by 1.8%.

Nope. There's no such thing as dilution.

That's because each networks' entire issuance schedule is already built into its price. Bitcoin's $50,000 price already includes the fact that Bitcoin miners must be paid 1.8% each year in new bitcoin.

I tried to explain how this works in my Sound Money article, but I'll repeat it here. Every two weeks Microsoft must pay its employees. But if I own Microsoft shares, the price of my shares doesn’t fall every time employee payday arrives. The price of Microsoft shares already includes the information that salary must be paid.

The same goes for Bitcoin. The fees paid to miners, like Microsoft’s salaries, are already factored into Bitcoin’s price.   

So people who hold cryptocurrencies don't feel any of the painful costs of decentralization. They neither endure explicit recurring fees nor regular price dilution. And so they are consuming expensive decentralization on the false sense that it is a free good.

Which gets us back to our two theories. The big waste theory says that all consumption of decentralization is wasteful. The vital cog theory says that none of it is wasteful. My middle of the road theory is that only the mistaken, accidental consumption of blissfully unaware mainstream users is wasteful.

Say that users actually had to pay an explicit 4.1% Dogecoin mining fee each year out of their own pocket, or a 1.9% Bitcoin mining fee. Our story would be very different.

Connoisseurs of decentralization would be happy to pay these fees. So would outsiders and criminals. But most people wouldn't. The moment Coinbase starts docking a fee every 10 minutes from Joe Regular's Coinbase account, Joe is going to move his $1000 back to the ExcelCoin alternative, say a centralized options & futures account. Or maybe to a sports betting website.*

And thus if the costs of decentralized technologies—Dogecoin, Ethereum, Bitcoin, Zcash, and whatnot—were transparent, they would never have gained such a widespread user base. And we wouldn't be in the midst of the energy consumption disaster we are in.

The big waste theory calls for a ban on cryptocurrency. The vital cog theory calls for acceptance. Splitting the difference, why not fix the mistake of overconsumption by levying a yearly tax on the value of cryptocurrency holdings? Like a carbon tax, it would force mainstream users to internalize the costs of consuming decentralization. But unlike a ban, it would allow outsiders and hobbyists to continue to use decentralized products.

* Even if we made the painful costs of decentralization explicit, would this actually stop people from playing? From the mainstream user's perspective, the attraction of buying Dogecoin is to make a 1000% return. Even if people have to pay a 4.1% decentralization fee out of their own pocket (rather than via opaque inflation), they may be willing to still play if only to get exposure to a potential jackpot.

Thursday, May 6, 2021

A nickel is worth more than a nickel

Having just emerged from the fiasco of last year's coin shortage (which I wrote about here and here), the U.S. Mint has a new problem on its hands. The melt value of the nickel, or five cent coin, has suddenly moved higher than the coin's face value.

The melt value of a nickel refers to the market value of the 3.25 grams of copper and 1.75 grams of nickel inherent in each five cent coin. In the chart below I've mapped out the melt value of a U.S. nickel going back to 2000, decomposed into its copper and nickel components.

As you can see, the last time that the intrinsic value of a coin exceeded its face value was ten years ago, back in 2011. Thanks to the huge rally in copper prices over the last twelve months, the metallic content of a nickel is currently worth 5.9 cents. In theory, anyone can buy nickels for five cents, melt them down, sell the copper and nickel for 5.9 cents, and earn 0.9 cent profit less costs.

But this trade isn't without its risks. Since 2006, the U.S. Mint has made it illegal to melt down U.S. one-cent and five-cent coins. Rule-breakers can get up to five years in jail. A would-be entrepreneur might try exporting U.S. nickels to Canada to melt them down. But the U.S. Mint anticipated this loophole and also made it illegal to export coins in amounts exceeding $5.

These sorts of punishments might reduce melting. But they are unlikely to stop melting altogether.

The price of copper has risen over the last year, but the price of nickel hasn't matched it. If nickel prices were to rise too and the melt value of a five-cent coin were to hit, say, 8 or 9 cents, then the financial incentive to break anti-melting laws would become quite strong. Cue the problem of coin shortages. If a coin is more valuable for its metal content than as money, it'll quickly disappear from circulation.

Shortages arising from illegal melting would be exacerbated by legal nickel hoarding by speculators. Kyle Bass, for instance, once made a $1 million nickel bet that I wrote about here. Expect many Kyle Basses to emerge out of the woodwork as commodity prices rise.

Careful readers will recognize this as an instance of Gresham's law. When a monetary instrument's value is fixed by the authority, but its intrinsic value is above the amount, then all of this "good" money will be withdrawn from circulation.

What's the solution? 

We've been fighting this problem for hundreds of years and have devised a pretty standard fix. The Mint needs to quickly reduce the metallic value of the nickel. For instance, the U.S. was plagued by shortages of silver quarters in the 1950 and '60s as people hoarded them for their silver content. The solution was to replace silver quarters with cheaper copper ones. (I wrote about these wise debasements here.)

Take another example. In 1982, the high price of copper forced the U.S. Mint to swap its 95% copper penny for a 97.5% zinc penny. Zinc is cheaper than copper. To this day, the melt value of a U.S. penny remains quite a bit below its face value, as the chart below illustrates. (The only exception is a few months in 2007 when high zinc prices pushed a penny up to 1.1¢.) If the U.S. Mint hadn't made the switch from copper to zinc in 1982, then the melt-value of pennies would currently be around 2.5¢, and everyone would be melting them down.

So moving back to 2021, one the U.S. Mint's option to combat hoarding and melting of nickels is a zinc nickel. A steel nickel is another possibility – back in 2000 we Canadians switched our five-cent coins from a nickel/copper mix over to 94.5% steel.

Sure, there would be some hassles. Vending machines often read a coin’s electromagnetic signature to determine its denomination. A move to steel coinage would require the vending machine industry to make significant changes to its coin-reading apparatuses.  

But compared to enduring constant shortages, a switch is a far better idea.

Or here's another option. Why not use the occasion of high commodity prices to get rid of both the one-cent and five-cent coins altogether? These coins are little more than monetary pollution. We don't need them anymore.

Thursday, April 29, 2021

Is DeFi unregulatable?

 Government's can't regulate DeFi, can they? It's too wild and uncontrollable.

DeFi, or decentralized finance, is the set of anarchic financial tools built on top of the Ethereum blockchain. These tools mimic what you'd see in the real world. MakerDAO is a decentralized bank, Compound and Aave are decentralized lending marketplaces (like Lending Tree), and Uniswap is an exchange, like the NASDAQ, except on a blockchain.

Unlike regular financial institutions, none of these Ethereum-based institutions operates with a license, registration, or a permit.

MakerDAO, for instance, recently financed some real world mortgages by issuing U.S. dollar deposits. So it seems to be operating as a commercial bank. However, MakerDAO hasn't secured a banking license from any of the world's biggest banking regulator, say OSFI, the FCA, OCC or any of the 50-some U.S. state financial departments.

Because DeFi is so new, it operates in a grey zone. On the one hand we can argue that the collection of smart contracts and governance mechanisms that comprises MakerDAO probably ought to do the bankerly thing and apply for a banking license. On the other hand there doesn't seem to be an express written rule about smart contracts on Ethereum requiring licensing.

But lets say that a bank regulator made an explicit announcement that MakerDAO and other DeFi tools acting as banks all had to get a license. Could MakerDAO get away without complying?

Because tools like MakerDAO are built on blockchains, and blockchains are too wild to be controlled, the theory is that there is no way for a regulator to exert sufficient pressure on the tool owners to instigate change. MakerDAO's owners will just laugh and keep doing what they've been doing. So would Aave, Uniswap and Curve. Smart contracts are just bits of unstoppable code, after all. They can't be punished for non-compliance. 

So DeFi is not only unregulated, goes the theory. It is unregulatable.

I think regulating DeFi would be fairly easy. U.S. regulators just announce "thou art now regulated and must comply with the following set of rules" and that'd be sufficient. Pretty soon, the biggest DeFi tools would fall into line.

Much of a regulator's leverage is exerted indirectly, via users. Even if the operators/administrators of major DeFi tools are against the idea of falling into line, their users will drag them towards it. 

Right now, the status of most DeFi tools is undefined. Users aren't doing anything illegal by interacting with them. They aren't doing anything legal, either. So people just shrug and use them. But regulation would change that status. Suddenly, tools and their users would be placed squarely in the illegal category, albeit with a pathway to legality.

U.S.-based financial institutions make up the largest group of financial tool users. And financial institutions generally prefer to avoid doing unlawful things, say like connecting to illegal financial tools. Retail customers, a less important customer group, are less picky. Some will do illegal things. But they mostly prefer to be on the side of the law.
That means any decentralized financial tool that wants to continue capturing the two biggest pools of money —institutional capital and licit retail funds—will have to make it legal for these users to connect to them. The proper licenses will have to be secured, regulatory-compliant smart contracts created, and a mechanism devised for users to port over. The biggest DeFi tools will choose to conform... if they want to stay the biggest.  

Sure, plenty of DeFi tools won't bother complying with regulation. But these tools will only end up appealing to an underground clientele, and that's always going to be a smaller market than the pool of licit users.

Network effects will be on the side of regulators. Read on...

A portion of DeFi users (traders, borrowers, liquidity providers, token issuers etc) will be indifferent between lawful DeFi tools or illegal tools. They just want to use the best ones. These agnostics will probably end up using the regulated tools by default. There is much more licit capital than illicit capital. And so regulated DeFi tools will have the best liquidity, tightest spreads, and lowest fees. The go-to choice will always be regulated DeFi.

This network effect operates in the same way as the U.S. government's decision to impose Daylight Savings Time. You may hate DST or you may be indifferent, you may not understand it or you may have forgotten about it. But come March 14 and November 7 you unfailingly move your clocks forward or backwards. Using a different clock than everyone else is just too much of a burden. Likewise, if the government announced a DST equivalent for DeFi, much of the space would get dragged, perhaps kicking and screaming, into a state of being standardized, or regulated. Remaining out-of-standard is too costly.

Regulated tools would probably stop interacting altogether with illegal tools. DeFi, currently an open playground, would further balkanize into underground DeFi and legit DeFi. Choosing underground DeFi would be an increasingly costly choice, since one risks being forever cut-off from legit DeFi.

So DeFi, or at least a big part of it, can probably be regulated. However, there will always be an unregulatable anarchic edge. Good luck stopping an Ethereum-based ponzi scheme, for instance. These are blockchains, after all. And they are open to everyone.

Wednesday, April 21, 2021

Why did Dogecoin take off but Feathercoin didn't?

Dogecoin makes us all shake our heads. Introduced in December 2013 as a joke, Dogecoin is now worth over $50 billion, more than Ford Motor Co. Meanwhile Feathercoin, a more serious cryptocurrency that debuted in April 2013 (and initially worth more than Dogecoin), is currently valued at a tiny $10 million.

How are we supposed to understand the strange thing that is Dogecoin?

Let's start by exploring what these odd instruments are. While Dogecoin and Feathercoin seem like an entirely new phenomenon, I'd suggest that they're both really just an updated version of a fairly old financial instrument. You may remember those chain letters your parents used to get in the mail. "Send $5 to each person on the list, then copy it (adding your name to the bottom) and send to their friends," the letter would say. "Then wait for the money to flow in."

Old fashioned chain letters were simple ranked lists that propagated through the post. Propagation occurred in a decentralized manner. There was no "schemer" administering the whole thing. Each player was responsible for abiding by the letter's rules.

Dogecoin (along with Feathercoin) is an updated version of your parent's decentralized chain letter. To begin with, the deployment mechanism is different. Doge propagates over the internet, not the post. Secondly, Dogecoin software ensures honesty. By contrast, old fashioned chain letters – reliant as they were on pen, paper and photocopy machine – were dogged by cheaters who snuck their name to the top of the list.

Rather than have people manually append their names to the list, Dogecoin software creates all the entries in at the outset. And instead of being hierarchical, all spots in the Dogecoin list are equal, or fungible. (All of this goes for Feathercoin, too.)

But other than that, the core concept of a chain letter remains the same: those who already have a spot in the decentralized list are paid off by late-comers.

Sophisticated markets have sprung up to serve those who want to buy & sell these modern honest and fungible chain letters. PayPal, Robinhood, and newly-public Coinbase all let users buy Dogecoin. And so Dogecoin has been effectively fused into the regular financial system.

This degree of mass adoption never happened with your parent's chain letters. Prior to the emergence of cryptocurrencies, chain letter list entries weren't fungible. And so secondary markets never developed. Lacking any sort of integration into regular finance, the chain letters of the 1980s and 90s never went beyond being a sketchy underground phenomenon.


Fans of honest & fungible chain letters (or HFCLs) like to explain them by adopting the complicated rhetoric of monetary economics. Feathercoin says it is for "feather lite payments." More famously, Bitcoin has been variously marketed as a "coin", a store of value, digital gold, or a form of electronic cash destined to "replace fiat currency." This has given the cryptocurrency sector a certain gravitas.

But as Joe Weisenthal points out, Dogecoin doesn't have any of these pretensions. It's just a fun token with a Shiba Inu dog as a mascot. And so all of the rhetoric that traditionally gets attached to cryptocurrency is conveniently stripped away. We get to see Dogecoin and Bitcoin for what they truly are, HFCLs.

Dogecoin's cuddly Shiba Inu has proven be a great tool for propagation, better even than bitcoin's marketing strategy of co-opting the stodgy lingo of monetary economists. In the chart below, I compare the market capitalization of the first 2,690 days of Dogecoin and Bitcoin respectively.

After 2,690 days, Dogecoin's market cap has hit $52 billion. This outranks bitcoin's market cap of $7 billion when it was 2,690 days old. Bitcoin didn't breach the $52 billion level until day 3137, more than a full year (447 days) after Dogecoin did. 

Think of market capitalization – the number of list entries multiplied by their current market value – as a measure of an HFCL's success. But take that number with a grain of salt. If all existing list entry owners actually did try to sell at once, an HFCL's value would fall to zero.

Nor is this the first time that Dogecoin has moved ahead of its older HFCL cousin. As the chart above shows, Doge's market capitalization outranked bitcoin through much of its early life. It also took the lead around days 1,300 and 1,600.


Bitcoin fans aren't pleased. Dogecoin is a bit like your embarrassing younger sibling, the one that you want to hide in the closet because he/she reveals a little too much of the family's foibles. Cryptocurrency is supposed to be about monetary revolution, not fun dogs.

Bitcoiners have adopted various mental blocks to avoid being associated with coins like Dogecoin and Feathercoin. This involves publicly tarring any coin that isn't Bitcoin as a memecoin or a shitcoin. Not only are Dogecoin and Feathercoin categorically different from Bitcoin, but the category that they belong to is an inferior one.

I'll grant there are some differences, but none as deep as bitcoiners might prefer. Yes, Bitcoin is a bit older than Doge and Feathercoin. And they all have very different marketing techniques i.e. fun vs serious. And one of them, Dogecoin, has been (pound for pound) a bit more successful. But apart from that, they're all the same thing. They are all HFCLs.


Whenever experts warn against chain letters, the point they always bring up is that chains cannot be sustained indefinitely. For everyone to make money, a chain letter must grow exponentially. But at some point the math stops working. There won't be enough people left on earth to feed the chain letter.

Does cryptocurrency have to end in tears? 

I'm not so sure. Yes, HFCLs require a constant stream of new players to buy in so that earlier players can exit at a profit. At some high enough market capitalization, there simply won't be enough buyers on earth to pay off ensuing waves of sellers. The HFCL collapses.

It doesn't have to collapse to zero, though. After a 90% or 95% fall the HFCL's price will start to stabilize. The peak-collapse-trough-mania-peak-collapse-trough-mania cycle begins anew.

Feathercoin offers a good template. Feathercoin and Dogecoin were both part of a huge influx of new HFCLs in 2012 and 2013. This crop included Peercoin, Terracoin, Novacoin, Litecoin, Sexcoin, Worldcoin, Ixcoin, and hundreds of others. You can see some of them on the list in the tweet at top of this post. Funny enough, I wrote about the 2012-13 cryptocurrency wave on my blog: see here and here. (Wow, hard to believe I've been doing this for so long.)

Below is a chart of Feathercoin's market capitalization over the last eight years. It has generally moved around between a trough of $100k-$1m and a peak of $10m-$100m. (Note that I am using a log scale axis.) Buy Feathercoin early and hold till its peak and you've effectively turned $100 into $10,000. It is this whiff of huge gains that tempts people into playing HFCLs. Buy too late, however, and your $100 becomes $1.

Of the 2012-13 crop of HFCLs, many of them look like Feathercoin. They haven't grown, but they still exist. Dogecoin is different (and so is Bitcoin). It shares the same general peak-to-trough pattern as Feathercoin. But its peaks and troughs have been steadily rising. 

What I think is happening here is that there is a huge pent up demand to play HFCLs. They are a fun way to potentially make huge amounts of money. But this demand eventually gets focused on a few lucky chains. After all, the market doesn't need 200 HFCLs when two or three large one will do. 

How does the market settle on two or three? I suspect it probably comes down to luck. Finicky things like mascots, logos, influencers, and catchy names probably play a role too. In Bitcoin's case, being first is a huge benefit. And so most HFCLs sort of putter around like Feathercoin. They don't die. But they don't expand either. 

I suspect that Dogecoin and Bitcoin will eventually follow the same pattern as Feathercoin. Growth will peter out. Peaks will start to roughly align with previous peaks. Troughs will form at the same level as previous troughs. And in-between these peaks and troughs, huge fortunes will continue to be made and lost.

Monday, April 12, 2021

The Biden stimulus and the big jump in cash

Since mid-March, the stock of U.S. banknotes has surged by $45 billion. That's a 2.1% increase in just 30-days.  

This jump surprised me (ht to David Beckworth, who brought it to my attention). That's because cash demand patterns are typically quite predictable. We always see a seasonal Christmas/New Year's rush for cash. After Christmas vacation is finished the stock of cash always falls as notes and coins are returned to banks. For the rest of the year the stock of notes slowly rises. During crisis (i.e. Y2K, 9/11, the 2008 credit crisis, and the coronavirus panic) the demand for cash spikes.

But there shouldn't be a cash surge in the middle of a quiet March.

To see how odd this spring's jump in the stock of cash is, I've plotted banknote data from the period beginning November 2020 to now and compared it to equivalent November-to-October periods from 2013-2019. (I've omitted 2020 due to coronavirus-induced oddities). To better facilitate comparison, I've set the opening banknote balance for each period to 1.

The large increase in cash beginning in mid-March 2021 goes far beyond the range set between 2013 and 2019. (Also, take a look at the strange out-of-season pattern in January. We'll get into that further down.)

Here's what I think is happening. On March 13 the Biden stimulus checks started to arrive. For the next few months around 150,000 Americans are expected to receive individual payments of $1400. Those with a child dependent will receive an additional $1400. According to the Congressional Budget Office, the total amount of stimulus is budgeted at $411 billion. By now most of this amount has already been sent out, either in the form of direct deposit, a paper check, or a plastic prepaid debit card.

We'd expect Americans to withdraw a chunk of the $411 billion in stimulus in the form of cash. After all, many people still like to use cash for payments. And many businesses still operate on a cash-only basis. As the chart shows, that's exactly what has happened.

Because banknote patterns are stable, we can use data from previous years to get a pretty good idea about what the stock of cash would be absent stimulus checks. Using weekly data from 2013 to 2019 to infer 2021 numbers, I estimate that there would normally be around $2.067 trillion in banknotes outstanding by mid-April. But this number is clocking in at $2.101 trillion. So thanks to the Biden stimulus, there appears to be $34 billion in extra notes that wouldn't otherwise be there. This averages out to $100 per American.

There are a lot of assumptions in this estimate. I'm assuming that the Biden checks are the only factor explaining the difference between the actual stock of banknotes and an imputed "no stimulus" stock. But this assumption could be wrong.

Cash being withdrawn into circulation is a sign that the stimulus is working. As Claudia Sahm writes here, one goal of a stimulus is to kick-start a self-reinforcing spending loop. My spending on goods & services at your businesses encourages you to spend on goods & services, which gets the next person to do the same. The big jump in cash-in-circulation shows that people are indeed spending their $1400 stimulus rather than saving it in their bank accounts. Put differently, if we didn't see any increase in cash-in-circulation we'd be worried that the $1400 stimulus was being hoarded, not spent.

By the way, we can also see the effects of Trump's earlier stimulus on cash demand in the above chart. The Consolidated Appropriations Act, signed into law in late December 2020, entitled all American adults to a one-time $600 plus $600 per child dependent. The CBO set the total cost of Trump's stimulus checks at $164 billion. This round of checks began to arrive in bank accounts on December 30 and continued into January.

But here things get a bit more complicated. The $600 stimulus payments began to be distributed around New Year, thus overlapping with the traditional unwinding of the big Christmas/New Year splurge in cash. This year the Christmas/New Year effect may have been muted given that many families avoided vacationing and travel due to COVID-19. But in any case, the two effects have counterbalanced each other. The traditional post-New Year's slump in the banknote stock didn't occur this January. Instead, banknotes-in-circulation slowly grew thanks to the stimulus check effect.

The chart shows that by late February 2021 the stock of banknotes had returned to its 2013-2019 average. This suggests that all of the extra Trump stimulus that had been withdrawn as cash had been spent at shops, only to be redeposited at banks, and then the Federal Reserve.

I suspect that the same thing will likely happen with the Biden stimulus. By June, the big bulge in cash will have shrunk. Having been spent, the notes will be sent back by retailers to their bank via Brinks trucks, and then on to the Fed.

One would hope that not all of it disappears. As I suggested earlier, stimulus is supposed to set off a multiplier effect. When this effect has played out, prices and/or output should all have risen by a bit. This means that the ending stock of cash should be a bit higher than before. After all, if the economy has improved, then we all need to hold a bit more cash in our pockets to support our new spending habits.

Wednesday, March 31, 2021

From Circle-of-Gold to Mega$Nets to Bitcoin

We tend to dismiss chain letters as mere scams or frauds. In this post I want to get readers thinking about chain letters as a type of financial innovation, one that has been steadily updated over the decades.

Chain letters are lists. That list is governed by a rule: the first people on the list are to be paid by the latecomers. The chain letter stop working, or paying out, when no one else wants to join up.

The amount of money flowing to early-birds who joined the list is equal to the amount arriving from latecomers. No additional value gets created. That's why chain letters are zero-sum games.

The greatest technological strength of a chain letter is its decentralization. Each node, or participant, is independently responsible for receiving, copying, updating, distributing, and marketing the chain letter. Without a central schemer to indict, it's almost impossible for the authorities to stop it from propagating. Think of chain letters as the honey badgers of the financial world: tough, indestructible, and durable.

One of the most famous chain letters was the Circle of Gold letter. It reportedly started out in San Francisco and ripped through the rest of the U.S. in 1978. Here's how it worked:

In brief, I'd buy a copy of the Circle of Gold letter from you for $50 cash, and then mail $50 to the name at the top of the list, for a total outlay of $100. I'd then make two copies (removing the name at the top of the list an inserting my own at the bottom) and sell each for $50 to friends/family, for a total of $100, thus breaking even. The buyers in turn made copies and sold them on, the chain continuing. At some point my name would arrive at the top of the list and the money would begin to arrive in my mailbox.

Law enforcement declared the Circle of Gold letter to be illegal. But there was little they could actually do to stop it.

Chain letters like Circle of Gold may be difficult to eradicate, but they suffer from two big problems. I'll explain each of these problems, and also show how they were eventually fixed.

If decentralization is a chain letter's greatest strength, it is also the root cause of its main weakness. A buyer of a Circle of Gold letter had an incentive to break the rules by sneaking their name to the top of the list. Without a centralized administrator, there is no single authority who is powerful enough to prevent players from cheating.

Let's call this the dishonesty problem of chain letters. The dishonesty problem undermines a chain letter's credibility. If everyone knows that cheating will be rampant, why bother getting involved at all. Thus the odds of a letter widely propagating itself is always going to be quite low.

To help make a chain letter more transmissible, what is needed is some sort of procedure that solves the dishonesty problem while preserving decentralization.

Enter Mega$Nets.

Mega$Nets was an ingenious 1990s-era chain letter that relied on software to prevent cheating. Here's how it worked:

I buy a $20 Mega$Nets disk $20 from you
After booting up the software I'd be asked to input my name and address, which was now locked into the program
Before I could make copies of the disk, I had to mail $20 in cash to five others above me on the list. Once the $20 was received, these people would mail a code back to me.
Only after I had entered the codes into the software could I duplicate the disk and sell it for $20. If the chain grew and my name worked up the list, I'd eventually start receiving a stream of $20 payments in the mail.

Thus Mega$Nets software prevented names and addresses from being erased and preserved the list order. Importantly, it solved the dishonesty problem without compromising the decentralized nature of a chain letter. After all, Mega$Nets software ran independently on each individual machine, not from a central server.

Source: Donald Watrous's chain letter links

If Mega$Nets solved the dishonesty problem of chain letters, it didn't stay around very long. Eventually a programmer hacked Mega$Nets and figured out how to cheat the system. To undermine trust in the chain letter, he published his crack to the internet so that others could download it.

But even if a chain letter manages to solve the honesty problem, it still suffers from another big weakness: lack of fungibility.

Fungibility is the idea that all members of a population are perfectly interchangeable with each other. Rice is fungible because one grain of rice is pretty much identical to another. My Tesla shares are fungible with yours. Dollar bills are fungible.

But positions in a chain letter like Mega$Nets are not fungible. A spot at the top of a chain is more valuable than a spot further down. And a spot on branch A of the Mega$Nets chain may have a different value than a spot at an equivalent height on branch B of Mega$Nets.

This lack of fungibility impinges on a players' ability to sell their spot in the chain letter to someone else. With every position in a chain letter being radically different, it's a huge chore for potential buyers to evaluate the market value of any single spot. And so a healthy resale market for chain letter spots can never develop.

Why would we want to be able to sell out of a chain letter? One of the big attractions of buying stocks, ETFs, bonds, gold, or currency is that we can resell these instruments, maybe two minutes later, maybe two decades later. If we are locked into an investment forever, we probably wouldn't want to invest very much in the first place. Likewise with chain letters. If a spot in a chain letter can be easily resold at a later time, then making an initial investment in the chain letter becomes a much more attractive proposition.

But is it possible to design a fungible chain letter? And if so, can we also solve the honesty problem while preserving decentralization? It sounds impossible.

Enter bitcoin, the world's first honest & fungible chain letter.

The novelty with bitcoin is that all the spots in the list are created at inception.* New players can only join by purchasing a pre-existing position in the chain.** This approach is different from a more traditional chain letter like Mega$Nets or Circle of Gold. With Mega$Nets, the list is dynamic, not static. It starts out small and expands organically as people join up, append their name, and generate a new spot in line. No need to buy someone's position out. Just add your own.

By creating all spots at t=0, no spot is superior or inferior to the others. All bitcoin positions are fungible from the get-go. Not so with traditional chain letters like Mega$Nets, which operate on the principle that new spots are subservient to old spots.

As with all chain letters, people "win" at Bitcoin by being early. The difference is that with bitcoin, winning is achieved by being one of the first to buy up a spot in a fixed non-hierarchical list. With a traditional chain letter like Mega$Nets, winning is achieved by creating one of the first entries in a hierarchical list that lengthens over time. Either way, the earlier one arrives, and the more latecomers who join up down the road, the richer one gets.

Because every single spot on the bitcoin list is fungible, buyers can easily appraise the worth of any single bitcoin (i.e. chain letter spot). And so a robust secondary market for bitcoins has developed where early bitcoin players fluidly auction off their positions to newer players. This marketability is one of the things that has turned bitcoin into such a contagious chain letter.

Bitcoin doesn't just solve the fungibility problem. It also fixes the honesty problem. Bitcoin software ensures that it is impossible for anyone to conjure up a new spot on the bitcoin list, or re-arrange the distribution of existing spots. (Some people describe this as solving the double-spending problem of electronic cash, but in this blog post it is the honesty problem of chain letters that is being fixed).

Finally, bitcoin achieves all this while being just as decentralized as its chain letter predecessors. 

Bitcoin is decentralized because individual participants can buy and sell bitcoin (i.e. spots in the list) in bilateral pairwise meetings. No need to rely on a central planner to distribute funds from late entrants to early birds. Secondly, much like Mega$Nets software, bitcoin software is deployed on thousands of computers all over the world. No central server. So like its traditional chain letter predecessors, bitcoin is very difficult for the authorities to attack.

In conclusion...

At first blush bitcoin seems like an entirely novel financial technology. But as I suggested in my post, it's just a meaner & badder version of chain letters like Circle of Gold and Mega$nets. 

What is revolutionary about bitcoin is how it has modified the chain letter model in order to solve the honesty and fungibility problems. Until bitcoin arrived in 2009, we had never seen the full capabilities of the chain letter model. Sure, chain letters regularly popped up, but they never lasted for more than a year or two. If anyone played them, it was weirdos like Uncle Bob's cousin's strange friend.

By solving the dishonesty and fungibility problems, bitcoin has radically dialed up the contagion factor for chain letter technology to a degree never experienced before. Bitcoin has become the first chain letter to go mainstream. It is the first chain letter to go global. Your sister is playing, your cousins are in, and so is your neighbour. We've almost arrived at the point where the normies are the folks who play bitcoin. The abnormal ones are those who haven't secured a spot in line.


*Bitcoin has a 21 million cap. These 21 million coins were not created at inception. However, the protocol sets out the rules for their creation ahead of time.

** Players can also join by "mining" bitcoins. Mining is one of the processes that updates & secures the chain letter. Computers that engage in mining are rewarded with new bitcoins and/or a small fee out of the existing stock of bitcoins.

Monday, March 15, 2021


1. Over the last month or two I've been following an interesting archaeological debate over the discovery of coinage. I thought I'd share it with you.

2. It's generally accepted by archaeologists and numismatists that the first coins were invented in Lydia, modern day western Turkey, in the 7th Century B.C.E. (i.e. 610 B.C.E. or so). The idea quickly spread to Greece. The Lydians used electrum, a strange silver/gold mix, to make their discs. (I wrote about electrum coins here). I've included an example below.

Electrum coin from Ephesus, 625–600 BC [Source]

We don't know exactly why the Lydians used electrum, or even if they treated their discs in the same way that future generations would use coins. But when the Greek city states copied Lydian coinage in the 6th Century, they didn't use electrum. Their coins were pure silver.

3. Lydia's electrum coins aren't the topic of this post. The debate that I'm going to describe revolves around the belief among some archaeologists that a form of proto-coinage had been invented prior to the Lydians and their electrum coins. This proto-coinage came in the form of sealed and regulated bags of hacksilver (more on hacksilver later).

Others archaeologists disagree. They are adamant that Lydia remains ground zero for coinage.

For lack of better terminology, I'll call the first group of archaeologists, those who think there was a predecessor sort of coin, the proto-coiners.

So relax and follow along.

4. By the way, mine is an outsider's account on the archaeology of money and coinage. I am not an archaeologist, so I will certainly get a few things wrong. Nevertheless, I am hoping that my regular monetary economics readership will enjoy learning how archaeologists attack the problem of money.

5. How popular was silver in ancient society?

"Silver served as the main measure of value, the means of payment and credit, and as an indirect form of exchange in Near Eastern economies from the mid-3rd millennium onward," write archaeologists Tzilla Eshell, Ayelet Gilboa, Naama Yahalom-Mack, and Ofir Tirosh (Eshel et al) in a 2018 article entitled Four Iron Age Silver Hoards from Southern Phoenicia. The Near East is a catch-all term for modern-day Israel, Iraq, Iran, Jordan, and Syria. I will return later to Eshel and coauthors' paper.

Morris Silver, an economist who researches ancient economies, describes Mesopotamian texts of the middle of the second half of the third millennium that show silver being used by street vendors, to pay rent, purchase dates, oil, barley, animals, slaves, and real estate.

According to archaeologists Seymour Gitin & Amir Golani (2004), Assyrian economic texts from the 7th C B.C. show that the majority of all types of payments were already being made in silver, including those for tribute, craftsmen obligations, and for conscription and labor commutations.

Cuneiform tablet, loan of silver [Source: The Met]

The Old Assyrian cuneiform tablet above from around 1900 B.C.E. says that 6 minas (c. 3 kg) of silver are owed by two men to the merchant Ashur-idi. One third of the loan must be paid by the next harvest and the rest at a later date. If it is not repaid by that time it will accrue interest charged at a monthly rate.

6. If silver had already become a sort of medium of exchange sometime between 3000 B.C.E. and 2000 B.C.E., it wasn't in coin form, but as hacksilver. By hacksilver, what is usually meant by archaeologists is silver ingots, hacked pieces of ingot, silver scrap, and cut up bits of silver jewellery.

Below are some examples of hacksilver:

7. One reason for the hacking or cutting-up of silver may have been to make small change. If 2 grams of silver was required to make a payment, but a payee only had a single 10 gram ingot, then a small part of it had to be cut off.

8. Another less obvious reason for hacking, suggested by Eshel & coauthors, is that it may have been a way for merchants to check for quality. Pure silver is soft. Mixing copper into silver makes for a harder ingot. A solid smash to the ingot may have been the accepted way of verifying whether an ingot was good silver or not.

9. It wasn't till 610 BC or so that the Lydians made the first coins. So for over a thousand years, silver circulated as a medium of exchange, in hacked form.

10. The big innovation with coins is the stamp. Because we trust the issuer's brand, we needn't weigh out or assay (i.e. smash/hack) silver prior to engaging in trade. So trade was much more fluid.

If you think about it, branding metal is a pretty big step for a society to take. It means that laws, norms, and institutions have become established enough for people to be confident in something as abstract as an issuer's emblem. Too much fraud, warfare, and lawlessness, and branding breaks down—you've got to go back to weighing and hacking silver yourself.  

11. The proto-coiners don't agree that Lydia was the first to "brand" silver. They suggest that bagged and sealed hacksilver was already circulating in a way similar to coins. Some authority, perhaps a government administrator or a merchant, pre-weighed a certain amount of good hacksilver, bagged it, and affixed their seal to it. And so anyone who was offered the bag in trade could treat it just as they would a coin. As a verified amount of silver, it needn't be weighed or hacked. The bag would have been accepted according to whatever information was inscribed on the seal.

12. If the proto-coiners are right, that means our ancestors were better monetary innovators than we originally thought. It pushes the effective date of coinage technology back by 500 or so years.  

13. It's a fascinating debate, especially because it invokes a set of mysterious old hoards that archaeologists have discovered over the years. These hoards are typically hidden in clay jars underneath the floors of houses by their owners, probably for safekeeping. And then they were forgotten or some disaster befell their owner, only to be rediscovered thousands of years later. Who were these people? Why did their hoard get forgotten?

14. One of the key hoards around which the debate revolves is the Tel Dor hoard, which was found north of Haifa in Israel. It was excavated in the 1990s by Ephraim Stern, an Israeli archaeologist at the Hebrew University of Jerusalem. One element of the Dor hoard is an old jug filled with silver, below.

The Tel Dor hoard (a) as displayed in The Israel Museum and (b) in situ, looking east [Source: Eshel et al]

15. Stern's description of this jug (published in this 2001 paper) quickly filtered into the archaeological community. Christine Thompson, archaeologist and co-founder of the Hacksilber Project, used Stern's findings to build a proto-coinage argument. It's worth getting into the details of her argument (and subsequent rebuttals) to see how archaeologists think. You can find it in her 2003 paper, Sealed Silver in Iron Age Cisjordan and the ‘Invention’ of Coinage.

Thompson (channeling Stern) tells us that the Tel Dor hoard dates to somewhere between 1000 B.C.E and 900 B.C.E. The hoard consists of a jug containing 17 bundles of hacksilver wrapped up by linen cloth (see photo of one of the bundles below).

16. Together the silver weighs 8.5 kilograms, which at today's silver price is worth around $8,000. But that's not a great way to think about how much this hoard was worth. According to a very readable article by Tzilla Eshel, a half-gram of silver was equivalent to a day-worker's wage. So the entire hoard was the equivalent of forty-six years of labour. In modern day terms, that would value the purchasing power of the hoard at well above $1 million.

17. Stern has speculated that the hoard may have belonged to a Phoenician merchant who used the silver to build and equip ships, or to buy merchandise for eventual exchange with countries in the western Mediterranean.

18. Most of the linen wrapping in the Tel Dor hoard has long since disintegrated. Thompson notes that the bundles were closed with bullae, or clay seals. (See below). But these seals do not contain a name, just a pattern.

One of the silver bundles found at Tel Dor, and an illustration of a clay bulla, or seal. Source: Ephraim Stern in The Silver Hoard from Tel Dor [pdf]

19. If the bundles found in the Dor hoard were treated by their owner as coins, then one would expect them to weigh a standard amount, just like all modern nickels and quarters weigh the same. And that is the gist of Thompson's argument. According to her, the 17 bundles all appear to be the same weight. .
20. One of these bundles had been removed by Stern to be weighed. It registered at 490.5 grams. Thompson suggests that this 490.5 grams might align with usage of the Babylonian shekel unit of account. Under this archaic weight standard, each shekel weighed 8.3g, and 60 shekels was worth 1 mina. Thus a mina would have weighed 500 grams.

So the 490.5 gram bundle found at Dor comes close to an even mina. It's as if the bundle was a very large denomination mina coin. Thompson attributes the missing 10 or so grams to loss of a few small pieces due to disintegration of the cloth.

21. The purity of the Dor hoard is quite high, notes Thompson, suggesting that the bagged silver, like a coin, had been checked and regulated.

22. Thus Thompson has created a plausible theory about bags of silver being treated as coins. Like a coin, the sealed bags of hacksilver found at Dor had a certain purity and weight. Presumably people who received them in payment didn't have to weigh the silver. Nor did they have to assay the silver by hacking or smashing it.

23. It's a convincing theory. Now for the counter-theory.

24. Raz Kletter, an archaeologist at University of Helsinki, is not convinced by the idea of a proto-coinage. In a 2004 paper, he points to the nearby Tell Keisan hoard, dated to around 1000 B.C., which also contained wrapped hacksilver bundles. The hoard includes 6 or 7 bags of cloth, says Kletter. Two of them weighed in at 24.5 and 25 grams, suggesting that they may have conformed to the same denomination. But two of the other bags measured at a 32 and 100 grams respectfully, which muddies the waters. Moreover, Kletter says that the weights of the bags does not correspond clearly to any known standard of weights and measures.

25. Tel Dor hadn't finished telling its story, either. Recall that at the time Thompson was writing, 2003, only one of Dor's 17 bundles had been weighed. It came in at 490.5 grams, and Thompson ascribed to this bundle the possible value of a clean mina of 500 grams, less a few grams due to thousands of years of wear and tear.

But in 2018, Eshel & co-authors opened a second Dor bundle. They found that it measured just 420.6 grams, which doesn't conform as closely to a mina. So that undermined some of the arguments in favor of proto-coinage.

26. That's not all. Eshel & co-authors did a chemical analysis of four hoards including both Tel Dor and Tell Keisan. Recall that Thompson suggested that the purity of Tel Dor silver indicated a degree of regulation, much like a mint controls the silver content of a coin. But Eshel & co-authors found that the silver from Tell Keisan, though "piously" packed in sealed bundles, was not so pure. It contained large amounts of copper, suggesting that it was a forgery. (See photo below). If the whole point of bagging and sealing was to create a trustworthy medium of payment, the deliberately-alloyed Tell Keisan silver seems to contradict this.

A bundle of hacksilver from Tel Keisan. Its green colour betrays its copper content. When silver corrodes it tarnishes black, but copper produces a green rust. Source: The Torah

27. This collection of counter-observations somewhat weakens the argument for an early proto-coinage in the Near East. But there are probably plenty of yet-to-be discovered hoards. Who knows, perhaps the next one will contain bundles of provably standardized hacksilver. It certainly is a provocative idea.

28. If the role of bundling and sealing of hacksilver wasn't to create a proto-form of coinage, than what was its function? Eshel & co-authors suggest that bagging was little more than a convenient manner of storing one’s wealth. Taking out a single cloth bundle and weighing it would have been much less awkward than removing individual pieces one-by-one and weighing them. 

If you're interested in learning more about the ancient hacksilver economy, I'd suggest reading How Silver Was Used for Payment, recently published in The Torah. Tzilla Eshel, the archaeologist who co-authored one of the papers I cite in my blog post, is the author and has written it with the lay-person in mind.