Wednesday, December 28, 2022

Let it burn


I sympathize with parts of the let it burn thesis. The thesis goes a bit like this:

Crypto is mostly gambling. It provides very little of social value, and may even be a net negative. The recent collapse of the FTX crypto exchange is illustrative of this. It would be a travesty for us to wade in after the fact and lever public resources to regulate crypto. To do so would grant undeserved credibility to the stuff. Thankfully, the collapse of FTX didn't spread into the real economy. Let's keep crypto unregulated and isolated. Leave it to die of its own accord.

Four quick push backs:

1. Crypto is not going to burn down because of FTX. We know this because it has already collapsed multiple times (2011, 2014, 2018) yet each time people come back and want to play the Dogecoin or Shiba Inu or Bitcoin games. Dozens of crypto trading venues have collapsed over the last decade due to fraud and incompetence, yet burnt customers keep coming back to the table to play. 

Crypto is fun and exciting. It's here to stay. Maybe it's time to set up some guard rails.

2. Yes, crypto is mostly gambling. But we already allow all sorts of gambling activities, including sports betting, online casinos, and speculation on double-leveraged VIX ETFs. We set requirements on providers of these activities in order to protect users from fraud and wrongdoing. Let's do the same for crypto.

Start with the venues that facilitate crypto gambling: so-called "exchanges" like Kraken, Binance, Crypto.com, and Coinbase. These platforms provide both brokerage and exchange services, combining two functions that regular finance has traditionally separated. Require these crypto broker-exchanges to comply with the same basic consumer financial protections that currently apply to non-crypto brokers and exchanges. This includes segregation of customer funds, third-party custody, regular auditing, and insider trading prevention.

The idea is to let people engage in risky gambling, but to do so as safely as possible.

Canada and Japan have already taken these steps. That's why Canadians and Japanese are much less likely to be on the list of those hurt by FTX's collapse than folks in Australia and U.S., which haven't yet gone down the road to regulating crypto broker-exchanges.

3. The failure of a casino or sport-betting site is rarely systemic. Likewise, regulated crypto venues will probably never pose significant systemic risk. Even if a crypto venue were to somehow became so integral to finance that its failure would be catastrophic, we have tools for this, like designating venues as systemically important financial institutions.

4. It's possible that the value that crypto provides to society one day transcends gambling. Crypto could  become a way to get a consumer loan or finance a startup. If so, better to hold a given type of crypto venue to whatever set of regulatory standards are the most appropriate, and do so now rather than later. If a crypto platform quacks like a bank, for instance, then regulate it as a bank, perhaps tailoring the rules a bit here and there to account for the peculiarities of crypto. If it quacks like a broker-dealer, then regulated it as a broker-dealer.

Tuesday, December 20, 2022

Six reasons why FTX Japan survived while the rest of FTX burned


[This is a reposting of my latest article for CoinDesk. Since writing the article, FTX has announced that it will be selling the few solvent subsidiaries it owns, one of which is FTX Japan. Meanwhile, other FTX spot exchanges, including FTX US, remain mired in bankruptcy. The potential for a quick transition to new management is just one additional data point that illustrates the relative advantages of Japanese crypto regulation.]

Japan Was the Safest Place to Be an FTX Customer

As regulators look to regulate exchanges in light of the FTX's collapse, they would do well to look to Japan, which has some of the most mature rules in the world. 

FTX was a massive hydra with subsidiaries across the globe. Amid FTX’s failure and entrance into bankruptcy court, one of these subsidiaries appears to be relatively unscathed: FTX Japan. Assuming FTX Japan makes it through, here are some things that other nations can learn from Japan’s experience. 

FTX Japan is a Japanese-based crypto exchange, formerly known as Liquid, that Bahamas-based FTX purchased in early 2022. Whereas the customers of most FTX entities are in limbo, FTX Japan says that it is close to paying out its customers in full:

"We have put together a plan for the resumption of withdrawal service, which has been shared with and approved by the new FTX Trading management team. Development work for this plan has already started and our engineering teams are working to allow FTX Japan users to withdraw their funds."

Japanese customers' cash and crypto will not be bogged down in U.S. bankruptcy proceedings given "how these assets are held and property interests under Japanese law," the exchange says. Meanwhile, the funds of customers of the flagship Bahamas-based exchange, FTX International; Chicago-based FTX US; and FTX Australia remain stuck in bankruptcy limbo.

What is it about Japan that may end up allowing Japanese customers of FTX to get their money before anyone else?

In brief, careful regulation of crypto exchanges.

Spurred by the failure of Mt. Gox in 2014 and the 2017 hacking of Coincheck, both Tokyo-based exchanges, Japan's Financial Services Agency (FSA) established a broad set of standards for crypto exchanges, or what it defines as Crypto Asset Exchange Service Providers (CAESP). The FSA is also responsible for overseeing banking, securities and exchanges, and insurance sectors.

Here are six key elements of the FSA's framework for overseeing crypto exchanges:

1. Japanese crypto exchanges must segregate customer fiat and crypto from the exchange's own crypto. That is, they can't deposit the exchange's own operating funds into the same account, or wallet, as their customers' funds.

A separation of funds reduces the scope for fraud. For example, it would have been easier for FTX executives based in the Bahamas to raid customer funds held at their Japanese subsidiary if those funds were mingled together with FTX's corporate money.

2. Going beyond segregation, Japanese exchanges must entrust customers' fiat money balances to a third-party Japanese institution – a trust company or bank trust – where they are managed by a trustee with customers designated as the beneficiaries.

By interposing a third-party trustee between FTX Japan and its customers, regulators would have reduced the latitude for FTX insiders to tamper with Japanese customers' cash.

Another advantage of a trust requirement is that it adds a layer of protection in the event of bankruptcy. Storing customers' funds with a third-party trustee prevents them from being diverted into a general pot where they can be claimed by an exchange's other competing creditors.

Other countries are less stringent. Take the U.S., for instance. U.S. exchanges, including FTX US, operate under state money transmitter law. While some states do require money transmitters to keep customer funds in a trust but many don't, including Florida, Pennsylvania and Georgia. This lack of a trust company layer may be one reason why FTX US customers haven’t heard a peep about getting their money back.

FTX Japan claims to be holding 6.03 billion yen worth of customer fiat in trust, or US$44 million.

3. A more explicit bankruptcy protection stipulates that customers of Japanese exchanges are entitled to receive payment in priority to general creditors in the case of bankruptcy.

Customers are creditors of an exchange. They own an exchange-issued IOU. But a crypto exchange may have other creditors including bond holders, bank lenders, suppliers or other subsidiaries holding inter-company debts. When an exchange goes under, all of these IOU owners are desperate to get some of the remaining crumbs. Putting customers at the very front of the line of creditors is a way to protect them.

Compare the luxury of being a Japanese customer of FTX to the plight of Australian customers of FTX. To their horror, they recently found themselves competing with the parent company, FTX Trading, for part of the Australian bankruptcy estate.

4. The FSA requires Japanese exchanges to keep at least 95% of customers' crypto in cold wallets. Because cold wallets are not connected to the internet, they are more secure against hacking and internal fraudsters.

FTX Japan claims it currently holds 3,194 bitcoin (BTC) in cold wallets, as well as 16,418 in ether (ETH), 64.1 million XRP and a handful of other assets.

Many exchanges in unregulated jurisdictions already use cold wallets (although probably not for 95% of their customers' funds). However, smaller exchanges may use other exchanges such as FTX to store customer funds rather than their own cold wallets.

Australian exchange Digital Surge, with around 30,000 customers, recently entered into voluntary administration because it kept a significant amount of money on FTX. Huobi lost $13.2 million worth of customer funds that it had stored on FTX, while Crypto.com had $10 million in exposure.

Japan’s 95% cold wallet rule helps protect against such losses, as does the following 5% rule:

5. For the 5% of customer's crypto that can be kept in a less-secure hot [internet connected] wallet, Japanese exchanges must "back" each unit of hot-walleted crypto with exchange-owned crypto held in a segregated cold wallet. So, for example, if an exchange holds 5 BTC of customer funds in a hot wallet, it must hold another 5 BTC of its own personal coins in reserve, for a total of 10 BTC.

The FSA refers to these reserves as an exchange's performance-guarantee assets. If there are any inappropriate leakages from hot wallets, the exchange's reserve must be used to make customers whole.

6. Lastly, all of these rigid requirements must be verified by an external watchdog.

Each Japanese exchange must undergo a yearly "audit of separate management" whereby a public accountant examines that each of the above requirements for holding assets are abided by. That is, the auditor verifies that all customer fiat money is being held in trust, that customer funds are segregated from exchange funds, that at least 95% of all crypto is held in a cold wallet and that the exchange is holding an appropriate amount of performance guarantee assets.

FTX Japan customers haven't received their funds back yet. So we don't know for sure if they’ll be made whole. But initial indications suggest they will be. If so, credit goes to the six preceding protections afforded to customers of Japanese exchanges.

In response to FTX's failure, many jurisdictions are already scrambling to fashion their own regulations for crypto exchanges. They should be watching Japan closely.

Saturday, December 17, 2022

How cryptocurrency exchanges peg stablecoin prices

An example of a stablecoin peg from the now defunct FTX US [source]

This post is for anyone who is curious how cryptocurrency exchanges and stablecoins work behind the curtains. It's common knowledge that stablecoin issuers like Tether, Paxos, and Circle run pegs. What isn't commonly known is that crypto exchanges like Binance (and the now-failed FTX) also run their own versions of stablecoin pegs.

Stablecoin issuers like Tether anchor, or peg, the value of their tokens to $1 in fiat dollars, and use their dollar reserves to enforce that peg. Another way to think of the process of pegging is to take two heterogeneous things and use economic resources to make them homogeneous, or fungible, with each other in terms of price.

Exchanges such as Binance peg stablecoins in two ways:

1) Pegging multiple stablecoins to each other

Most crypto exchanges do not peg stablecoins to other stablecoins. They let the price of stablecoins float, or fluctuate, against each other. That is, if you deposit 1 unit of USD Coin and 1 unit of Binance USD to an exchange, you don't get credited with $2. You get credited for a single unit of each heterogeneous stablecoin. The exchange rate between these two coins fluctuates on the exchange according to supply and demand.

FTX was the first exchange to move from floating to pegging stablecoins. Binance followed FTX when it adopted its own pegging mechanism this fall. Basically, Binance promises to treat heterogeneous stablecoins in a homogeneous manner, by allowing customers to deposit any amount of approved stablecoins at the exact same price; $1. Customers can also withdraw whatever stablecoin they wish from Binance at $1, in any amount.

The approved basket for both Binance and FTX includes USDP, USD Coin, Binance USD, TrueUSD, but not Tether.*

By promising to process all stablecoin transactions at a uniform rate, the former-FTX and Binance shifted from the traditionally passive let 'em float practice of dealing in stablecoins to setting, or administering, stablecoin prices.

Pegging a basket of stablecoins is more complicated than letting them float. It requires having sufficient reserves of each stablecoin in order to defend the fixed price. If Binance users all want to suddenly withdraw a certain brand of stablecoin, but Binance runs out of reserves of that type, then it'll have to temporarily suspend its peg, at least until it can acquire more of the in-demand stablecoin.

It appears that this was exactly what happened to Binance earlier this week. When customers wanted to withdraw large amounts of USD Coin, Binance ran out and had to temporarily suspend USD Coin withdrawals. "In the meantime, feel free to withdraw any other stable coin, BUSD, USDT, etc." wrote the exchange's owner, Changpeng Zhao. 

Later, Binance sent a massive chunk of its own Binance USD hoard to the issuer, Paxos Trust, for redemption into fiat US dollars, before turning those dollars back into USD Coin (by going through Circle, USD Coin's issuer). Binance's coffers refilled, it could thus reestablish its peg.

Let's move onto the second type of peg that exchanges set.

2) Pegging the same stablecoin on different chains to each other

Stablecoins of the same brand exist on different blockchains. Tether, for instance, exists on both the Tron and Ethereum blockchains, as well as a host of other chains. The same goes for USD Coin.

Exchanges always peg a given stablecoin across its multiple instances.

What I mean by that is exchanges allows customers to deposit any amount of Tether (on Tron) or Tether (on Ethereum), and the exchange will treat those heterogeneous deposits as a single homogeneous Tether unit. And when customers want to withdraw, they can withdraw any amount of TethersTron or Ethereumfrom that pot at the same fixed price.

But Tether-TRX and Tether-ERC are not homogeneous tokens. They are very different beasts, with different characteristics, use cases, and demographics. Exchanges could in principal treat each instance of Tether separately, letting them float against each other. So in a given minute a single Tether-on-Tron token might be worth 1.001 Tether-on-Ethereum token, and the next 0.998 according to supply and demand.  

Exchanges don't do this. They peg the two instances of Tether. Customers take this for granted, but it's thanks to these exchanges' pegs that a customer can deposit 1 million Ethereum-based Tether onto an exchange and three seconds later withdraw 1 million Tron-based Tether, all at a convenient fixed price rather than a floating one.

To maintain these intra-stablecoins pegs, exchanges must have sufficient reserves of all blockchain flavors of Tether. (And all flavors of USD Coin and Binance USD, too.) Sometimes you'll see an exchange accumulating too much of one type of Tether while running out of the other type, and it'll engage in a swap with in order to rebalance its reserves.

This is likely what happened to Binance this week, when it swapped a massive 3 billion Tether-on-Tron into 3 billion Tether-on-Ethereum. Too many customers we're withdrawing Ethereum-based Tether, and so it had to rebalance its reserves:

In the next section, I'm going to sketch out the bigger picture.

Crypto exchanges as stablecoin watchdogs

I generally think it's a good idea for exchanges to treat stablecoins homogeneously, both in the first way (pegging stablecoins to other stablecoins) and the second way (pegging a stablecoins across its multiple instance). Doing so makes things easier for customers. Could you imagine, for instance, if exchanges didn't peg the different flavors of Tether, USDC, and BUSD? You'd end up with dozens of different stablecoin exchange rates:


But creating a stablecoin standard isn't costless. Exchanges need to devote resources to constant management of their reserves. If they make a mistake, as the case with Binance this week, they end up looking bad.

Pegging stablecoin to other stablecoins opens exchanges up to credit risk, too. If a given stablecoin suddenly collapses, exchanges that let stablecoins float needn't worry about a thing. They can continue accepting deposits of the failed coin at its market price. 

Not so exchanges that administer stablecoin prices. Traders will rapidly send the now worthless stablecoin to any exchange that is still pegging it at $1. To prevent the danger of becoming a sop for failed stablecoins, exchanges like Binance have to constantly surveil the stablecoins in their basket for credit risk.

In the grand scheme of things, this is probably a good thing. It deputizes exchanges as stablecoin watchdogs. Since exchanges have significant resources and insider knowledge, they are probably better at analyzing stablecoins for credit risk than outsiders like myself. Binance's basket of fungible stablecoins becomes a signal to the market of what stablecoins are safe.

We already saw an example of this stablecoin watchdog role in action not too long ago. A stablecoin called HUSD began to wobble in August:

After regaining its peg, HUSD outright failed in October, collapsing from $1 to a few pennies. 

The collapse seemed to come out of the blue. No so. FTX, the first exchange to peg stablecoins, had quietly removed HUSD from its stablecoin basket in early August, tipping anyone who was observing that something was up. 

However, if there are ecosystem-wide benefits to exchange stablecoin pegs, there are also drawbacks. Exchanges that treat stablecoins homogeneously (and thus take on credit risk) may do a poor job of it, and thus the fallout from a major stablecoin failure could spread to exchanges, an isolated failure becoming a systemic one. The benefit of the traditional practice of letting stablecoins float is that it renders the crypto exchange system more immune to the systemic risk stemming from the failure of a stablecoin.


*Why is Tether not included in these stablecoin baskets? One theory is that exchanges like Binance and FTX are acting as watchdogs and don't want to include Tether because of its unique credit risk. That's possible, but I think it's more likely that they don't want to include Tether because managing Tether reserves is too costly. This cost arises from the fact that Tether charges a 0.1% fee on all withdrawals and redemptions of Tether tokens. Other stablecoins provide this service for free. As long as this fee exists, it's just not worth it for exchanges to include Tether in their basket.

Monday, December 12, 2022

 Are U.S. banks more competitive than Canadian banks?

Over the years I've had a lot of connections to the Bank of Montreal. I'm a disgruntled ex-customer, a fairly happy shareholder, and a former employee. I stopped being a customer after the Bank of Montreal began charging me monthly fees in the middle of the pandemic without telling me, and I didn't notice for over a year. They refused to refund the fees, so I walked.

In any case, given my multiple interactions with the Bank of Montreal, I try to keep tabs on what it is doing. I was glancing through the bank's 2022 annual financial statement and stumbled on the following notable table:


Source: BMO. P&C refers to personal & commercial banking


The bits that struck me are in yellow. Bank of Montreal's net interest margin is much higher in the U.S. than Canada. By way of background, Bank of Montreal is fairly unique in that it operates as a sizable commercial bank on both sides of the U.S.-Canada border. So its data, including its margins, provides some interesting insights into the fundamental differences between U.S. and Canadian banking.

Net interest margin is a measure of how much a bank is squeezing out of its customers. To calculate it, start by counting up how much money a bank makes in interest on its loans. Then subtract from that its interest costs: all the money it pays out to depositors in the form of interest. That difference is the bank's net interest. Divide net interest by all of the money it makes on its loans to get net interest margin

Banks want higher margins. Their customers don't. The higher the net interest margin, after all, the more interest the bank is extracting from its customers.

In Bank of Montreal's case, its margin in the fourth quarter is 3.88% in the U.S. and 2.66% in Canada. So for every $100 it lent, the bank collected net interest of $3.88 in the U.S. but just $2.66 north of the border. In short, Bank of Montreal was much better at squeezing Americans than Canadians in 2022. That difference in margins doesn't sound like much, but repeated over billions of dollars it comes to quite a gap.

This isn't a fleeting phenomenon. I glanced over the last 10-years of Bank of Montreal financial data, and its U.S. net interest margin has been consistently superior to its Canadian margin over that entire period.

This goes against my long-standing stereotype of Canadian vs U.S. banking, which goes a bit like this:

I've always thought that it was better to be a U.S. banking customer than a Canadian one. Canada once had a fairly vibrant banking sector, but after many waves of mergers and acquisitions it has consolidated to the point that we've really only got five big bank. Everyone refers to them as an oligopoly. Everyone. I recall that even the Bank of Montreal's in-house bank equity analyst routinely referred to Canada's big 5 as an oligopoly in his research reports.

To make matters worse, Canada prevents foreign competitors from entering and stirring up the pot.

But America is huge and thus capable of supporting a much richer range of banks. For instance, the big 5 Canadian banks hold assets equal to 2.5 times Canada’s gross domestic product, but the assets of the five largest U.S. banks amount to just 0.4 times of that country’s GDP. See the chart below:

This lack of concentration means that U.S. banks don't have the same oligopolistic stranglehold over Americans that Canadian banks do.

On top of that, U.S. commercial culture is more cutthroat than Canada. Whereas foreign banks are locked out of Canada, they can freely enter the U.S. market. And so I saw the U.S. as an arena for ferocious bank competition, with customers benefiting in the form of better services and higher interest rates. Meanwhile, we Canadians are getting stiffed by our banks.

But after looking Bank of Montreal's net interest margins, I'm not so sure about my stereotype. A lower net interest margin in Canada means that the bank is extracting a smaller pound of flesh from its Canadian customers, which suggests more banking competition up here, not less.

Incidentally, net interest margin doesn't include those pesky user fees we all hate, or what Bank of Montreal calls non-interest revenue. And we know that the Bank of Montreal ruthlessly skins its customers for fees; after all, that's why I closed my account. However, even after adding Bank of Montreal's non-interest revenues to its net interest income on both sides of the border, its Canadian banking business still only sports a margin of 3.5% in fiscal year 2022 compared to 4.5% for its American business.

That is, even after accounting for pesky user fees, Bank of Montreal is still gouging its American customers more than it gouges its Canadian ones.

Admittedly, Bank of Montreal provides just a single data point. So I cast around for more data, and stumbled upon a database called Bankscope, hosted on the Federal Reserve's FRED. Bankscope is a popular source of bank balance sheet information among banking economists.

Here is what U.S. and Canadian net interest margins from Bankscope look like:

Chart source: FRED

It confirms my Bank of Montreal anecdote. Going back to 2000, banking net interest margins in the U.S. have been consistently higher than in Canada, and by quite a large amount.

To sum up, given the preceding data I may have to revamp my conceptions of Canadian and U.S. banking. It's true that we have an incredibly concentrated banking sector up here in Canada, with the big 5 controlling an outsized chunk of the market. Paradoxically, this "oligopoly" doesn't translate into higher net interest margins for Canadian banks. Margins are actually more elevated in the the hotbed of capitalism, the U.S., even though its banks are far more diffused. This margin difference suggests that competition among banks is more strident north of the border than south of it. 

In short, although the bastards at the Bank of Montreal skinned me for a bunch of fees during the pandemic, the bigger picture is that it's better to be a customer of a Canadian bank than a U.S. one.

Wednesday, November 30, 2022

Let's stop regulating crypto exchanges like Western Union


[This was published last week at CoinDesk]

The collapse of cryptocurrency exchange FTX has been gut-wrenching for its customers, not only those who used its flagship offshore exchange in the Bahamas but also U.S. customers of Chicago-based FTX US.

But there is a silver lining to the FTX debacle. It may put an end to the way that cryptocurrency exchanges are regulated – or, more accurately, misregulated – in the U.S.

U.S.-based cryptocurrency exchanges including Coinbase, FTX US, and Binance.US are overseen on a state-by-state basis as money transmitters. Money transmitter regulation first emerged in the early 1900s with so-called "immigrant banks." Agents would collect funds from local immigrant communities in places like New York City and forward it by steamship to their families back in Europe and elsewhere.

To protect immigrants from fraudsters, states began to impose licensing requirements on money transmission agents. Each state (except Montana) has evolved its own set of money transmitter laws.

Household names like Western Union and MoneyGram are regulated as money transmitters. Oddly, PayPal was stuffed into this framework in the early 2000s. (It currently boasts money transmitter licenses from 49 states). And then, in the 2010s, crypto exchanges were subsumed under it. (Coinbase has 45 of them.) Later, stablecoins like USD coin were anointed as money transmitters.

In essence, money transmission has become the go-to bin for a motley crew of "new financial things that people are using that we don't know how to regulate."

The problem is that the public protections afforded by money transmitter law are inadequate. Dan Awrey, a professor at Cornell University, has documented some of these failings, which include lax bond security requirements, tiny capital requirements, an insufficient "ring fencing" of customer funds in the case of bankruptcy and an overly permissive list of investments to which transmitters can deploy their customers' funds.

The inclusion of crypto exchanges under the money transmitter framework is particularly perplexing. Exchanges like FTX US and Coinbase offer brokerage services and liquid marketplaces for trading. In many cases, these exchanges store a significant chunk of customer’s life savings, for long periods of time. Brokerage and trading are typically the domain of beefier federal agencies like the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), which have far stricter rules than money transmission agencies, particularly around custody.

So, to review, crypto exchanges are being regulated in the same manner as the neighborhood money transfer shop, which typically only handles small $200 cash transfers and rarely holds customer funds longer than overnight.

The unfortunate failure of one of these money transmitters, West Realm Shires Services Inc., may be the final straw for this rickety arrangement. West Realm Shires Services is the official name for FTX US, a large spot exchange that serves around 1 million Americans. On its website, FTX US lists the 40 money transmission licenses it has been awarded. For states where it has no licenses, like California, FTX US presumably uses a rent-a-license agreement, whereby it contracts with a third party to ride shotgun under its licenses.

When Sam Bankman-Fried’s 160-company FTX octopus was put into bankruptcy last week, the FTX US spot exchange was one of the entities that found itself on the list. Not only are customers of FTX US embroiled in what could very well become a multiyear bankruptcy process. Thanks to the patchy protection that money transmitter licenses afford to FTX US customers, there is a good chance that when this process finally winds up, customers also won't get their money back.

The bankruptcy status of FTX US stands in sharp contrast to those parts of FTX's U.S. operations that are regulated by the SEC and CFTC. FTX Capital Markets and Embed Clearing, which are both overseen by the SEC, remain solvent and are not listed as debtors in last week's bankruptcy filing. Neither is FTX-owned LedgerX, which offers crypto derivatives and operates under CFTC oversight.

It's too early, to be sure, but it appears that something about these three subsidiaries' SEC and CFTC oversight has afforded them – and their customers – enough protection to stay solvent.

In a different world, one where the FTX US exchange was regulated by the CFTC and SEC, might FTX US and its one million customers have been likewise spared? It's very possible.

Things didn't have to be this way. For two years now, SEC Chair Gary Gensler has been politely asking crypto exchanges like FTX US to submit to SEC oversight. But FTX US didn't listen. Nor did any of FTX US’ competitors. They kept coasting on their money transmitter licenses. And now FTX US customers appear to be in trouble. While exchanges certainly bear part of the blame for not complying, so does Gensler for not pushing hard enough for exchanges to come in and register.

There’s an easy fix. It's time for U.S. crypto exchanges to face the same rules as non-crypto marketplaces and brokers.

There's precedent for this in Canada. After the massive QuadrigaCX failure in 2019, securities regulators forced all Canadian crypto exchanges to register with watchdogs such as the Ontario Securities Commission, the closest thing that Canada has to the SEC. Canadian dollar balances at one exchange, Coinsquare, are even protected by the Canadian Investor Protection Fund (CIPF), the Canadian equivalent of the Securities Investor Protection Corporation (SIPC), which provides insurance to customers of failed broker-dealers.

This new and much more robust framework seems to have kept Canadians safe from a FTX-type failure. FTX International and FTX US, for instance, have been refusing to onboard Canadian customers for over a year now, much to Canadians’ benefit.

Arrayed against the idea of putting crypto exchanges under SEC or CFTC oversight are exchange executives, and you can see why. The local money transmission examiner is never going to be strict as a Federal securities watchdog.

Oddly, some crypto critics are also insisting that crypto exchanges remain unregulated. Economists Stephen Cecchetti and Kermit Schoenholtz, for instance, recently argued that post-FTX, the world should just let crypto burn. To regulate crypto would be to grant it unwarranted legitimacy, they say.

The problem with the let-it-burn view is that crypto has crashed and burned many times. Each time it roars back, only for more retail customers to lose all their funds to the next Mt Gox, Quadriga, or FTX US.

Time to get exchanges like FTX US and its competitors, including Coinbase, under a more appropriate regulatory umbrella before additional damage is done. Exchanges aren’t money transmitters, and shouldn’t be regulated as such. They’re much more than that.

Tuesday, November 29, 2022

A worthwhile Canadian stablecoin initiative


One interesting thing about stablecoins, the world's newest payments technology, is that they are almost all U.S.-dollar based. More than 99% of the $145 billion worth of stablecoins in circulation are denominated in dollars, the remaining 1% being mostly euro-denominated. 

Even though no significant Canadian dollar stablecoin has emerged to date, the Canadian government is beginning to think about these financial products. A financial sector legislative review of digital currencies -- including stablecoins -- was announced in the government's recent budget. I suspect that a big part of the review will involve trying to answer the question of how to regulate these new instruments.

A few quick thoughts on how we Canadians should regulate stablecoins.

1) There's nothing fundamentally new about stablecoins. All digital Canadian dollar balances are recorded on databases. In the case of a Bank of Montreal account or a PayPal C$ balance, those dollars are instantiated on an internal SQL or Excel database (or whatever database traditional institutions use). Stablecoin issuers opt for a different sort of database to record dollar balances: shared databases like Ethereum, Solana, and Tron. These blockchain-based databases are often described as decentralized, although it is disputable how decentralized they actually are.

But abstracting from the choice of database, stablecoins are just another instance of regular old finance.

Canadian financial regulations should, in principle, be database agnostic. And so in my opinion, all existing financial regulations that are currently applied to issuers of Canadian dollar balances should be passed on to Canadian dollar stablecoins, perhaps with a bit of pruning.

2) In the spirit of the database agnosticism that I set out in 1), OSFI-regulated banks and credit unions should be able to issue blockchain-based Canadian dollar balances (i.e. stablecoins) under all the same rules that they issue SQL-based Canadian dollar balances (i.e. deposits). Those stablecoins would be insured, too, up to $100,000.

Here's where the "pruning" comes in. Some thought will have to go into how to apply deposit insurance to failed stablecoin issuers. For instance, if $10,000 in failed Canadian dollar stablecoin units is locked up in a Uniswap contract, how will deposit insurance be applied? What happens if no one ever withdraws the coins to claim the insurance? How do the smart contracts of a failed stablecoin get turned off? What happens if the decentralized database itself fails?

Because smart contracts can be programmed, I think it's possible to solve most deposit insurance problems. Regulators like OSFI or CDIC might even go so far as to specify the exact code that issuers must include in their smart contracts in order to qualify for insurance.  

3) In addition to 2), non-banks should be allowed to issue uninsured stablecoins, perhaps under the emerging payment services provider license that the Bank of Canada will be administering.

There are some caveats. Non-bank stablecoin issuers should only be allowed to invest customer funds in safe short-term assets. They would also have to  keep customer funds ring-fenced in bankruptcy-remote structures, like trusts, so that if the issuer fails, customers will be guaranteed to get their money back rather than being treated like a regular unsecured creditor.

4) Lastly, regulators will have think about stablecoin anti-money laundering issues. 

Right now, popular stablecoin issuers like Tether and Circle only identify people who are redeeming stablecoins for "fiat" money or withdrawing stablecoins by depositing fiat. But the great majority of stablecoin transactions currently occur bilaterally between those who never go through a know-our-customer (KYC) process, much like physical cash. 

This "no-identity" model is a big part of what has made these stablecoins so popular. Users can rapidly deploy stablecoins across multiple decentralized financial protocols without having to go through the frictions of an onboarding process. Exchanges and other financial intermediaries can use stablecoins as a way to replicate U.S. dollar balances for their customers without having to establish formal banking relations.

But this cash-like treatment also makes stablecoins riskier. For instance, I recently wrote about a ponzi scheme called Meta Force which is using Dai stablecoins on the Polygon network for pay-ins and pay-outs. Thanks to the way that the stablecoin smart contracts have been deployed, and the lack of KYC, there is nothing to prevent the scammer who manages Meta Force from openly making use of these safe instruments to con his unwitting customers.

Canadian regulators will have to weigh the usefulness of a no-identity cash-like model against the risks of pseudonymity. 

There is one last risk to consider. Say that regulators choose to tolerate a cash-like model for Canadian dollar balances instantiated on blockchain-based databases like Ethereum and Tron while continuing to require full KYC on Canadian dollar balances instantiated on regular databases. The consequence could be mass regulatory arbitrage as financial institutions migrate over to the former in order to avoid the more onerous requirements of the latter.

Thursday, November 3, 2022

Reversibility on Ethereum


[CoinDesk published my article on reversible Ethereum transactions last month. I'm reposting it here for anyone who didn't have a chance to read it.]

Reversibility on Ethereum: The Benefits and Pitfalls

Imagine that one day you absentmindedly fall victim to a crypto phishing scam, the perpetrator stealing 10 ether (ETH) from you. Crypto transactions are final so there's not much that you can do, right?

Well, not so fast.

To ensure that stolen crypto gets returned to its rightful owner, a group of Stanford researchers recently raised the idea of introducing reversible transactions to Ethereum. If such a standard were to be adopted, your stolen 10 ETH could, in theory at least, boomerang back into your wallet, the frustrated thief being left out of pocket.

Reversibility would probably be a popular feature, especially among the risk-averse who have until now refused to adopt Ethereum. But there are costs to consider, too.With any payments system, tweaking one element to solve a particular problem means introducing a new set of problems somewhere else along the network. There's no such thing as a free fix. Let’s dig into what these costs are.

Crypto theft is everywhere, from large-scale exploits to small retail phishing scams. To make the crypto economy safer, Kaili Wang and colleagues have floated the idea of introducing an Ethereum token standard that allows transactions to be temporarily reversible. During that time period, say four days, a victim of a theft could appeal to a decentralized adjudicator to have their stolen crypto returned.

Satoshi Nakamoto, the creator of the Bitcoin blockchain, would be shocked. After all, Nakamoto's white paper can be read as a diatribe against reversible transactions. Financial institutions "cannot avoid mediating disputes," wrote Nakamoto, and as a result merchants must be "wary of their customers, hassling them for more information than they would otherwise need."

But the Stanford researchers don’t intend for Ethereum to be 100% reversible. People who don't like the idea of reversible tokens could continue to limit their interactions to non-reversible tokens. As for those who are intimidated by the high degree of expertise required to safely use Ethereum, reversible tokens could be the extra guardrail that draws them in.

Now the costs.

Welcome, reversal fraud

Payments systems involve many complex trade-offs. Solving one problem means adding another problem. A good way to think about this is in terms of the following too-small-blanket dilemma.

Say that you want to go to sleep but your blanket doesn't cover your toes. You pull it down, but now your neck is uncovered. You rotate the blanket to cover both your toes and neck, but now your shoulders are exposed. There is no perfect fix. You need to pick and choose what part of your body to cover and what part to leave exposed.

The same goes for payments. While reversibility may help reduce theft, the too-small-blanket dilemma dictates that it could open the network up to new problems, in particular forms of reversal fraud.

Credit card systems provide a good idea of what to expect.

Credit card owners can dispute card payments and have them “charged back,” or reversed. While this feature protects honest users from card theft, fraudsters take advantage of this feature by making purchases and then disputing the charge, falsely claiming they have not received the item or service. Merchants lose billions of dollars every year to credit card chargeback fraud.

Or take the example of PayPal. For risk-averse shoppers, the ability to dispute and reverse PayPal transactions is a helpful feature. But it has given rise to all sorts of PayPal fraud. In a PayPal overpayment scam, for instance, a scammer takes advantage of PayPal's dispute system to overpay a seller for something, then asks the seller for a refund of the excess. After the overpayment is returned, the scammer asks PayPal to reverse the original transaction. The seller effectively loses the overpayment amount.

PayPal or Visa could do away with overpayment scams and chargeback fraud by making all transactions non-reversible. But then their systems would become less friendly for risk-averse buyers, and adoption would suffer. It's the too-small-blanket problem.

So the price to pay for reversible Ethereum transactions is an inevitable wave of reversal fraud. The decentralized judicial system the Stanford researchers envisaged would quickly be flooded with scammers trying to take advantage of that very reversibility. Weeding out these scams would increase the judges’ overall adjudicating costs.

Providing a degree of protection from theft may very well be worth the hassles of reversal fraud. But the point to remember is this: There is a price to pay for introducing new features. Nothing is free

Not so fungible

Introducing reversibility to Ethereum would also have implications for fungibility. When something is fungible, assets are perfectly interchangeable. Fungibility is an attractive feature of a payment system. If all dollars are interchangeable, then it makes the dollar payments system easier to use.

Reversibility would split the Ethereum network in half. Rather than swapping reversible tokens with each other, sophisticated traders would mostly stick to non-reversible tokens. The prospect of having one's $10 million trade unwound because of an appeal by a previous owner for a reverse is just too risky.

But not-so-sophisticated users would probably choose the peace-of-mind of reversible tokens.

Splitting the network in half wouldn't be a big deal if the two token types traded on a 1:1 basis. Alas, they probably wouldn't.

Imagine that Jack owes 100 stablecoins to Jill. There are two ways that Jack can pay Jill, with reversible stablecoins or non-reversible ones. Jill will prefer the non-reversible ones. Reversible ones introduce the risk that a transaction will be unwound, leaving her out of pocket. And so she’ll tell Jack that he can either pay her 100 worth of non-reversible stablecoin or 105 in reversible ones. That’s non-fungibility.

As the four-day reversibility window comes to a close and the danger of a reverse ends, reversible stablecoins would move back to par with regular non-reversible stablecoins. But until then there would be two different prices for the same instrument.

It's another instance of the too-small-blanket dilemma. By adding a new layer of protection, an extra layer of confusion has been introduced.

The Ethereum network would still be usable. Much of the extra burden of non-fungibility would probably be borne by specialist risk appraisers, or brokers, who profit by buying consumers' reversible tokens at a discount (in exchange for non-reversible tokens), and holding them to maturity. As Satoshi suggested, these intermediaries may have to “hassle customers” for extra information in order to protect against reversals.

Even after considering the twin costs of non-fungibility and new types of Ethereum-based fraud, reversible transactions may still be worth it. While non-reversibility may be great for traders, corporations and the tech elite, the enduring popularity of PayPal and credit cards demonstrate that what regular folks want is safety. An opt-in reversible standard would create a warmer and fuzzier Ethereum, one that is more inclusive and attracts a wider range of users.

My gut feeling is, go for it.

Monday, October 31, 2022

The PayPal misinformation wars

If you ever glance through the acceptable use policies or terms of service of consumer-facing payments company like PayPal or GoFundMe, you'll see that they have incredibly long and stifling lists of prohibited activities. Why would these companies willingly turn away legitimate business? 

There are a bunch of reasons, but here are three important ones:

1) Some customers are a nuissance. Their businesses may suffer from high rates of payments fraud and/or frequent chargebacks, which means that it may not be to expensive for a payments company to connect them.  
2) The products that some businesses sell are semi-legal (i.e. marijuana) or potentially illegal (libelous publications), and so it's too risky to connect them.
3) Some businesses engage in activity that is legal but potentially controversial (like white supremacist lit or sex toys). The payments company that connects them could look bad, which means potentially losing customers, shareholders, or employees.


This is a pretty sensible set of reasons for prohibiting certain activities from your payments platform. However, if you're a businesses that has been barred by a processor, you'll certainly be upset, and understandably so. Payments are vital to any enterprise. Having as many competitors to choose from is important. To boot, being suddenly cut off is a pain; you'll need to scramble for an alternative.

When a payments firm enacts a new prohibition on a certain type of businesses, this in turn feeds into the political arena. In return for votes and funding, political actors offer support to particular companies and business lobbies. When their constituents are suddenly prevented from accessing a certain payments platform, these political agents loudly broadcast their displeasure. And so the acceptable use policies of companies like PayPal have become incredibly politicized documents. Progressives bellow when sex workers are cut off from PayPal. Republicans howl when firearms are disallowed.  

Case in point was the massive push back against PayPal which earlier this month updated its acceptable use policy to prohibit "misinformation." I've screenshotted the update below, with the changes being entirely confined to section 5. PayPal already fines customers $2,500 for engaging in prohibited activities such as selling cigarettes, hate literature, and items that are considered obscene. With this new update, PayPal would now be prohibiting anyone from using its platform to engage in fake news and would extend its existing $2,500 fine to infringers. [An archived copy of the policy update is available here.]


PayPal's updated acceptable use policy, since rescinded. The changes are all in section 5.

PayPal executives probably had good business reasons for wanting to prohibit misinformation from their platform. Last month conspiracy theorist Alex Jones was ordered by a judge to pay almost a billion dollars to his victims for fabricating fake news about them. With numbers as big as that being bandied around, lawyers at payments company have to be wary that they too could be pursued by the victims of misinformation for facilitating the disinformation attacks of their customers.

Not only that, but associating with a bad actor like Alex Jones could hurt the reputations of consumer-facing payments companies, leading to customers bolting.

Long story short, the legal, financial, and reputational risks of having fake news artists as customers are just too high for mainstream firm like PayPal, and thus the prohibition on misinformation was introduced into its acceptable use policy page.

But acceptable usage policies have become politicized, and so PayPal's move led to all sorts of outrage. Republicans were furious. Senators Bill Hagerty, Cynthia Lummis, Pat Toomey, and others expressing their "deep concern" in a letter to PayPal, subsequently broadcast across social media. A big chunk of the internet's many misinformation artists are their misinformation artists, after all, and need to be protected. 


Meanwhile, commentators like Glen Greenwald were upset by what they see as a PayPal attempt at "punishing dissidents in the West through exclusion from the financial system." Which I don't think is the right way to process the event. PayPal is a business. It doesn't refuse to serve a certain set of customers because of an ideology requiring it to punish "dissent from neoliberal orthodoxies." PayPal chooses to stop serving clients because it believes that this would reduce its income, adjusted for risk. While some "dissenters" are too risky for PayPal to serve, many dissenters aren'tand probably make for fine customers.

Greenwald's reliance on the word "banishment" also betrays a misunderstanding of how payments work. PayPal is a low-risk payments processor, not a high-risk one. There are other payments companies that do specialize in serving a riskier clientele. These firms will compete to reconnect the fake news sites that PayPal has decided to offboard. In short, there is no such thing as payments banishment.

In response to the push back, PayPal said that it would not be adding the misinformation clause to its acceptable use policy after all. (It actually said that the update was an error, but that sounds unlikely.)

And again, you can see why it made a business decision to change its tune. The move had made some of its existing rule-abiding customers unhappy, and they threatened to close their acconts. PayPal wants to drop bad customers, but not at the expense of losing the good ones.

This is interesting because it shows how a business decision gets ingested by the political machine, the resulting output being fed back into PayPal's business decision making process, leading to a 180 degree turn.

Nor did things end there. With acceptable use policies having become a key political battleground, and politics loves controversy, the fake news mill – the very targets of PayPal's misinformation clause – kicked into high gear. Across the internet, articles began to pop up alleging that PayPal's rescinded misinformation clause and associated $2500 penalty had been stealthily "added back into the terms of service with equally ambiguous language," as one article put it.

One of many articles wrongly claiming that PayPal sneakily re-updated its policy

A quick check of PayPal's acceptable use policy in the WayBack Machine shows that these claims aren't factual. Agree or not with the $2500 fine, it wasn't added back after "criticism on social media died down." The fine has been there since it was tacked on by PayPal back in September 2021.

The article also alleges that the misinformation clause has reappeared in the form of a prohibition on intolerance. But the intolerance clause has been there since 2018. Never mind that it's an error to equate a prohibition on intolerance with a prohibition on misinformation. They're just not the same thing.

The fake facts continued to pile up. PayPal has a long-existing rule against lying about account details like your name and age. A second article erroneously tries to claim that this longstanding rule is a new one, more specifically that it is the "misinformation" clause sneakily reintroduced back into PayPal's list of acceptable uses. It's a silly argument that I rebutted more fully on Twitter.

So no, the controversial rescinded misinformation clause has not been quietly added back to PayPal's acceptable use policy. But the facts don't necessarily matter. This wave of fake news successfully fed back into the political arena, with folks like Republican representative Tom Emmer seizing on them to air his worries that PayPal is being "weaponized to control speech." There are existing users of PayPal, the ones that PayPal would like to keep, who will listen to Emmer and close their accounts.

The whole series of events illustrates how complicated it is for a company to modify its terms of services.

Firms want to boost their profits, which means establishing policies to reach a certain type of desirable client while excluding other types of clients that don't fall within their targeted market. But firms also need to try and calculate how their proposed changes will be digested in the political arena, and how the resulting outrage feeds back into the decisions of their desirable clients, who might choose to leave.

And firms must also consider the third degree of complexity: how the political controversy over their  policy changes gets respun by fake news sites, the resulting sausage being imported back to the political arena for additional consumption, more outrage, and (potentially) more client departures. It's a difficult nut to crack. I wouldn't want to be PayPal, or its lawyers, the next time it comes time to update its acceptable use policy.

Thursday, October 13, 2022

Stablecoins, meet 3% interest rates


The global rise in interest rates is finally beginning to percolate into the stablecoin sector. One of the effects of this rise is that centralized stablecoins like USD Coin and Gemini Dollar, which by default pay 0% to holders, are introducing backdoor routes for paying interest to large customers. (See my tweets here and here).

In the case of USD Coin, Coinbase refers to interest as a "reward." Gemini calls it a "marketing incentive." But less face it: they're really just interest payments.

The links I provide are the only public evidence of stablecoins doling out interest, but you can be sure that behind closed doors, large issuers like Circle/Coinbase, Gemini, and others are offering their largest customers -- in particular exchanges like Binance and Kraken -- the same deals.

Stablecoin issuers are offering interest to select customers because of the inexorable pressure of competition. After hovering near 0% for much of the last decade (see chart above), interest rates have ramped up to 3% in just a few months. Issuers hold assets to back the stablecoins that they've put into circulation, and now these previously barren assets are yielding 3%. That means a literal payday for these issuers. In the first quarter of 2022, for instance, Circle (the issuer of USD Coin) collected $19 million in interest income after making just $7 million the quarter before. In the second quarter of 2022, interest income jumped to $81 million. I suspect the third quarter tally will come in well above $150 million.

However, if they don't share at least some of this juicy reward, issuers risk having their customers flee to alternatives that do offer interest, like Treasury bills or corporate deposit accounts. And then the amount of stablecoins in circulation will shrink, eating into issuers' revenues.

And thus, we get to a world where Gemini is promising incentives and Coinbase rewards.

Alas, while large stablecoin holders may be benefiting from this trend, small holders of stablecoins are being ignored. They don't get to share in these sweet flows of interest income. Even folks with old-school U.S. savings accounts are being paid 0.17%!

Small stablecoin holders need to unite. By working together through a StablecoinDAO, their bargaining power vis-a-vis the big stablecoin issuers improves. They may be able to negotiate the same interest payments from Circle and other issuers that large stablecoin customers are getting.

For a good example of strength in numbers, take a look at the phenomenon of high-interest savings ETFs in Canada. Corporate customers of Canadian banks get far better interest rates on chequing deposits than retail customers do. A high-interest savings ETF manager bridges this divide. They collect money from retail customers, invest the proceeds in banks at the corporate rate, and then share the superior return with thousands of retail ETF unit holders.

A StablecoinDAO would work along the same lines as a high-interest savings ETF. People would deposit their stablecoins -- USD Coin, Gemini Dollar, Binance USD, USDP, Tether, Dai -- into a smart contract. In return they'd get a new stablecoin called, say, UniteUSD, which would be redeemable on demand into any of the DAO's underlying stablecoins. UniteUSD itself would be useful. It could be used for purchases, deposited into smart contracts, or traded on decentralized exchanges and whatnot.

StablecoinDAO would have the authority to swap one underlying stablecoin out with a new one. That potential threat would give the DAO the necessary leverage to negotiate interest payments. "Hey Circle, if you don't pay us 1% then we're going to shift the DAO's holdings over to Binance USD, your competitor." As a nuclear option, the DAO could threaten to buy short-term government debt.

The interest that the DAO receives would be funneled back to UniteUSD holders. 

In sum, that's how interest rates finally filter through to small stablecoin owners.



A few random afterthoughts about stablecoins and interest payments, in no particular order:

* A version of StablecoinDAO may already exist... in the form of MakerDAO, a decentralized-ish bank that issues Dai stablecoins. Think of MakerDAO as an organizing device for small stablecoin customers to extract interest from stablecoin issuers. These small holders deposit their stablecoins (USD Coin, USDP, etc) into MakerDAO smart contracts and receive Dai stablecoins in return, which are convertible to any of these underlying stablecoins on a 1:1 basis. MakerDAO negotiates with issuers for interest payments, sluicing this interest back to Dai owners.

* Some tricky regulatory issues arise when retail customers are promised a return. If StablecoinDAO were to pay interest on UniteUSD, then UniteUSD might be deemed to be a security, and thus StablecoinDAO would have to register with a securities agency. This could doom StablecoinDAO, or at least make things very difficult for it. (Remember, when PayPal used to pay interest to customers? It did through an SEC-registered money market mutual fund.)

* StablecoinDAO would become a stablecoin black hole: all other stablecoins would quickly get sucked up into it. Why? In a world where USD Coin and USDP can only pay 0% to small stablecoin holders, but depositing said coins into StablecoinDAO means earning 2%, then every small holder will deposit their funds into StablecoinDAO. The DAO would inhale the big stablecoins -- USD Coin, Binance USD, Tether, etc -- right out of circulation, leaving UniteUSD as the dominant stablecoin.

* As competition forces large issuers to share the interest they earn, this will have implications for the finances of those very issuers. Circle, the issuer of USD Coin, envisions being profitable in 2023, as the table below illustrates:

Source: Circle Q2 2022 financials [link]

A big part of Circle's estimates are based on higher flows of interest from the assets that it holds to back USD Coin. What this table isn't accounting for is the concurrent pressure to share interest income with USD Coin holders, both large and small ones, which threatens Circle's 2023 projections.

Sunday, October 9, 2022

How to stop illegal activity on Tornado Cash (without using sanctions)

List of sanctioned Tornado Cash addresses, via OFAC

[This is a republication of my latest piece from CoinDesk.]

How to Stop Illegal Activity on Tornado Cash (Without Using Sanctions)
Rather than sanctioning code, U.S. authorities should have targeted the human intermediaries.  

Did the U.S. government have better tools at its disposal to counter the crimes on Tornado Cash than the one it eventually used? Could it have avoided the blunt instrument of sanctions, which are normally aimed at individuals rather than code?

In August, decentralized obfuscation tool Tornado Cash (a currency “mixer”) was designated by U.S. authorities as a sanctioned entity. In the years prior Tornado had become the default platform for blockchain users – both licit and illicit – for privacy in transactions.

Users deposit their ether(ETH) into any of Tornado’s 0.1, 1, 10 or 100 ETH pools, then wait for a period of time to withdraw it. Thanks to this collaborative placing of ether into the same pot, which disguises its origins, and Tornado's innovative use of zero-knowledge proofs the trail is broken.

The crypto community was furious with the U.S. government. The need for privacy is especially pressing on blockchains because all transactions are viewable by the public. Without Tornado to mix funds, achieving blockchain privacy becomes much more complicated.

Sanctions or not, it's hard to deny that the authorities had to do something about Tornado-based money laundering. Tremendous amounts of dirty money were being cleaned by the mixer, including big batches of funds stolen during the $182 million Beanstalk hack, the $196 million BitMart exploit and the $34 million compromise of Crypto.com, just to name a few.

To make matters worse, in April 2022 North Korean state-sponsored hacker group Lazarus began to use Tornado to launder the proceeds of its massive $625 million hack of the Ronin Bridge. Lazarus was sanctioned by the U.S. Treasury's Office of Foreign Assets Control (OFAC) in 2019.

OFAC is the U.S. federal government agency responsible for enforcing economic sanctions programs against countries and groups of individuals. Its targets include terrorists, narcotics traffickers and money launderers, among others.

Although the U.S. government’s response to Tornado Cash could have taken many forms, the one it ultimately chose was to sanction Tornado Cash itself. On Aug. 8, Tornado was listed by OFAC as a Specially Designated National, or SDN, along with all of the smart contracts that drive the tool’s functionality. It is illegal for U.S. citizens to interact with SDNs, so in that very instant Tornado Cash’s Ethereum-based smart contracts became off-limits for Americans.

The pushback to the U.S. government’s decision arrived immediately. According to the Electronic Frontier Foundation (EFF), a nonprofit that promotes internet civil liberties, Tornado Cash smart contracts are code. By sanctioning code the authorities are treading on constitutionally protected freedom of speech.

Coin Center, a Washington, D.C., nonprofit that advocates for decentralized computing technologies, argued that OFAC had overstepped its authority. According to its rules, OFAC can only target entities that are individuals or companies. But Tornado Cash smart contracts are neither; they cannot alter their behavior, nor lodge an appeal with OFAC to have the sanctions revoked, a key element in any sanctioning process.

If OFAC can designate Tornado Cash to be an SDN, the implication is that it can add other defenseless open-source software tools, too – hardly a great precedent.

Don’t penalize code, penalize users of code.

The criticisms aired by EFF and Coin Center are serious ones. Let's imagine the U.S. government had a chance to do things over. Rather than sanctioning Tornado Cash smart contracts, did the government have alternative tools available for countering Tornado-based money laundering, tools that avoided triggering these criticisms?

Yes. Rather than punishing code, penalize the people who use the code. There are three types of Tornado Cash users who could be targeted by the authorities: relayers, liquidity providers and the Ethereum-rich.

Let’s start with relayers, the people who add a key layer of privacy to Tornado Cash by processing withdrawals.

Relayers solve the following problem. If someone wants to remove mixed funds from Tornado to a new wallet address, he or she needs to pay a gas fee for the withdrawal, and so the new wallet must have some funds on it. But prefunding may compromise anonymity because this transaction can be traced.

Tornado Cash creators solved the prefunding problem by introducing third-party relayers who pay the necessary gas fees, sending on the user's withdrawal to the new address. These relayers collect a service charge for their efforts.

Highlighting the importance of relayers, over 75% of all Tornado Cash withdrawals are made with their intermediation.

In addition to going after relayers, the authorities could target liquidity providers.

Liquidity providers are people who use Tornado Cash to earn a profit. They deposit ether into various Tornado pools in order to receive anonymity points, which in turn can be sold for TORN, Tornado's native token.

After this points-based incentive scheme was introduced in late 2020, the quantity of ether deposited into Tornado's mixing pools began to grow exponentially. These deposits, often referred to as the tool's anonymity set, improved Tornado’s ability to anonymize funds. The deeper the anonymity set, the easier it is for users to hide.

Law enforcement could investigate relayers and liquidity providers and charge them with money laundering, a criminal offense. The case can be made that by indiscriminately forwarding mixed ether, relayers conduct transactions involving criminally derived funds. As for liquidity providers, they profit financially by widening Tornado’s anonymity set, which abets criminals in their efforts to hide their financial trails.

Because blockchains are transparent, it’s likely that relayers and liquidity providers would have been aware that criminals and SDNs were using Tornado Cash. Thus they knowingly offered their services.

Along with a money laundering offense, federal prosecutors could potentially indict relayers and liquidity providers for using Tornado Cash to provide money transmission services to those without such a license.

Alternatively, relayers and liquidity providers could be sanctioned, fined or charged by OFAC.

Relayers and liquidity providers are individuals, not code. And so arresting or sanctioning them wouldn't trigger the code-is-speech criticism raised by EFF. And since these users have agency, they can defend themselves against their accusations, addressing Coin Center’s concerns.

At the same time, by targeting relayers and liquidity providers the U.S. government would achieve its goal of reducing Tornado-based money laundering. A successful prohibition of relayers would have made it easier to link depositors with withdrawn funds, thereby making Tornado Cash less able to hide criminally-derived funds.

Targeting liquidity providers would reduce Tornado Cash’s anonymity set, the effect being to reduce criminals’ capacity to launder funds through it.

If pursuing liquidity providers and relayers doesn’t crimp Tornado-based money laundering, the authorities could have gone after the Ethereum-rich: large licit owners of ether who regularly interact with Tornado Cash’s 100 ETH pool to get privacy.

The authorities have a number of tools to target the Ethereum-rich, but one of the best tools would be OFAC’s civil monetary sanctions.

U.S. citizens who regularly make large deposits to Tornado Cash’s 100 ETH pool could be named by OFAC and fined a suitably large amount of money. OFAC could argue that by putting their ether into the 100 ETH pool at the same time as Lazarus Group, the Ethereum-rich enabled the laundering of Lazarus’ funds and thus ran afoul of OFAC’s 2019 sanctions on the group.

OFAC civil monetary sanctions have been used before on crypto users. BitPay, a bitcoin payment service provider, had to pay a $500,000 fine for allowing individuals in sanctioned locations like North Korea, Sudan, Iran and Syria to transact.

Since civil fines are levied on Tornado users, and not the code, the concerns raised by EFF and Coin Center are addressed. And fined individuals would be free to appeal their punishment.

By signaling to the public that depositing funds into Tornado Cash is prohibited, the fines would encourage the Ethereum-rich to avoid Tornado. Tornado's anonymity set would get smaller, making the tool less capable of cleaning large transactions from SDNs and thieves.

A recipe for dealing with future smart contract crime

Like them or not, OFAC's sanctions appear to have worked, up to a point.

In an effort to avoid penalties, the public has mostly stopped using Tornado smart contracts. The amount of ether in Tornado Cash pools has plunged by 61% from 225,000 to just 89,000. As a result, Tornado-facilitated money laundering has taken a hit. The mixer wasn’t even used to launder the proceeds of the $160 million Wintermute exploit, the biggest hack since the Aug. 8 sanctions.

This same result could have been achieved by targeting the users of the code, like relayers, rather than the code itself. It would have taken the authorities more time and effort. But many of the thorny criticisms that a direct outlawing of code are now attracting would have been sidestepped.

It's too late now for Tornado Cash. But the next time a set of smart contracts gets mobbed by bad actors, the U.S. government needn’t put a blanket ban on code. It has a more nuanced, user-centric approach at its disposal.