Forget Bitcoin, Try Your Mattress

Cryptocurrency is about as safe as keeping your money in a sock under someone else’s bed.

iStockphoto/Foreign Policy illustration
iStockphoto/Foreign Policy illustration

Bitcoin, its advocates keep saying, is the future. But in practice, it looks a lot like the distant past. Back then, you could lose your savings if your banker ran off with your money or died without revealing where it was stored. Today, there’s numerous protections in place for consumers—unless, that is, your cash is in bitcoin.

In Canada, the Quadriga cryptocurrency exchange has gone into bankruptcy protection, leaving its customers bust. An exchange is roughly like a bank for bitcoin; they make your money easier to use in practice. But unlike a bank, there’s usually no guarantees, protections, or reassurances that your money and its holder won’t disappear to a remote island. Quadriga’s founder, Gerald Cotten, apparently died in December. Quadriga finally revealed the news in January, and shortly after the exchange applied for protection from nearly $190 million in outstanding liabilities as it scrambled to find any lurking assets.

This wasn’t a unique problem. Quadriga’s collapse follows from the nature of bitcoin and why it failed as an electronic form of cash, leaving people worldwide stranded in its wake. Most financial institutions with thousands of customers and millions of dollars in holdings have bureaucratic and technical systems in place for such misfortunes. Unfortunately, Quadriga did not—and that’s sadly typical of exchanges.

When you have a bitcoin, you have the key—like a password—to a particular address on the public bitcoin blockchain. It’s a bearer asset for whatever is at that address. If you lose the key, you’ve lost your coins.

Bitcoin exchanges have “hot wallets” (connected to the internet and used for daily buying and selling) and “cold wallets” (addresses whose keys are kept offline—on a disconnected computer, on a USB stick, on a piece of paper). Picture a bank vault, full of virtual gold bars, that you can keep in your pocket. Or lose from your pocket.

Cotten ran Quadriga as a one-man show—the exchange was his laptop and a few servers in the Amazon cloud. There was a software developer and a few customer service people. But nobody else knew the keys to the cold wallets—or even their addresses. And Cotten’s laptop was encrypted.

Bitcoin was put forward in 2008 by its pseudonymous creator, Satoshi Nakamoto, as an “peer-to-peer electronic cash system.” But it wasn’t just a payment network. It was an ideological project promoting extremist libertarianism—an odd variant of Murray Rothbard’s “anarcho-capitalism”—with a currency attached.

At every stage, the threat imagined was the very possibility of government interference. Nakamoto’s solution was to make all transactions irreversible. Nobody could take your coins without your key. Nobody could stop you sending your coins anywhere you liked.

Irreversibility is touted as one of bitcoin’s key features. But in practice, it’s the source of almost all its problems. All frauds, hacks, and fat-finger fumbles are final. When my credit card was skimmed, the first I heard of it was when my bank called me asking if I’d just spent 600 pounds for something to be dispatched to an address in the Philippines. I hadn’t, so the nice fellow from the bank said not to worry and that they would reverse the charge and send me a new card in a week. With cryptos, I would have been out of luck.

As is standard in crypto exchange collapses, bitcoin advocates were quick to blame Quadriga’s victims—“not your keys, not your coins.” But irreversibility makes storing bitcoins inordinately fraught. Secure bitcoin custody turns out to be one of the hardest problems in the space.

The pitch is: “Be your own bank!” But you shouldn’t have to be your own finance-level chief security officer just to use money. So the vast majority of users store their coins on an exchange like Quadriga as if it’s a bank—even as exchanges’ security and reliability record is dismal.

Hardware wallets—password-protected devices to store your keys—mean you can keep your life savings in your pocket. But this assumes you can trust that the device and the software you use haven’t been tampered with—both of which happen.

Bitcoin advocates talk of the stupendous security of the blockchain. But bitcoin is a whole system—and the rest of the system is plagued by hacks, fraud, and social engineering. It’s a 6-inch-thick steel blast door in a cardboard frame.

The blockchain itself is just a linked list of ledger entries—a fancy new name for a 1979-era Merkle tree, a simple data structure that lets you add new records but makes it immediately evident if you’ve tampered with previous ones: an append-only ledger. This is the good bit of blockchain—and it’s not new at all. The bitcoin trick is choosing who gets to add new entries to the ledger without a central authority that could be suborned.

The process of adding a new block of transactions to the chain is called “mining”—a lottery where millions of computers compete to win the chance to add the next block. You try to guess a number that will “hash” to a sufficiently small result, and you buy lottery tickets by running sextillions of calculations. If you add a block, you get a reward of 12.5 bitcoins. Nakamoto envisioned this as “one-CPU-one-vote.”

But bitcoin mining has rapidly centralized economies of scale—by 2014, there were only a few large mining pools. One company, Bitmain, makes 80 percent of the specialized mining chips that are now required to compete.

If too many people compete, the difficulty goes up. Apart from the spiraling electricity use this results in—bitcoin is, literally, anti-efficient—the resulting system is incredibly slow and very hard to scale up.

Bitcoin has a capacity of seven transactions per second, total, worldwide. It clogged in mid-2015, making transactions slow, unreliable, and expensive until early 2018. The payment system can work only at the level of a toy implementation.

Various “layer two” solutions don’t use bitcoin itself, doing the real work elsewhere. The most loudly advocated is the Lightning Network—which is unreliable and doesn’t scale either and whose toy implementation has already centralized.

The bitcoin ideology rapidly co-opted the “end the Fed” and “establishment elites” conspiracy theories of the John Birch Society and Eustace Mullins, particularly as put forward by Ron Paul in the last decade: Fractional reserve banking is the source of all financial evil, and we need to go back to the gold standard.

Thus, bitcoin was constructed to have a strictly limited supply—there will only ever be 21 million bitcoins. Advocates tout this as an advantage for a currency—the limited supply means that economic activity per coin will go up and prices will go down, making bitcoin deflationary. Coincidentally, this means the holders get rich for free.

In real life, deflation is disastrous for a currency. If the value of a currency goes up, prices go down—and there’s absolutely no incentive to spend your money today if it’ll always be worth more tomorrow. Economic activity spirals down.

The price of bitcoin did go up—though from speculation rather than economic activity. And bitcoiners did indeed just hold their coins, not wanting to spend them in case they were worth more tomorrow. Thus, merchants who were nagged into accepting bitcoin routinely saw negligible usage because bitcoiners don’t buy things with them.

Advocates are convinced that bitcoin can be both a currency and a speculative commodity—but those two functions contradict each other. There are reasons that gold standards stopped working.

The first bitcoiners were libertarians and tended to be quite clever in the manner of engineers—what they didn’t understand about economics, they were confident would just be a simple matter of programming. I know PHP, how hard could running an exchange be? Bitcoin became a study in how to reinvent the entire financial system from scratch—badly.

We know how to build reliable financial systems such that society can be confident both that systems will keep on working and that funds will be protected against both internal and external attackers. Bitcoin didn’t really get the memo.

It’s entirely believable that Cotten was a smart, self-reliant fellow with a high opinion of his own brilliance—high enough that he never figured that Quadriga might need systems not controlled by himself personally.

Bitcoiners can’t be expected to pull themselves out of amateur hour by their own laissez-faire bootstraps. Further Quadrigas can’t be tolerated.

Cryptocurrencies do have a limited payment use case. The first bitcoin bubble started in 2011, when you could buy illicit drugs on the Silk Road darknet market with bitcoins. Cryptos are occasionally useful for international remittances, when you can’t easily get your currency across a border, or when they happen to be a slightly cheaper channel than SWIFT or Western Union.

But cryptocurrencies remain worse than existing currencies or payment systems in almost every conventional use case—they only work as a substitute currency, when you can’t use good money. And you’ll be dealing with rank amateurs, incompetents, and crooks every step of the way.

David Gerard is the author of the book Attack of the 50 Foot Blockchain and the cryptocurrency and blockchain news blog of the same name. His new book is Libra Shrugged: How Facebook Tried to Take Over the Money.