Who do you trust with your Crypto?
“The great thing about trustless cryptocurrency systems is just how many incompetents you have to trust along the way.” – David Gerard, author of Attack of the 50 Foot Blockchain.
Lately, I’ve stopped reading fiction because real life drama with public blockchains is way more entertaining. The fun never stops.
For example, one tragi-comedy began when the CEO of QuadrigaCX allegedly passed away a few months ago. Unfortunately, he never put the private keys to the company’s crypto millions into safe custody. In a traditional banking system, this would have been a mild inconvenience at worst, if even that. Bankers, like all humans, pass away, retire, or move on. When was the last time you went into conniptions because your bank manager quit?
The QuadrigaCX soap opera was just getting started. After going into regulatory protection (which in itself is a bit ironic for those “investors” who are using crypto as a statement against regulation), QuadrigaCX manages to lose some more by “inadvertently” transferring some money into another wallet from where the money cannot be retrieved. In the traditional banking system, when you sign up for direct deposit or do a wire transfer, considerable verification happens upfront to make sure the numbers and recipients are valid; further, both parties agree that deposits made in error can be reversed by the financial institution.
In another episode, Ernst & Young, appointed by regulators, discovered that six of the cold wallet addresses used by QuadrigaCX apparently haven’t had any balances in them since one year.
I realize many investors lost money in this and similar ventures when common sense suggests they should have stayed away. While this is unfortunate, I don’t believe these investors are ‘main-street’ investors, but reckless risk-takers for whom I have less sympathy. That’s why I’m looking forward to future episodes; this is entertainment at its best!
Public blockchains have been popularly known as the ‘trustless system.’ Strictly speaking, they should have been called ‘the system where you don’t have to trust authoritative institutions, government, central bankers, or any individual of the establishment’, though that lacks marketing pizzaz.
Instead of reposing trust in centralized institutions and in humans with traditional roles, public blockchains transfer that trust to the mathematical algorithms that power cryptocurrency operations such as mining.
Cryptography is an excellent trust mechanism and practically unbeatable, but only under specific conditions and only up to a point. Cryptography cannot undo the actions of those who operate crypto-exchanges, online capital-raising platforms, the crypto-majority (i.e., 51%, or whatever constitutes the quorum for making changes), the software writers, wallet makers, wallet operators, public addresses that are fronts for scammers, and so on. Most of these participants are not fraudulent, but that’s beside the point. Storing your life savings in Fort Knox is of no use if you lose your keys! To the end user, the effect of fraud, incompetence, or error in cryptos is the same and equally disastrous.
Traditional finance has a number of interlocked trust mechanisms: reputation, credentialing, registration, regulatory filings, auditing, established operational procedures, and various checks and balances. Does this make fraud impossible? Hardly. Does this prevent the consequences of incompetence? Not at all.
Fraud, incompetence, and mistakes are here to stay for the foreseeable future. In addition to all this, there’s technology risk. Generally speaking, it is very tough to eliminate risk entirely. The best we can do is to disperse the risk in a way that it becomes economically unrewarding to engage in criminal activity by the vast majority of participants. For the remaining risk that just cannot be eliminated (given the unending human penchant for mischief), the parties are protected through a variety of safety nets. As in all meaningful things, available trade-offs redistribute advantages and disadvantages. In the case of cryptos, the questionable advantage of censorship-resistance comes at the price of increased risk. Increased security in the case of permissioned financial blockchains comes at the price of complying with regulations.
In the real-world, trade-offs are unavoidable and blockchains expand the available trade-offs. Unfortunately, that includes the ability to choose to trust unsavory and incompetent participants at the entry and exit points of the public blockchain.
In securities, permissioned blockchains offer increased process efficiency, facilitate liquidity (but cannot create it), and enable stronger compliance across multiple participants. As far as securities are concerned, both types of blockchain offer strong cryptographic basis for technical validations. But you do have a choice. You can choose to trust that unknown participants are not out to scam you, CEOs have kept all private keys safely, no founder is going to perform an unorthodox exit, that transactions are meaningful (and not just the same scam artists moving stuff around continually to create artificial trading volume or manipulating prices), that miners will continue to mine and validate transactions even when crypto prices tank, that some miners won’t collude to obtain majority hashing power and create an adversarial fork (the new ‘F’ word in crypto-world), and that some dictator won’t fund a hashing takeover. You also have to trust the technology to scale properly and that it will continue to thrive and improve, and that the software programmers won’t make any major mistakes that will cause all your crypto to vanish into la-la land.
The alternative is to trust the verification of identities and KYC/AML checks, the registrations of broker-dealers and ATS operators (with SEC, FINRA, etc.), the registration of the transfer agent, money transmitter licenses, regulatory filings, securities lawyers (and their registrations and bar memberships), etc.
You actually can have both! Here’s how:
Public blockchain: Crypto Kitty
Permissioned blockchain: Family Kitty.
Now, was that so difficult?
Kiran Garimella, Ph.D., is the chief scientist and chief technology officer at KoreConX, leading the strategy and development of blockchain and machine learning solutions. A sought after speaker and author, Kiran has more than 25 years experience in information technology, consulting and financial services.