Table of Links Abstract and 1. Introduction Abstract and 1. Introduction Bitcoin and the Blockchain 2.1 The Origins 2.2 Bitcoin in a nutshell 2.3 Basic Concepts Crypto Exchanges Source of Value of crypto assets and Bootstrapping Initial Coin Offerings Airdrops Ethereum 7.1 Proof-of-Stake based consensus in Ethereum 7.2 Smart Contracts 7.3 Tokens 7.4 Non-Fungible Tokens Decentralized Finance and 8.1 MakerDAO 8.2 Uniswap 8.3 Taxable events in DeFi ecosystem 8.4 Maximal Extractable Value (MEV) on Ethereum Decentralized Autonomous Organizations - DAOs 9.1 Legal Entity Status of DAOs 9.2 Taxation issues of DAOs International Cooperation and Exchange of Information 10.1 FATF Standards on VAs and VASPs 10.2 Crypto-Asset Reporting Framework 10.3 Need for Global Public Digital Infrastructure 10.4 The Challenge of Anonymity Enhancing Crypto Assets Conclusion and References Bitcoin and the Blockchain 2.1 The Origins 2.2 Bitcoin in a nutshell 2.3 Basic Concepts Bitcoin and the Blockchain 2.1 The Origins 2.1 The Origins 2.2 Bitcoin in a nutshell 2.2 Bitcoin in a nutshell 2.3 Basic Concepts 2.3 Basic Concepts Crypto Exchanges Crypto Exchanges Crypto Exchanges Source of Value of crypto assets and Bootstrapping Source of Value of crypto assets and Bootstrapping Source of Value of crypto assets and Bootstrapping Initial Coin Offerings Initial Coin Offerings Initial Coin Offerings Airdrops Airdrops Airdrops Ethereum 7.1 Proof-of-Stake based consensus in Ethereum 7.2 Smart Contracts 7.3 Tokens 7.4 Non-Fungible Tokens Ethereum Ethereum 7.1 Proof-of-Stake based consensus in Ethereum 7.1 Proof-of-Stake based consensus in Ethereum 7.2 Smart Contracts 7.2 Smart Contracts 7.3 Tokens 7.3 Tokens 7.4 Non-Fungible Tokens 7.4 Non-Fungible Tokens Decentralized Finance and 8.1 MakerDAO 8.2 Uniswap 8.3 Taxable events in DeFi ecosystem 8.4 Maximal Extractable Value (MEV) on Ethereum Decentralized Finance and 8.1 MakerDAO Decentralized Finance and 8.1 MakerDAO 8.2 Uniswap 8.2 Uniswap 8.3 Taxable events in DeFi ecosystem 8.3 Taxable events in DeFi ecosystem 8.4 Maximal Extractable Value (MEV) on Ethereum 8.4 Maximal Extractable Value (MEV) on Ethereum Decentralized Autonomous Organizations - DAOs 9.1 Legal Entity Status of DAOs 9.2 Taxation issues of DAOs Decentralized Autonomous Organizations - DAOs Decentralized Autonomous Organizations - DAOs 9.1 Legal Entity Status of DAOs 9.1 Legal Entity Status of DAOs 9.2 Taxation issues of DAOs 9.2 Taxation issues of DAOs International Cooperation and Exchange of Information 10.1 FATF Standards on VAs and VASPs 10.2 Crypto-Asset Reporting Framework 10.3 Need for Global Public Digital Infrastructure 10.4 The Challenge of Anonymity Enhancing Crypto Assets International Cooperation and Exchange of Information International Cooperation and Exchange of Information 10.1 FATF Standards on VAs and VASPs 10.1 FATF Standards on VAs and VASPs 10.2 Crypto-Asset Reporting Framework 10.2 Crypto-Asset Reporting Framework 10.3 Need for Global Public Digital Infrastructure 10.3 Need for Global Public Digital Infrastructure 10.4 The Challenge of Anonymity Enhancing Crypto Assets 10.4 The Challenge of Anonymity Enhancing Crypto Assets Conclusion and References Conclusion and References Conclusion and References 2.3 Basic Concepts The underlying technology of Bitcoin tries to solve the problem of transmitting value from one user to another in a trustless manner, using a distributed public ledger without involving any central authority. This problem requires technological solutions which ensure trust in a trustless environment. Just as a banking system needs to develop mechanisms to verify identity and maintain the security of the bank accounts, the Bitcoin system also solves these problems by combining cryptography, game-theory, computer networking and economics. Cryptography is extensively used in the Bitcoin ecosystem. Hash functions and digital signatures form the bedrock on top of which the entire technological stack of Bitcoin and other crypto assets is built. To understand the mechanics of any transactions in this ecosystem, it is imperative to understand how these fundamental building blocks like hash functions and digital signatures along with economic incentive mechanisms make this system work effectively in a fault tolerant manner. The next section explains the basic concepts of hash functions and digital signatures which will be used repeatedly in the subsequent sections. 2.3.1 Hash Functions 2.3.1 Hash Functions In a blockchain like Bitcoin the copy of the public ledger is stored by many participants of the Bitcoin Blockchain called nodes. As each individual node can store, transmit, and validate transactions, it is important that the transactions are verifiable and temper-evident, as in an open and permissionless system like Bitcoin it is impossible to prevent tempering by malicious nodes, but possible to make the tempering evident through cryptography. In solving this problem in the blockchain, hash functions have a critical role to play. Many of us might have come across hash of a particular file while downloading it from a website. The purpose of the hash is to enable the user downloading the file to confirm that the file has not been tempered and is same as present on the website. Hash functions are mathematical functions which map a string of any length to a string of fixed length based on certain algorithm that scrambles the input string to generate a seemingly unrelated output string of fixed length. It is like a unique fingerprint of given data string. It can be represented as shown in Fig.1 For any hash function to be cryptographically secure it must have the following properties: a) Computational Efficiency: For an input string of certain size, the time taken by the algorithm to calculate the hash or digest of the input should be a linear function of the size of the input string. b) Collision Resistance: The hash value function maps the infinite set of strings of variable length to a finite set of hash values of fixed length. From the pigeonhole principle[7] it can be inferred that there exists a string 𝑦 for a string 𝑥 and hash function 𝐻(), such that 𝐻(𝑥) = 𝐻(𝑦) = 𝑧 when 𝑥 ≠ 𝑦 . Such a case is called a collision, when two non-equal input strings have the same hash value. However, for cryptographically secure hash functions, even though the collisions exist, it should be computationally infeasible to find two strings that have the same hash. c) Hiding: It should be computationally infeasible for an attacker to guess the input string correctly by looking at the hash. And even if a slight change is made in the input string, the cryptographic hash changes completely. This can be seen with the SHA256 hash of the string “Crypto Asset taxation is interesting” concatenated with various special characters as shown in Table 1. From the table, it can be inferred that changing a single character generates a totally different hash value. This characteristic of the SHA256 Cryptographic hash function is important for making the blockchain temper-evident, which means that every participant in the blockchain would be able to identify any tempering by a malicious actor with transactions or other block fields in the blocks that are already a part of the blockchain. 2.3.2 SHA256 security 2.3.2 SHA256 security In case of SHA256 we do not have knowledge of any such efficient collision detection methods as of now, and it is largely believed to be collision resistant, as despite best efforts, collisions could not be found[11]. However, there is no way to prove that a hash function is collision resistant. In the past, hash functions have been broken and phased out of security systems. A famous case is that of MD5 hashing algorithm which was widely used but eventually phased out for use as a cryptographic hash function. Wang & Yu (2005) found and published ways to attack MD5 hashing algorithm[12] and Magnus & Stefan (2005) produced two Post Script files which had the same MD5 hash[13]. Hash functions are so critical for blockchains as they are the primary mechanisms of creating trust about the integrity of information being exchanged between the nodes of the network. If an underlying algorithm like SHA256 breaks down, the trust in the Bitcoin blockchain would also crumble. Quantum computers can also significantly affect the cryptography used in Bitcoin. It is estimated that in the 2030s quantum computers would be able to crack SHA256[14] unless Bitcoin Blockchain migrates to quantum safe cryptography. As the blocks and transactions in the Bitcoin Blockchain are identified using the hash value of their header, a well-orchestrated attack by an attacker having a reasonably sized quantum computer can potentially cause significant damage to trust in the Bitcoin Blockchain. However, just as the traditional banks continuously improve the security of their credit cards and internet banking solutions, Bitcoin Blockchain can also find potential solutions to circumvent the likely threat from quantum computers. 2.3.3 Digital Signatures 2.3.3 Digital Signatures The Bitcoin Blockchain needs to identify the originators of transactions and owners of funds who can spend their Bitcoins on the Bitcoin Blockchain using valid transactions. This is analogous to a banking system where the bank assigns a customer identification number to each customer and each customer has their respective username and passwords for online banking. It is a mechanism to establish the identity, to verify the originator and authorizer of the transactions. However, in centralized banking systems, additional checks are possible to verify the identity of the originator of the transaction in circumstances of suspicion and there is a rigorous process of onboarding which includes mapping the customer identification number to a natural person using Social Security Number, Passport etc. The beneficial ownership of the account is also captured while opening the bank account. As the Bitcoin Blockchain does not have any centralized authority to verify identity, it relies on cryptographic techniques like digital signatures to validate the identity of the participants in the system. A digital signature is like a stamp of authentication of the origin of a message, transaction or document which establishes that the information did indeed originate from the person who has signed the message, transaction or document and it has not been altered. An excellent overview of how digital signatures work can be found in security tip (ST04-018) of the US Cybersecurity and Infrastructure Security Agency[15]. We often come across digital signatures in our daily lives while receiving digital documents from the government. Various PDF documents contain digital signatures which are verified as soon as the PDF file is opened. One such example is the AADHAAR document (Indian social security number) downloaded in PDF format. The user downloading the document can ensure that the document has indeed been issued by the issuing authority i.e., the Unique Identification Authority of India (UIDAI) and has not been tempered with. Fig. 2 and Fig. 3 show how a user can verify the identity of the issuer and absence of any tempering in the document. From the above figure it is clear that the said digital signature is issued by a Certifying Authority which contains the public key and the identity of the Unique Identification Authority of India (UIDAI). It is a kind of authorised directory of public keys which maps them to a natural person or an organization. As shown in Fig. 3 the digital signature can also be used for non-repudiation. The signature of the Unique Identification Authority of India (UIDAI) on the AADHAAR document makes it impossible for the UIDAI to claim that it has not issued and signed the said document. The understanding of non-repudiation property of digital signatures is crucial for an investigator or tax auditor to prove that the funds in a crypto asset wallet are indeed controlled and beneficially owned by a natural or juridical person. Digital signatures are based on public key cryptography. A public key cryptographic system uses a pair of keys with each pair consisting of a public and a private key. The public key is publicly known and can be shared with various users and the private key is kept secret. To prove identity, the transaction is signed(encrypted) using the private key and the signed as well as the original transaction is transmitted to the receiver by the sender. The signed(encrypted) message is then decrypted by the receiver using the public key of the sender, which is known to the receiver, and is matched with the original (unencrypted) transaction. If the two match, then it can be inferred that the message did indeed originate from the owner of the private key corresponding to the public key used to decrypt the signed message. For example, Consider the private key 1ee283aa3024205e69c14b11b65685ac367213aba131e654d97020cfe5aa5818 and its corresponding public key fc1a62a566ce576431cc2c96dac6766fb8fcea90b8da28307b1af1647a361f874c9604c3c98497a115387b0382df141d4cdda97bc8502a7cf7af267ce91d3f45 Alice has to send the message “Crypto Taxation is interesting” to Bob, and Bob needs to verify that this message is indeed from Alice, and that it has not been tempered. Thus, Alice uses her private key to encrypt the message “Crypto Taxation is interesting” and generates the signed (encrypted) message. She transmits the signed message along with the original message to Bob. Cryptographically the signed message would be 02df346b572d370d5bb19cd5a6de115335284d4c6de7683078eef9d6df11e14c236af35e817a303d3ded6b3e63531e5ad26f6db006fbbf97ca6c96de60db3326. Bob receives the signed message as well as the original message “Crypto Taxation is interesting”. He decrypts the signed message using the known public key of Alice and compares it with the original message “Crypto Taxation is interesting”. If the two messages match, then Bob can say with certainty that the message is indeed sent by Alice and has not been tempered. If a malicious actor tempers even a single bit of the original or signed message sent by Alice, Bob would come to know that the message has been tempered or was not sent by Alice. This use of digital signatures in blockchains makes them temper-evident. This can be seen pictorially in Fig. 4. Public key cryptography is central to the addresses used by Bitcoin to send and receive Bitcoins. The public key is analogous to the bank account number in a banking system and private keys are analogous to the passwords used to authorize transactions. The public key is derived from the private key using a one-way function[16], which has the nature of making the computation possible only from the private key to the public key. These one-way functions are based on properties of large prime numbers. For example, it is very easy to find the product of two very large prime numbers, but it is extremely difficult, given the product, to factorize it into the two large prime numbers. The public key can be easily derived from the private key using the one-way function, but it is practically impossible to derive the private key from a public key. Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) which has 256-bit private keys. This means that a Bitcoin private key is a random 256-bit number. 256-bit keys are highly secure and currently it is practically impossible for an attacker to derive the private key from a public key using brute force. 2.3.4 ECDSA and Bitcoin addresses 2.3.4 ECDSA and Bitcoin addresses Bitcoin uses the Elliptic Curve Digital Signature Algorithm (ECDSA) for its digital signature scheme. There are multiple elliptic curves in ECDSA. Bitcoin uses the Secp256k1 elliptic curve to derive the public keys from private keys. However, even though public and private keys are required for bitcoin transactions, in order to reduce the size of transactions, instead of using the public key, Bitcoin uses the public address which is a modified version of the public key. This transformation creates various types of addresses through the algorithm depicted in Fig. 5. Besides allowing for a greater number of transactions in a block due to lower transaction size, this transformation has some positive security implications, as it provides quantum resistance to existing public keys[17] which hold Bitcoin and reduces the possibility of errors that users might make in specifying the public addresses while sending the Bitcoins, due to the presence of a checksum. There are multiple websites which help users to generate such key pairs, they use various methods to generate a truly random number by using techniques like moving a mouse pointer or entering random text as input. One such website is www.bitaddress.org . Fig. 6 is a screenshot from the website, which shows how it uses the mouse movement to generate a truly random number which is used to generate Bitcoin key pairs. The generated Bitcoin address is shown in Fig. 7. It is important to note that in this process of generating a Bitcoin address and its corresponding private or secret key, there is no requirement to provide any identity related information. No Know Your Customer (KYC) procedure is required to generate this valid Bitcoin address which can be used for transaction on the Bitcoin Blockchain. The validity of the bitcoin address can be easily verified on the Bitcoin Blockchain Explorer as given in Fig. 8. As we have freshly created this address there are no transactions on this address. Similarly, a user can create any number of addresses and make transactions on the Bitcoin Blockchain without undergoing any Identity verification or KYC. Unlike the digital signatures which had their public keys verified by a central authority like in case of UIDAI, the Bitcoin Blockchain does not require attaching any real-world identity to the digital signature. This has implications for tax enforcement and other law enforcement agencies, as this identity on the Bitcoin Blockchain is not mapped to a real-world identity. Unlike details like Swift Code and a name or possibly a social security number attached with a bank account, there is no such personal or geographical information associated with a Bitcoin address. However, there are some mechanisms to do so on a probabilistic basis. This makes it pseudonymous. In this case, methods like subpoena and summons cannot be issued to a central authority like a bank or a stock exchange to obtain information about the beneficial owner of this Bitcoin address. Methods to map a real-world identity to this Bitcoin address are usually based on blockchain analytics and inference. In case of a centralized exchanges where users do not generate their own key pairs and the exchange does this for them, the KYC information is captured before on-boarding a customer and can be obtained after satisfying the legal requirements, through their law enforcement portal. However, such centralized exchanges might primarily rely on the self-declaration of tax residency by the user. Thus, it is practically impossible for two Bitcoin users to generate the same address independently unless they have used the same or predictable source of randomness. So, if a taxpayer presents the argument of his/her Bitcoin being stolen by someone who maliciously generated their public and private key pair, the taxman should know that it is practically impossible for anyone to do so, and the private key might have been compromised in some other way. In the next section we would see how the addresses and their corresponding private keys are used to transact on the Bitcoin Blockchain. From the point of view of tax investigation and enforcement as well as for other law enforcement agencies it is important to have a general understanding about the characteristics of the public and private keys as well as the public addresses of Bitcoin and other crypto assets. For investigators involved in enforcement actions as well as the forensic analysis of evidence, it is important to be able to identify crypto assets address and keys to find the quantum and flow of funds. It would also be important to use regular expressions to identify certain crypto asset addresses and keys located in mobile devices or hard drives. Although, nowadays various forensic investigation tools provide this functionality. However, knowledge about the various types of addresses of crypto assets might help the investigators and the taxman to prima facie identify the crypto assets involved in the investigation. The algorithm shown in Fig. 5 generates 3 types of Bitcoin addresses which can enable an investigator to identify/suspect a string of characters representing a Bitcoin address. Awareness about Bitcoin address types can also aid an investigator in tracking the flow of funds in cases of theft, fraud or establishing the ownership or control of a Bitcoin address. The three types of Bitcoin addresses generally used in transactions are: i) P2PKH addresses: These addresses are the first version of Bitcoin addresses and are also known as legacy addresses. They start with the number ‘1’ and have 26 to 36 characters. The transactions using these addresses are larger in size and hance require more transaction fee making this address type inefficient. For example, 1KfVFNtxkknugXhA9uYkohMWxG8f78nyax ii) P2SHaddresses: These are like P2PKH addresses and provide more complex functionality like multiple signatures for spending the Bitcoins. They start with the number ‘3’. For example, 3FMFtFAJxKmvpumn3sGjA6xjXw1M4Bw97v iii) P2WPKH or Bech32: These transactions are advance transactions which help to reduce transaction size and make them faster and more efficient. These are used in SegWit transactions, a new format for Bitcoin transactions in which to accommodate more transactions in a block, certain information (regarding witnesses) was removed from the input field of the block. These addresses start with ‘bc1’. For example, bc1q9jayxqvah5gynukddmmvs7jc9xwjc0c6emulpp Similarly the Bitcoin private keys start with ‘K’,‘L’ or ‘5’ like Kx4cBkAHgD9CrYNhTM12P5cNgVfwTeG5nN2R4KxcZjPPLx7DfrEr L5WNtTRjhqisXpnkCbr2mRu6oR7k34axzggh4nyXKuQU6aozLnkQ 5J5PZqvCe1uThJ3FZeUUFLCh2FuK9pZhtEK4MzhNmugqTmxCdwE These patterns can help investigators to identify the use of Bitcoin blockchain by the taxpayer or suspect. The regular expressions19 for Bitcoin and other crypto assets’ addresses and keys can be used to look for use of such assets by the taxpayer or suspect on a computer or disk using specialized software. In Bitcoin, mnemonics-based keys, often referred to as mnemonic seeds or recovery phrases, as shown in Fig. 8A, are a human-readable and memorable representation of the private key or seed used to generate a deterministic wallet. These phrases typically consist of a sequence of 12, 18, or 24 words chosen from a predefined list of words. Mnemonics serve as a convenient way for users to back up and restore their cryptocurrency wallets without needing to store or remember the raw cryptographic keys themselves. They are crucial for wallet recovery in case of loss, theft, or hardware failure, as users can simply input their mnemonic seed into a compatible wallet software to regain access to their funds. Mnemonics-based keys adhere to the BIP-39 standard[20], ensuring compatibility across different Bitcoin wallets and implementations. Thus, whenever an auditor or investigator comes across such mnemonics it should be identified as a seed phrase for a crypto asset wallet. 2.3.5 Bitcoin Transactions 2.3.5 Bitcoin Transactions Bitcoin is primarily a means for transmitting value from one user to another through an open, permissionless and trustless network. Bitcoin Blockchain has multiple mechanisms to ensure the validity of transactions which make sure that it is usually impossible to carry out fraudulent transactions. A transaction is usually of the form of Alice paying Bob a certain Bitcoin value. The various aspects of ensuring security and integrity of transactions are: i) The users must own the Bitcoin value that they wish to transfer and should be able to prove the ownership unambiguously on the network. For example, if Alice has 2.5 BTC the Bitcoin Blockchain based on a consensus, should agree that Alice owns 2.5 BTC ii) Appropriate funds should be available with the user. It should be impossible to transfer 3 BTC when a user owns only 2.5 BTC[21]. iii) The originator and authorizer of the transaction must be verifiable as Alice iv) The transaction should not have been tempered One of the most important ideas in a transaction on Bitcoin Blockchain is that of an Unspent Transaction Output (UTXO). UTXOs are quantities of Bitcoin sent to various public addresses which have not yet been spent by them. They represent the units of Bitcoin which can be referenced by the owners of the Bitcoin addresses to which the UTXOs are assigned, and can be spent on the Bitcoin Blockchain. For every valid transaction Alice must reference a UTXO which is a result of previous transaction by Alice herself or some other address in the Bitcoin Blockchain which transferred Bitcoins to Alice’s Bitcoin address. The only exception to this is the first transaction in every block, called the Coinbase transaction, which results in newly created bitcoins being assigned to the miner of the block as reward. Coinbase transactions do not require any input UTXO, but only the pay-out Bitcoin address. UTXOs are analogous to cheques which are written in the name of a specific Bitcoin address owner and can be spent only by them. It also important to note that while Bitcoins are fungible, UTXOs are not fungible. A user must use the entire value of the input UTXO either by transferring Bitcoin value to other Bitcoin addresses, their own address or as transaction fee for miners. The difference in the value of the input and output UTXOs is deemed to be the transaction fee for miners. UTXOs can be imagined as piggybanks assigned to specific users and every time the user intends to spend the amounts kept in the piggybank, they must break the entire piggybank assigned in their name, and create new piggybank(s) in the name of the intended transferees or the transferor himself/herself which can only be spent by them. In the transaction depicted in Fig. 9 these new output UTXOs (piggybanks) are for the Bitcoin addresses of Bob, Carol, and Alice. Any change that is not assigned to either Bob and other transferees or Alice’s new piggybank, is by default the miner fee given by Alice for adding her transaction on the Bitcoin Blockchain. In the above transaction Alice sends 2.5 BTC to Bob, 0.2 BTC to Carol and 0.25 BTC to herself (to a new Bitcoin address controlled by her or her existing Bitcoin address) the balance amount of 0.05 BTC is the miner fee. The UTXOs are in the form of a locked script which can only be spent by a user who has a public address, same as that specified in the locking script. It is a kind of cheque written for the user whose public address is same as that specified in the script. The input UTXOs of 1.2 and 1.8 BTC have been locked using a script by the sender for Alice’s Bitcoin address. So, Alice refers to the input UTXOs in the input side of her transaction and specifies the output Bitcoin addresses of Bob, Carol, and herself along with locking scripts and signs the transaction using her private key. She then broadcasts the transaction signature along with her public key which allows the nodes of the Bitcoin Blockchain to make sure that the transaction has indeed originated from Alice and that she is the one entitled to spend the input UTXOs of 1.2 and 1.8 BTC. The nodes compare Bitcoin address corresponding to the public key of Alice with the Bitcoin address specified in the input UTXO, if they match, then they infer that indeed Alice is entitled to spend the Bitcoin amount contained in the input UTXO. Then the nodes verify the signature of the transaction broadcasted by Alice. If the signatures are verified, then it can be inferred that indeed Alice has authorized the spending of the input UTXOs. This ensures that only Alice can spend the input UTXOs owned by her Bitcoin address. Suppose an eavesdropper Eve knows Alice’s public key somehow and tries to spend her UTXOs. She cannot do it as Eve does not know the private key of Alice and would have to sign the transaction using her own private key or any other private key. The nodes of the Bitcoin network would fail to verify the signatures and would come to know that it is not Alice but someone else who has signed the transaction or the transaction has been tempered. In case Eve uses her own private and public key pair to create a transaction having UTXOs meant for Alice as input, the Bitcoin address corresponding to the public key of Eve will not be same as that of Alice’s public key and the nodes will be unable to successfully run the unlocking script of UTXOs meant for Bitcoin address of Alice, making Eve unable to spend Alice’s UTXOs. This combination of locking and unlocking scripts along with digital signatures makes sure that UTXOs are not spent fraudulently by malicious actors. While broadcasting the transaction, Alice transmits the signature of the transaction along with her public key. This has potential implications for security threats from quantum computers, as until only the Bitcoin address is known to the attacker with a reasonably resourceful quantum computer, he/she will have to first find out the public key itself using Grover’s Algorithm and then use Shor’s Algorithm to find out Alice’s private key in reasonable time. However, with the disclosure of public key while spending the UTXOs, it might become easier for an attacker to find the private key of Alice before the transaction is included in the next few blocks, allowing him/her to spend Alice’s UTXOs fraudulently. It can also be seen that a Bitcoin transaction[22] on the blockchain has no narration, purpose code or identity or IP address information of any device and natural or juridical person attached with it. Thus, by merely looking at the transaction it is not possible to know the device or IP address that originated the transaction as well as the real natural or juridical persons behind it or the purpose of the transaction. However, some blockchain analytics and inferences can help in such identification. 2.3.5.1 Tax Implications of UTXO Based Transactions 2.3.5.1 Tax Implications of UTXO Based Transactions The UTXO based design of Bitcoin and other similar crypto assets like Bitcoin Cash and Monero can have implications for determining the cost basis for calculation of the capital gains liability. As the UTXOs are not fungible, each UTXO(s) belonging to a public key(s) of a taxpayer can be uniquely identified. While transacting on the Bitcoin Blockchain, the taxpayer might choose an optimal combination of the input UTXOs which minimizes the transaction fee, but this might give rise to different tax liabilities due to possibly different cost basis of each UTXO. This can lead to significant complexity for owners of crypto assets while reporting the basis of transactions and calculating their tax liability from crypto asset transactions. To simplify the calculation of cost basis and the tax liability many tax administrations allow various accounting methods to determine the cost basis of crypto assets. The methods are as follows: i) First In First Out (FIFO): The earliest brought crypto asset is sold first ii) Last In First Out (LIFO): The most recently brought crypto asset is sold first iii) Highest In First Out (HIFO): The most expensive crypto asset is sold first iv) Specific Identification (Spec ID): The specifically identified asset in record is sold. This is the method most consistent with the UTXO based design of Bitcoin and other similar crypto assets. v) Average Cost Basis (Known as Share Pooling in the UK): A method wherein identical assets are pooled and the average cost basis is taken for each of these pools. Depending on the average basis being taken for the entire financial year or for each disposal the methods are also known as the total average and moving average methods respectively. vi) Periodic Basis: The cost basis in some jurisdictions is determined by the value of the crypto asset at the beginning of each tax year. This method is used by the Belastingdienst vii) PVCT (Plus-value à court terme) method: While disposing a crypto asset, the cost basis is calculated by the fraction of the acquisition cost of the entire crypto holdings relative to the sales proceeds. This method is used by the Direction Générale des Finances Publiques As one cannot transact with oneself, the transfer of crypto assets from on wallet address, hosted or un-hosted, owned by the same person or entity is not taxed. However, such transfers would require maintaining records of the original incoming crypto asset for an accurate determination of the cost basis for determining capital gains or losses at the time of disposal of the crypto asset. Choice of different methods can have an impact on the tax liabilities of individuals as well as the revenue collected through taxation on crypto assets. As crypto assets resemble securities in many aspects and some have even been classified as securities by regulators like the SEC, they are also susceptible to “wash sales”. However, as in some jurisdictions, wash sale rules apply only to securities, and crypto assets are classified into different asset classes in multiple jurisdictions, investors can use the regulatory arbitrage to lower their tax liability. There is also evidence of Tax Loss Harvesting (Cong, Landsman, Maydew, & Rabetti, 2023) in jurisdictions like the US to lower the tax liability. 2.3.6 The Bitcoin Blockchain 2.3.6 The Bitcoin Blockchain Wikipedia[23] provides a comprehensive definition of a blockchain as “A blockchain is a decentralized, distributed, and often public, digital ledger consisting of records called blocks that are used to record transactions across many computers so that any involved block cannot be altered retroactively, without the alteration of all subsequent blocks. They are authenticated by mass collaboration powered by collective self-interests. This allows the participants to verify and audit transactions independently and relatively inexpensively. A blockchain database is managed autonomously using a peer-to-peer network” “A blockchain is a decentralized, distributed, and often public, digital ledger consisting of records called blocks that are used to record transactions across many computers so that any involved block cannot be altered retroactively, without the alteration of all subsequent blocks. They are authenticated by mass collaboration powered by collective self-interests. This allows the participants to verify and audit transactions independently and relatively inexpensively. A blockchain database is managed autonomously using a peer-to-peer network” The distributed public ledger of Bitcoin is based on the blockchain. The transactions in a blockchain are grouped together in the form of blocks and the subsequent blocks are cryptographically linked to the previous blocks, thus forming a chain. A complex interplay of cryptography, distributed consensus regarding the state of the blockchain and a system of economic incentives keep the Bitcoin Blockchain secure. It leads to only valid blocks being added to the blockchain and prevents malicious actors from compromising the integrity of the blockchain. Blockchain is not the only way to structure data and blocks for crypto assets. Some crypto assets like IOTA, Nano and Obyte use Directed Acyclic Graph framework to store data[24]. Unlike the banking system, the copies of ledgers in a public blockchain are maintained in the form of a distributed database which can be openly accessed by anyone. The transactions broadcasted by the users of the blockchain are verified by the nodes of the Bitcoin network and are included into a block only when they are found to be valid. Addition of each block to the top of the existing blockchain requires solving a rigorous mathematical puzzle by nodes called miners which add a new block to the blockchain. The promptest miner to solve the puzzle gets to add the block created by it on top of the existing blockchain and extend it. It also earns him/her the mining rewards in the form of newly created Bitcoins through the Coinbase transaction. This difficulty in adding another block to the existing blockchain makes it practically impossible for any malicious actor to temper the earlier blocks or transactions. Any effort at tempering becomes evident to the participating nodes and due to the enormous computational resources required for mining, it is extremely difficult for a malicious actor to create a blockchain which is a few blocks different from the original blockchain. A system of economic incentives promotes honest behaviour by participants, as they own or hope to own Bitcoin in the form of miner’s reward, and have an incentive to keep the trust in the blockchain by maintaining its integrity. The structure of the blockchain is shown in Fig 10. Each block contains a header and several valid transactions. The header of the block consists of the following: i) Merkle Root: It is the hash of the merkle tree[25] which contains all the transactions in the block. Its main objective is to ensure that no transaction has been modified in the block. It is also used to quickly verify if a transaction is a part of a block. ii) Nonce: It is a value which is the solution of the mathematical problem that the miner must find to mine the block. A nonce value once found by a miner can be easily verified by anyone. iii) Previous Block Hash: Every Bitcoin block contains the hash of the previous block. This makes the blocks connect in the form of a chain as shown in Fig. 10, hence the name blockchain. This property makes the blockchain temper evident as any change in a block changes the block hash and breaks the blockchain as shown in Fig. 11 If a malicious actor tries to alter the transaction on Block 651 where Ron sends 3 BTC to Alice instead of 2 BTC (Assuming that the added transaction is indeed authorized by Alice). As one of the transactions in the merkle tree has been changed, the merkle root will change and consequently the block hash would change. This would make the actual hash of the Block 651 inconsistent with the hash of the Block 651 recorded in the header of Block 652. The nodes on the blockchain would take cognizance of this and rely on the longest consistent chain instead and continue adding new blocks on top of that chain. Bitcoin blocks are identified using the unique hash of their header. This relies on the collision resistance of SHA256 hashing algorithm. This is the reason why if an attacker, equipped with a quantum computer can find an input 𝑥 such that 𝐻(𝑥) = 𝐻(𝐻𝑒𝑎𝑑𝑒𝑟 𝑜𝑓 𝐵𝑙𝑜𝑐𝑘 651) = 00064𝑏 then the integrity of the blockchain can be seriously compromised. 2.3.7 Bitcoin Mining 2.3.7 Bitcoin Mining The Bitcoin Blockchain needs to achieve a distributed consensus in which the participants of the network agree on which blocks form a part of the blockchain. As various nodes broadcast new transactions to be included in blocks and added to the existing blockchain, there must be a mechanism to decide which transactions will be added to the blockchain and which node adds the new block. The new blocks added to the blockchain must be verified and the nodes must be in sync about the current state of the blockchain. This common view of the blockchain is called a consensus. We come across the term miners and mining very often in the context of crypto assets. To effectively tax mining it is important to understand what exactly does it mean to mine Bitcoin. This facilitates the understanding of the direct and indirect tax implications of this service of adding blocks to the blockchain which creates economic value in the Bitcoin ecosystem. Many tax administrators might want to have an idea about the trends and extent of mining in their jurisdiction. It can be estimated using trends in network traffic and some services like Bitnodes[26]. However, many Bitcoin nodes use the ToR network and are very hard to trace using their IP addresses. Also, as the probability of earing mining rewards is based on the percentage of total hashing rate (computational power) available with the miner, most individual miners join a mining pool. A mining pool significantly reduces the variance of rewards received by a miner. For a fee, the mining pool makes the rewards almost certain if the individual miner has a hashing rate above a certain threshold. Mining activities can result in direct as well as indirect tax events which are discussed later. The Bitcoin Blockchain needs to have a robust mechanism to ensure that only valid transactions are included in the blockchain and a system of incentives is in place to encourage honest actors and disincentivize malicious actors in the system. It is important to note that not all nodes of the Bitcoin network are involved in mining, as mining is a very resource intensive activity. Some nodes only relay the transactions received by them to broadcast those transactions to the entire network effectively. Only nodes involved in mining can add another block to the blockchain. One of the important problems to be solved by a miner node is to select the transactions out of the broadcasted transactions to be included in the block which the miner would try to mine. When a Bitcoin user submits a transaction to the Bitcoin network, it is broadcasted using a flooding algorithm to the entire Bitcoin network and the miner nodes come to know about its existence. The broadcasted transactions form what is known as a mempool, which is a pool of unverified transactions being broadcast on the Bitcoin network[27]. The transaction fee and the block reward are the incentives for the miner nodes to verify transactions and mine new blocks to be added to the blockchain. To gain maximum reward in Bitcoins, the miners solve an optimization problem like the knapsack problem[28] in Computer Science (Fig. 12) while picking up the transactions from the mempool for inclusion in Blocks to maximize their block rewards. The miners check if the transactions are valid and the senders have the funds and the authorization to spend the UTXOs and construct the merkle tree of the transactions to form a block. The miner also puts its own Bitcoin address in the Coinbase transaction for receiving the block reward. It is usually believed that miners pick up the transaction with the highest transaction fees, but it is not entirely correct. Bitcoin transactions have multiple inputs and outputs which are measured in bytes. However, for the purpose of inclusion in the blocks, another criterion called weight units is used, as all bytes in a Bitcoin transaction do not have the same weight. The miner uses the criterion of “fee per weight unit” for inclusion in the mining block and maximizes his/her payoff. For example, if a miner must choose between a transaction which has 4 input UTXOs and 4 output addresses and the other transaction having 2 input UTXOs and 1 output address, and both transactions have the same transaction fee. Then the miners would pick up the second transaction over the first one as it is smaller and has more transaction fee per weight unit. This would enable the miner to fit more transactions into the block as the limit for Bitcoin transactions in a block is 4 million weight units[29]. The next problem in mining is to select the node which would add a valid block to the blockchain. One possible solution for it could be to randomly select a miner node and allow it to add a valid block to the blockchain. This solution will rely on the premise that most of the times an honest miner node will be selected and it would add a valid block to extend the blockchain. However, this solution has a potential problem of the network getting flooded by numerous malicious miner nodes largely as the marginal cost of adding another malicious miner node would not be much. Thus, there needs to be some barriers to entry for participation in the validation process of transactions, adding new blocks and gaining from the consequent rewards. Computational intensity of mining acts as such a barrier. Bitcoin solves this problem using proof-of-work mechanism. In the proof-of-work mechanism, each node involved in mining must perform intensive computation to find the solution to a mathematical problem to ‘mine’ a block and add it to the blockchain. Once the solution has been found, a node can broadcast the solved block to the entire Bitcoin network and claim the reward for validation. When a node involved in mining solves the mathematical puzzle and adds a block to the blockchain, it is said to have mined a block. mine mined To understand the mathematical puzzle that the miners solve to mine a Bitcoin block, it is pertinent to look the block hash of some of the actual Bitcoin blocks mined recently and added to the blockchain. One can go to any Blockchain Explorer[31] and find out the block hash of the last 10 recently mined blocks of Bitcoin Blockchain. They are shown in Table 2. A striking feature of the block hash values of these blocks are that the first 19 digits of the hexadecimal hash are 0s. This is not a coincidence, and is related to the mining puzzle which each miner tries to solve to ‘mine’ a block and receive the block reward. The Bitcoin block header is 80 bytes in size and consists of multiple fields as shown in Fig. 13 mine To add a block to the blockchain the miner must find a nonce, which is a number when entered in the block header and subsequently the SHA256 hash of the block header is calculated, the resulting hash value is less than the target hash. Or mathematically: 𝐻(𝑣𝑒𝑟𝑠𝑖𝑜𝑛||𝑃𝑟𝑒𝑣𝐵𝑙𝑜𝑐𝑘𝐻𝑎𝑠ℎ||𝑀𝑒𝑟𝑘𝑙𝑒𝑅𝑜𝑜𝑡𝐻𝑎𝑠ℎ||𝑡𝑖𝑚𝑒||𝑛𝐵𝑖𝑡𝑠||𝑛𝑜𝑛𝑐𝑒) < 𝑡𝑎𝑟𝑔𝑒𝑡 ℎ𝑎𝑠ℎ This is the reason why in Table 2 the hash values of blocks have their first 19 digits as zero. Finding such a nonce is an extremely challenging computational problem and this is the reason why massive hardware is deployed in various mining farms to try as many nonces as possible in the least possible time, so that the miner can find the right nonce and broadcast the ‘mined’ block to the rest of the network and get the miner’s fee as well as the block reward. Once a valid nonce is found, the other nodes can very easily verify that the hash value in the proposed block header is indeed lower than the hash value target. mined To ensure that the mining difficulty keeps pace with the rapidly evolving hashing capacity of the network, it is in-built in the Bitcoin Core software[33] to recalibrate the difficulty level of the problem after every 2016 Blocks (~ two weeks) such that a Bitcoin block is mined every 10 minutes on an average. This can be practically seen in the hash values of blocks mined at various points of time in the past. Table 3 shows the block hash values recorded after every 75000 mined blocks. The number of zeros in the hash is has been increasing, indicating lower and lower target hash values. This can also be seen with the graphs of difficulty and hash rates of the Bitcoin network given in Fig. 14. The Bitcoin mining difficulty and Bitcoin network’s hash rate follow a close trajectory. This is also a mechanism through which the Bitcoin protocol ensures that there are always enough participants in the Bitcoin network which validate the transactions and keep the blockchain secure. When the number of miners goes down, the hash rate of the Bitcoin network goes down and it takes longer to mine new Blocks at the existing difficulty level. Consequently, the mining difficulty is lowered and this attracts more miners till a new equilibrium is achieved. The sharp fall in the hash rate around mid2021 can be attributed to the crypto ban by China. Subsequently the difficulty of mining reduced and hash rate started having an upward trend with mining activity increasing in USA and Kazakhstan, consequently increasing Mining is a highly resource intensive activity and miners deploy significant computational capacity in the form of Application-Specific Integrated Circuits (ASICs) which are optimized for producing trillions of SHA256 hashes per second. This also results in consumption of massive amounts of electricity in operating the hardware as well as cooling it. It is estimated that if Bitcoin mining consumes more electricity than 167 countries[37]. The probability of a miner successfully mining a block is directly proportional to the percentage of the total hash rate of the Bitcoin network that the miner can produce. Thus, if a miner produces a hash rate which is 0.001% of the total hash rate of the Bitcoin network, the miner can expect to mine one in 100000 blocks. As we know that approximately 2016 blocks are mined in two weeks, this means that it would take around 100 weeks or two years on an average for a miner to successfully mine a block. Till then he/she would have to make the capital investment and incur the costs of depreciation of hardware, the Internet and electricity. 2.3.7.1 Mining Pools 2.3.7.1 Mining Pools As discussed above, the possibility of a standalone miner successfully mining a block is miniscule and it involves high degree of risk, as even after spending substantial amount on electricity and IT hardware, it is possible that a standalone miner might not successfully mine a block for several years. Thus, to hedge this risk, miners join mining pools. A mining pool is a group of crypto asset miners who pool their computational resources over a network to increase the probability of success in mining crypto assets, the rewards are divided amongst the participants of the pool rather than a winnertakes-all case in standalone mining. The mining pools are operated by a centralized entity which divides the task of computation between the pool members – the ‘worker’ miners. A comparison of the leading mining pools can be found at Bitcoin Wiki[38]. Joining a mining pool significantly reduces the risk and uncertainty associated with mining. The mining pools have pool managers which manage the pay outs of mining rewards to the members of the pool depending on the computation done by them. In Bitcoin mining, the mining pool puts its own Bitcoin address in the Coinbase transaction and shares a work template with the ‘worker’ miner who returns ‘shares’ to the mining pool. A share is not exactly a solved block, but one in which the block hash is only a few times higher than the target hash. For example, a mining pool taking share which are nearly 10 times of the target hash can be mathematically expressed as: This is a proof that the ‘worker’ miner has indeed put in a lot of computational effort as getting a hash which is close to the target hash is also computationally intensive. This results in a pay out from the mining pool depending on the pay-out policy. Some pools pay ‘worker’ miners for every share whereas some pools pay out only when the pool finds a block. When a ‘worker’ miner joins a mining pool even though he/she finds solves a block, he/she cannot take the entire block reward as the Coinbase transaction has the Bitcoin address of the mining pool. This is an important aspect from the perspective of taxation. The shares made to a mining pool in lieu of pay-outs by the mining pools can have direct and indirect tax consequences which have been discussed later. There are also multiple issues related to the identification of miners and determining their tax residency for the purpose of direct and indirect taxation. These issues will also be discussed subsequently. 2.3.7.2 Estimating the extent of Mining 2.3.7.2 Estimating the extent of Mining Mining is an important part of any blockchain which ensures trust and security in the blockchain. It produces economic value in the blockchain ecosystem and leads to generation of income which might be liable to tax. However, for mining Bitcoin or any other crypto asset mined using the proof-of-work mechanism, only hardware that can produce high hash rates, the Internet and electricity are required. Usually, a ‘worker’ miner joins a mining pool based on self-certification, the pool usually does not carry out any Know Your Customer verification or Anti-Money Laundering measures to link the pseudonymous ‘worker’ miner to a natural or juridical person. Tax administrations would also be interested to know the incidence of mining in their jurisdiction. As mining activity is mostly pseudonymous and only estimates and trends can be drawn from data either obtained from the mining pools or through open-source network analytics. (Sun et al., 2022) studies the spatial distribution of Bitcoin mining through bottom-up tracking and geospatial statistics. The Cambridge Centre for Alternative Finance has developed a mining map[39] which shows the geographical distribution of the total hash rate of Bitcoin over a period. This is based on the data obtained from various mining pools and extrapolating it to provide the monthly percentage share of the country in providing the global hash rate of the Bitcoin network. It provides a snapshot of the extent of mining in each country from September 2019 to January 2022. The methodology adopted for this estimation has some important assumptions like inability to specify the geolocation of miners using VPN or proxy services[40]. Which indicates that it can be very difficult to map various miners with certainty. Mining pool networks have specific characteristics which can be used to detect the miners who are members of the mining pool. Using public network analysis tools like Shodan it is possible to identify the IP addresses of some miners who use specific port numbers to connect to the pools. Shodan[41] is a search engine for devices connected across the Internet. It can help to find IP addresses and number of users using a specific port number in a country or region. By having a look at the number of ports and port numbers used by a particular IP it can be inferred if it is a miner or a general computer. For example, some popular pools use port number 3333 for Transmission Control Protocol (TCP) connection with the participant miners. The result of such a Shodan query for finding IP addresses who are using port 3333 is given in Fig. 16 Various IP addresses which have port 3333 open are displayed. The information about two such IP address from South Korea and Poland is shown in Fig. 17 and Fig. 18 respectively. This potential miner has only few ports open as compared to a general computer which might need to have various other open ports. This makes it highly probable that these computers/ASICs are involved in mining. Due to the imperfection of this method in finding an accurate number of miners, it may only enable users to see the trends in mining in a country, region, or city. 2.3.7.3 Bitcoin Mining and Game Theory 2.3.7.3 Bitcoin Mining and Game Theory The participants in the Bitcoin Blockchain are rational and they try to maximize payoffs for their actions in the Bitcoin ecosystem. As Bitcoin is based on a decentralized network, malicious nodes/actors cannot be prevented from joining the network. Bitcoin solves this problem effectively by using incentives and cryptographic checks which can detect and counter the actions of malicious actors. The behaviour of the participants in the Bitcoin ecosystem can be understood and predicted using game theory. The application of game theory to crypto asset mining is an active area of research. Various participants try to maximize their payoffs and adopt strategies accordingly. Mining can be considered a repeated zero-sum game between various rational miners who do not know each other’s strategy. Thus, to gain maximum out of the game, the miners tend to follow the strategy of honesty and submit only verified blocks to the blockchain. The miners have a disincentive in duping the system as the validity of the fraudulent transaction can be verified and the other honest nodes would discard the proposed block. As mining is a resource intensive activity, any such efforts would cost the miner dearly even if he/she has a substantial part of the total hash rate of the network. Some mining pools can adopt a strategy to infiltrate other mining pools and make their infiltrator workers send the shares to the pool but withhold the shares whenever they ‘solve’ a block. This can enable other pools to bleed profits out of their competitors. This strategy can harm the profits of rival pools but the workers cannot divert the profits to the original pool as the work templates shared by the victim pools would have their Bitcoin address in the Coinbase transaction. A detailed study on such pool attacks has been done by Li et al., (2020). As discussed earlier, the percentage of hash-power of miners/mining pools determines their probability of mining the next block. The hash-rate share of various mining pools in the Bitcoin network in the past one year is shown in Fig. 19[42] There can be a scenario in which a single pool has more than 51% of the hash-power of the network. This can enable the pool to delay the transactions of some Bitcoin addresses and carry out double spends. The delay in service can be caused if the pool excludes the transactions received from a set of Bitcoin addresses which it wants to exclude from the network. However, since all nodes would not have this discriminatory behaviour, the pool can at best delay the transactions of a subset of Bitcoin addresses. Double spending can be done by such a pool as it can simultaneously send two transactions in the network that spend the same Bitcoins. The first transaction would pay the provider of the good or service purchased with some UTXOs and the second transaction would use the same UTXOs for payment to an address controlled by the pool. As the pool controls more than 51% of hash-rate of the network it can get the second transaction included in the longest blockchain resulting in orphaning of the first transaction and loss to the supplier. This would significantly reduce the confidence in the Bitcoin network and adversely affect its price. As the pools also have an incentive to maintain or enhance the value of Bitcoin which they get as reward, it disincentivizes any pool to grow to such a large size that it affects Bitcoin and they cause losses to everyone including themselves. However, such an attack can be launched by an entity which does not have much stake in the Bitcoin ecosystem or which is facing a larger loss in value terms in real world. It is sometimes misunderstood that a mining pool with 51% of hash rate can steal Bitcoins out of the addresses of users. Due to the digital signature-based mechanism of transactions it is impossible for a mining pool to maliciously steal the Bitcoins out of any Bitcoin addresses. The pool can at best delay certain transactions or carry out double spends as described above. 2.3.8 Taxation of Mining Activity and Rewards 2.3.8 Taxation of Mining Activity and Rewards As discussed above, mining is an important source of value creation in the blockchain as it adds new transactions to the blockchain and provides trust and security. It creates an incentive for the miners due to which they participate in validating transactions and add blocks to the blockchain. The miner essentially provides a service to the Bitcoin owners by verifying the validity of transactions, arranging them in the form of a block and solving for the nonce to mine the block, in lieu of the Bitcoin block rewards and user fees. Mining activity can have direct and indirect tax consequences for miners as well as mining pool operators. The following sections first discuss the direct tax issues inmining related to the acquisition and ‘disposal’ of crypto assets obtained through mining. The subsequent section discusses the indirect tax issues related to mining. In the discussion to follow, mining mainly refers to mining using the proof-of-work mechanism. The proof-of-stake mechanism and its taxation is discussed subsequently. 2.3.8.1 Direct Taxes on Mining 2.3.8.1 Direct Taxes on Mining Mining provides economic value to the miners in lieu of the services provided by them to blockchain users as well as the blockchain protocol. The income of miners arises either from the protocol rewards for ‘mining’ a new block, the user fee paid by the users transacting on the blockchain or pay-outs from a mining pool for ‘shares’ by the ‘worker’ miners. As this constitutes income or accrual of assets/value, a tax liability may arise, depending on the tax jurisdiction of the miner, as different tax administrations tax mining activity differently. Moreover, the disposal/sale or any further transactions with the mined crypto assets are also taxable events in various jurisdictions. The tax treatment of the income or accrual of assets/value and disposal/sale or any further transactions of mined crypto assets depends on the nature and scale of the activity carried out by miners. The two potential taxable events in the mining process are: i) Acquisition of crypto assets as mining rewards ii) Disposal/transfer of crypto assets acquired as mining rewards 2.3.8.1.1 Taxation of crypto asset acquired as mining rewards 2.3.8.1.1 Taxation of crypto asset acquired as mining rewards A miner carries out mining activity using IT hardware that generates trillions/billions of hashes per second. As soon as a valid block is found by the miner, it is transmitted to other nodes in the Bitcoin network. If the ‘worker’ miner is a part of a mining pool, it sends ‘shares’ to the mining pool over the Internet and the pool, in turn, transmits the ‘mined’ block over the Bitcoin network. The rewards are received by the miner when it successfully mines a block or when the ‘worker’ miner in a mining pool cashes out his/her accrued rewards. The acquisition of crypto assets as mining rewards is subject to income tax in most jurisdictions. The miners are supposed to report the mining incomes separately as ‘miscellaneous income’ in many jurisdictions and the tax liability arises on the fair market value of the acquired crypto assets at the time of acquisition, with allowable deductions for the costs of mining. Many tax jurisdictions carve out an exception for ‘hobby miners’ who undertake mining activities out of interest or as a pastime on a small scale, with an intention to accumulate the mined crypto assets instead of trading them to earn a profit. In some jurisdictions, hobby miners are not liable to pay income tax on the acquired crypto assets at the time of acquisition of such assets. However, the expenses incurred by the hobby miners are treated as the basis of acquisition. On the other hand, many jurisdictions take the basis of acquisition of crypto assets of hobby miners as zero and allow no deductions for expenses. Besides this, in some jurisdictions like the US, crypto mining is considered as a self-employment activity and miners are subject to payment of employment taxes as well as social security contributions for their income from mining. However, as highlighted above, as it is difficult to find the tax jurisdictions of miners, the payment of taxes is largely subject to self-compliance by the individual miners. Since the mining of first block by Satoshi Nakamoto in 2009 till February 2024 mining rewards and user fee of approximately 60 billion USD has accrued to miners[44]. Similarly, the mining and transaction rewards accrued to Ethereum miners till 15th September 2022, when Ethereum switched to proof-of-stake based consensus mechanism are approximately 35 billion USD[45]. These are significant amounts for tax administrations as the direct and indirect taxes on it might run into billions of dollars after deducting the relevant expenses. Moreover, as the market capitalization of Bitcoin reaches an all-time high of ~1.3 trillion USD[46] and that of Ethereum nears 450 billion USD47, the amount of taxes due on these mined crypto assets might be in hundreds of billions of dollars. 2.3.8.1.2 Disposal/transfer of crypto assets acquired as mining rewards 2.3.8.1.2 Disposal/transfer of crypto assets acquired as mining rewards In most jurisdictions, the tax treatment of disposal of the crypto assets acquired as mining rewards depends upon the nature and scale of activity by the miners. The income/gain from the disposal of crypto assets acquired as mining rewards is classified as business income or capital gains. If the miners deploy large number of equipment to carry out mining on a commercial scale or frequently engage in trading of crypto assets acquired as mining rewards instead of holding and accumulating them, they are classified as commercial miners and the profits from such activities are taxed as business income/commercial profits, after deducting allowable expenses. In other cases, the disposal of crypto assets acquired as mining rewards is considered to give rise to capital gains which are taxed at the time of ‘disposal’ of the crypto assets. In some jurisdictions which do not have a capital gains tax, such disposals may not result in a capital gains tax liability. However, for calculating capital gains, issues related to determination of the basis, as discussed earlier, might arise, and may require clear guidance by the tax administrations. Also, unlike crypto assets acquired as mining rewards which can be clearly ascertained on the blockchain through the Coinbase transactions, the accrual of capital gains cannot be easily ascertained through blockchain analysis alone as many of the apparent ‘disposals’ of the crypto assets acquired as mining rewards might either be payouts by the mining pool to the ‘worker’ miners or transfers to other addresses controlled by the same taxable entity/person, resulting in no tax liability for the transaction. 2.3.8.2 Indirect Taxes on Mining 2.3.8.2 Indirect Taxes on Mining As described above, Bitcoin mining activity involves various actors like: i) Bitcoin users who broadcast transactions ii) Individual miners who combine the transactions in the mempool into a block and mine the blocks to include in the Bitcoin blockchain. iii) Mining pools which create blocks of transactions and divide the computation task between various ‘worker’ miners iv) ‘Worker’ miners which try to find the nonce for a block given by a mining pool and get paid based on ‘shares’ sent to the mining pool The Bitcoin network and the users provide economic incentive to the miners to perform mining and record their transactions on the blockchain. These activities are akin to providing a digital service to the users who transmit transactions and pay the transaction fee and the Bitcoin protocol which provides the block reward in lieu of this service. However, the high degree of uncertainty associated with mining rewards leads to many miners joining mining pools as ‘worker’ miners, this complicates the indirect tax treatment of the services provided. This gives rise to two category of service providers namely: A) Individual miners and mining pools which create blocks of transactions broadcasted by the users of Bitcoin network and add new blocks to the blockchain through mining. B) ‘Worker’ miners which get a pre formed block from a mining pool, which contains the payout address of the mining pool in the Coinbase transaction. They provide the mining pool with ‘shares’ and get rewarded for the same. There are also the mining pools which provide services of reducing the variance of payout rewards of ‘worker’ miners which join the mining pools instead of mining Bitcoin as individual miners. These service providers in the Bitcoin ecosystem are depicted in Fig. 20 The tax treatment of the services offered by these two categories of miners are based on various questions directly related to the service offered by the two categories of miners to Bitcoin users (which is rewarded in the form of transaction fee) and the Bitcoin protocol (which is rewarded in the form of new Bitcoins issued through the Coinbase transaction). Some of the important questions that are critical in determining the indirect tax treatment of mining activities are: i) Does there exist a direct nexus or a legal synallagmatic relationship between the user broadcasting a transaction and the miner adding the transaction on the blockchain? ii) Does the service offered by miners to the blockchain network, for which they are rewarded with the block reward, constitute a taxable service for a consideration? iii) Does the service provided by the ‘worker’ miners to the mining pool have a bearing on the nature of service provided and its tax treatment? iv) What is the place of supply of such services? These questions have a critical role in determining the levy of indirect taxes on mining activities. Multiple jurisdictions have different legal provisions for taxability and exemptions to services like Bitcoin mining, with most jurisdictions treating mining activity as exempt for indirect tax purposes. Two important issues related to the questions raised above are those of existence of a nexus/link/contract between the miner and the users transacting on the blockchain, which also determines the place of supply of the services, and if such nexus is established or deemed to exist, the issue of exemption of services of miners as financial services, which is contingent upon the treatment of Bitcoin and other crypto assets as a negotiable instrument or any other financial instrument which is exempt. However, the broad principles and considerations while determining the levy of GST/VAT on mining activities remain common and provide the answers to the questions above. As laws and jurisprudence in this area seem to be most developed in the EU the following discussion analyses these issues from the perspective of the EU Law, although the broad principles and considerations would apply to almost all jurisdictions. The primary consideration for levying an indirect tax on a miner is that he/she should be engaged in an ‘economic activity.’ The miner should be performing his/her activities for an income that is linked to its activity. The Article 9 of the EU Directive 2006/112/EC of 28 November 2006 on the common system of value-added tax defines a ‘taxable person’ and ‘economic activity’ as: ‘Taxable person’ shall mean any person who, independently, carries out in any place any economic activity, whatever the purpose or results of that activity. ‘Taxable person’ shall mean any person who, independently, carries out in any place any economic activity, whatever the purpose or results of that activity. Any activity of producers, traders or persons supplying services, including mining and agricultural activities and activities of the professions, shall be regarded as economic activity. The exploitation of tangible or intangible property for the purposes of obtaining income therefrom on a continuing basis shall in particular be regarded as an economic activity. Any activity of producers, traders or persons supplying services, including mining and agricultural activities and activities of the professions, shall be regarded as economic activity. The exploitation of tangible or intangible property for the purposes of obtaining income therefrom on a continuing basis shall in particular be regarded as an economic activity. As per the Council Implementing Regulation (EU) No 282/2011 “Electronically supplied services as referred to in Directive 2006/112/EC shall include services which are delivered over the Internet or an electronic network and the nature of which renders their supply essentially automated and involving minimal human intervention, and impossible to ensure in the absence of information technology” “Electronically supplied services as referred to in Directive 2006/112/EC shall include services which are delivered over the Internet or an electronic network and the nature of which renders their supply essentially automated and involving minimal human intervention, and impossible to ensure in the absence of information technology” Also, mining activities could also be seen as falling within the definition of an electronically supplied service as per section 3.1.5 of the Working paper No 854 of the EU VAT Committee which states: "When the platform is run in an automated manner with minimal human intervention and the provision of the service is impossible without information technology, then the access to such platform supplied for consideration should be seen as covered by the definition of electronically supplied service" "When the platform is run in an automated manner with minimal human intervention and the provision of the service is impossible without information technology, then the access to such platform supplied for consideration should be seen as covered by the definition of electronically supplied service" Also, in a recent case before the Dutch Court of The Hague the claimant performed mining activities and raised a question that does the incentive/remuneration received by her pertain to her mining activities and would the mining activity be seen as an ‘economic activity’? The court adjudicated that the transaction fee as well as the block reward were considerations for validating transactions on the Bitcoin Blockchain and that the fact that the petitioner does not always receive the transaction fee was irrelevant[48]. The court compared this to a home buyer reaching out to multiple realtors to buy a home but choosing only one of them to buy the house and pay commission. The other realtors would still be considered to be engaged in economic activity with only one being remunerated. Further the court argued that validating the transactions was important for blocks to be created and added to the blockchain and this made the validation, verification and mining of coins inseparably intertwined. However, the mining activity was exempted from VAT by the court by virtue of Article 135(d) of the EU VAT Directive. From a theoretical standpoint also, the presence of incentives to the miners is an existential factor for crypto assets like Bitcoin, as the fundamental problem in the Bitcoin Blockchain of making multiple nodes agree on transactions added to the blockchain, when it is known that some of the nodes can be faulty or malicious, is theoretically impossible to achieve without incentives. This is a widely studied problem known as the Byzantine Agreement problem in Computer Science, which is named after the Byzantine Generals’ Problem, in which generals of the Byzantine army must agree on a coordinated attack or retreat. There are no incentive mechanisms in this problem and it is proven that the problem cannot be solved if more than 1/3rd of the generals are traitors[49]. Also, another theoretical result related to distributed systems - the FLP (Fischer-Lynch-Paterson) impossibility theorem states that no deterministic protocol solves the byzantine agreement problem in the asynchronous model, with even a single faulty node (Fischer, Lynch, & Paterson, 1985). However, in the Bitcoin Blockchain we observe that with the presence of incentives in the form of block rewards and transaction fees for the miners, the Bitcoin distributed consensus protocol for the ledger has worked well for years. This makes incentives the cornerstone of Bitcoin as a network and a crypto asset. It leads to the alignment of the interest of the miners with the holders of Bitcoin transmitting transactions on the Bitcoin Blockchain to be included in the public ledger. This makes the activities performed by the miner in expectation of incentives an economic activity by design. As discussed earlier, the probability of an individual miner mining a Bitcoin block is directly proportional to the fraction of the hash rate of the miner to the total hash rate of all the miners combined. This results in high variance and uncertainty in rewards received by the solo miners who deploy resources for mining. To reduce the uncertainty in mining rewards, solo miners often join a mining pool. The ‘worker’ miners share hashes with the pool and based on different criteria like the number of hashes shared below a target range (not the same as the Bitcoin hash target range), or some other pay-out agreement, pay-outs are made by the mining pool. This provides the ‘worker’ miners frequent pay-outs depending on the number of ‘shares’ made with the mining pool. The mining pools charge a fee for this service (usually 1-3%)[50] and deduct the same from the pay-outs given to the ‘worker’ miners. The mining pool creates a block of transactions and distributes the mining computation between the various ‘worker’ miners which join the mining pool. The template shared by the mining pool with the ‘worker’ miners contains the transactions picked by the mining pool and the pay-out address in the Coinbase transaction is that of the mining pool. In case a valid nonce is found by a ‘worker’ miner which mines the current block, the entire block reward goes to the mining pool and the ‘worker’ miner cannot earn the full block reward, but is entitled to the reward as per the pay-out scheme agreed between the ‘worker’ miner and the mining pool. This makes the operation of the mining pool an ‘economic activity’ which provides a service of hedging the risks by significantly lowering the variance of reward payments for mining activity. The consideration received for this service (usually 1-3%) is in the form of crypto assets being mined, which is deducted from the pay-out due to the ‘worker’ miner. This is an important aspect from the perspective of indirect taxation as the ‘worker miners’ and the mining pools provide two services to each other in a symbiotic relationship. The mining pools help to reduce the uncertainty and variance of the mining rewards of the ‘worker miners,’ who in turn, provide computational power in the form of billions/trillions of hashes per second (shares) to the mining pool, which may or may not result in ‘mining’ a block by the mining pool and can never result in direct block rewards to the ‘worker’ miner. There are multiple case laws like C-2/95 SDC[51] and C-350/10 Nordea[52] which provide that for a service to be VAT exempt, the service must be an exempt service itself. The argument that it is an input service to an exempt service does not suffice for VAT exemption to a service. Considering the nature of these services, neither of these services may classify as a financial service which can exempt the service providers from VAT/GST. However, the service provided by the mining pool or individual miners to the blockchain and its users might be exempt from the perspective of VAT/GST as financial services, depending on the classification of the crypto assets involved as negotiable instrument or some other instrument which qualify the service as financial services in the domestic law of a jurisdiction. Now that we have a case where VAT/GST might be leviable on the services provided by the mining pool and the ‘worker’ miners to each other, it is important to determine the place of supply of such services as it may be zero rated in most jurisdictions, if the services are supplied to a non-resident. The taxability will also be affected by whether an individual or enterprise is providing and/or availing the services and whether such entities have obligations for VAT/GST registration. It may also lead to implications for providing input tax credit and refunds for suppliers of zero-rated mining related services. This problem is like the problem of taxation of cross-border services, using crypto assets-based payments. Brondolo, (2021) provides a detailed discussion on potential solutions to this issue. Under the vendor collection model, the mining pools, if they are non-resident suppliers of hedging services to the ‘worker’ miners, would be required to register for VAT/GST in the jurisdictions of the ‘worker’ miners and charge and collect VAT/GST and pay the collected amounts to the respective jurisdictions. For example, in India these hedging services would qualify as an Online Information Data Base Access and Retrieval (OIDAR) service and the mining pool is obligated to pay 18% GST on it, if the service is availed by an Indian ‘worker’ miner, especially if it is not registered under GST. In case of Business-toBusiness supplies the recipient may be obligated to collect VAT/GST on a reverse charge basis. Also, the services exported by the mining pool to the worker miner can be zero-rated and entitle the mining pool for a refund of the input tax credit in its country of registration, with the ‘worker’ miner paying taxes for import of services in its own jurisdiction. This might be a humongous compliance burden for mining pools which might be required to collect the tax residency and VAT/GST information from ‘worker’ miners. However, this may be simplified if the tax jurisdictions create crypto asset wallets for depositing the aggregated VAT/GST collections along with filing of returns by the mining pools to the respective jurisdictions. A similar arrangement may also be required for the computational services of ‘worker’ miners used by the mining pools in return of pay-out for ‘shares’ by them. Alternatively, the mining pool may also collect and pay VAT/GST net of the fee charged to ‘worker’ miners in its own jurisdiction on a reverse charge basis. In various tax jurisdictions the transaction fee by the users in lieu of the service of including the user’s transaction in the blockchain through ‘mining’ might also be taxable as a service[53]. In that case, in line with the destination principle of VAT/GST the blockchain user/mining pool (in a vendor collection model) might be liable to pay VAT/GST in the jurisdiction of the user, depending on turnover threshold and other requirements for VAT/GST collection as per the domestic laws of the user’s jurisdiction. However, the determination of tax jurisdiction of crypto asset users who transmit transactions on the blockchain without any information about the tax residency of the user, which has a bearing on the place of supply of the service, remains the biggest challenge for this. A more complicated issue will be the taxation of services provided by the mining pools or individual miners to the blockchain itself, for which they receive the fixed block reward programmed in the blockchain. The place of supply of such service cannot be determined and the payment for the service may amount to billions of dollars each year. If we consider the scenario depicted in Fig. 20, A mining pool registered in country D might be liable to pay VAT/GST on the services provided to the ‘worker’ miners of country A, B and C as per the domestic laws of countries A, B and C, and might be required to register for VAT/GST in countries A, B and C especially if the ‘worker’ miners are not registered under GST. The GST/VAT amounts would be paid by the mining pool to the countries A, B and C for providing hedging services to minimize the variance and uncertainty of block rewards in mining. Also, the individual ‘worker’ miners in the countries A, B and C would also have an indirect tax liability for providing computational services for Bitcoin mining to the mining pool registered in country D. Alternatively, as discussed earlier, the mining pool registered in country D may also collect and pay VAT/GST net of the fee charged to ‘worker’ miners in countries A, B and C, in its own jurisdiction country D on a reverse charge basis. The mining pool might also have a VAT/GST liability for providing transaction validation services to a user in country E, where the final consumption of the service of the ‘worker’ miners in countries A, B and C takes place, as the Bitcoin user in country E pays a transaction fee to the mining pool for mining his/her transaction. The individual miner in country F might also be liable to pay VAT/GST in country E on the transaction fee paid by the Bitcoin user if it validates the transaction of the Bitcoin user in country E and includes it in a block mined by it. Depending upon the turnover thresholds of various jurisdictions, the individual miner might not be liable to pay VAT/GST on the transaction fee. Some mining pools like Terra Pool[54] implement KYC and provide real-time AML measures. Other top mining pools also specify in their privacy policy that they collect information like username, email addresses, wallet addresses, IP addresses, unique device IDs, information related to amount of computing power provided to the pool, the rewards, and processed payouts. The privacy policy of many mining pools makes the users aware that their personal data can be used by the mining pool to comply with domestic and international legal obligations. This can be used by the mining pools to determine residency of ‘worker’ miners and enable tax administrations or other law enforcement agencies to seek information regarding their tax residents using the services of such pools for both direct and indirect tax purposes. However, the determination of place of supply for the ordinary Bitcoin or other crypto asset users will remain a challenge. 2.3.8.2.1 Indirect Taxes on Supply of crypto assets 2.3.8.2.1 Indirect Taxes on Supply of crypto assets In various jurisdictions there are specific provisions in the indirect tax law which exempt certain financial transactions, loans deposits etc. from VAT/GST. For example, in India the Notification No. 12/2017- Central Tax (Rate) exempts loans, deposits purchase of foreign currency etc. from GST. However, in many jurisdictions there are no such explicit exemptions for crypto assets. Thus, it is possible to interpret the indirect tax law to consider the crypto asset transactions as a taxable supply and levy GST on such supplies. However, many jurisdictions do not treat crypto asset transactions as taxable supply, but one such exception is Singapore where prior to 1st January 2020, the supply of virtual currencies (including cryptocurrencies such as Bitcoin) was treated as a taxable supply of services. 2.3.8.2.2 Indirect Taxes on use of crypto assets for payments for goods and services 2.3.8.2.2 Indirect Taxes on use of crypto assets for payments for goods and services In most jurisdictions, the ‘disposal’ of crypto assets in lieu of any goods or services attracts GST/VAT like fiat currency and the ‘disposal’ event might also attract income tax or capital gains liability based on the domestic provisions for taxation of crypto assets which are mainly based upon the nature and scale of engagement of the individual or entity in crypto assets transactions. Baer et al., (2023) highlight the profound risks that crypto assets might pose for collection of VAT/Sales Tax on final sales of goods and services. 2.3.8.2.3 Taxing the externalities of mining using the proof-of-work mechanism 2.3.8.2.3 Taxing the externalities of mining using the proof-of-work mechanism As highlighted in earlier sections, crypto asset mining using proof-of-work consensus mechanism is a resource intensive activity with a huge carbon footprint of both the electricity consumption and the specialized IT hardware that is used to find nonces to ‘mine’ a block of Bitcoin. This produces externalities which calls for imposition of taxes like the excise tax which discourage mining or make up for its associated costs on the environment. The Biden administration has proposed a 30% excise tax on electricity used for Bitcoin mining. It is called the Digital Asset Mining Energy (DAME) tax. Similarly other options like a graded tax on electricity consumption by miners as being used by other jurisdictions like Kazakhstan can be used. Moreover, measures to incentivise miners to switch from proof-of-work based mining to staking and forging, which is based on the proof-of-stake protocol (as discussed below) and has a much less carbon footprint, can be considered. Alternatively, if the excise taxes are found difficult to administer or impose, miners can be denied to claim deductions for electricity consumption and depreciation for IT hardware from their revenues to calculate taxable profits. 2.3.9 Proof-of-Stake and Forging 2.3.9 Proof-of-Stake and Forging Proof-of-work and proof-of-stake are two different consensus mechanisms in blockchain technology. A consensus mechanism is a method for maintaining the integrity of the blockchain in which nodes of the blockchain network develop a consensus about the blocks and length of a blockchain. The proofof-stake consensus mechanism requires much less computation and resources to add blocks to the blockchain than proof-of-work. In this method, nodes do not compete against each other to mine the block, and have to stake their own minimum amount of crypto asset to be a part of the consensus mechanism[55] Nguyen et al. (2019). These assets act as a collateral and are locked and cannot be moved before the locked period. If a node wants to stop being a forger, its staked crypto assets are released after a certain period, once it has been verified that it has not been involved in any malicious behaviour in adding blocks and verifying transactions. By staking crypto assets in a wallet the validator nodes make themselves available to propose new blocks and validate the blocks proposed by other forgers. The proof-of-stake mechanism is depicted in Fig 21. A node is selected by the blockchain to be the proposer of the next block using a pseudo-random process. The proposed block is then verified by other nodes and if it is verified by more than 2/3rd of the nodes, the block is added to the blockchain. The proposer node gets the reward in the form of transaction fee. The proof-of-stake method usually leads to generation of new crypto assets and the process of adding new blocks to the blockchain is called forging instead of mining. Crypto assets frequently begin by selling pre-mined coins or they begin with the proof-of-work consensus mechanism and then move to the proof-of-stake consensus mechanism (like in case of Ethereum). Various blockchains use different methods to choose the node for proposing the next block in proof-of-stake. The two most popular methods are randomized block selection and coin age selection. In randomized block selection, the node with the lowest hash value and the highest stake is chosen. As stake sizes are public, the next forger can typically be predicted by other nodes. The coin age selection method selects nodes depending on the length of time that their crypto assets have been staked, the age of a coin is determined by multiplying the number of days the coins have been staked by the number of coins staked. After a forging block a node's currency age is reset to zero and they must wait a specific amount of time before forging another block, this prevents large stake nodes from controlling the consensus mechanism. The proof-of-stake consensus also has a penalty mechanism which discourages forger misbehaviour which discourages malicious activity and promotes honest nodes. If a node fails to propose a block on its turn or proposes more than one block then a slashing penalty is imposed on the node by taking away a portion or entire staked crypto asset. The malicious node can even be banned for the current epoch or permanently. A part of the slashed funds is usually given to the node which reports the malicious behaviour and the rest are burnt[56]. On one hand this provides the blockchains with the best and most effective forgers, on the other hand the inability of a node to propose a block due to factors like server downtime, buggy algorithms and network attacks can penalize forgers heavily. Although the proof-of-stake consensus described above is broadly the same as one used by the Ethereum blockchain, however there are marked differences between the two. The proof-of-stake mechanism currently used by the Ethereum Blockchain is described in detail in the section on Ethereum. The taxable events in this consensus mechanisms with the Ethereum Blockchain as the example are also discussed in the subsequent sections. 2.3.10 The Bitcoin Network 2.3.10 The Bitcoin Network The Bitcoin nodes are connected to each other through a decentralized network where there is no central server. It is essentially a peer-to-peer network which relays and validates Bitcoin transactions and secures and maintains the Bitcoin Blockchain. Anyone is free to join the network if they have access to the Internet. The collection of such peer-to-peer nodes can be called as the Bitcoin network. All the nodes in the network perform basic functions like discovering peer nodes and maintaining a connection with them, as well as propagation and validation of transactions and blocks. The Bitcoin network consists of various types of nodes as listed below: a) Mining nodes: These nodes run full copy of the blockchain and produce valid blocks for being added to the blockchain. They get rewards in the form of newly created Bitcoins. b) Full Nodes: These nodes also maintain a full copy of the blockchain and can independently verify transactions. c) Super Nodes: These nodes have many connections with the full nodes and act as redistribution relays to ensure that every node in the network has the latest copy of the blockchain. d) Light/Simple Payment Verification (SPV) Nodes: These nodes do not maintain a full copy of the Bitcoin Blockchain and operate on small devices like smartphones or tablets. They verify transactions by querying their peers to retrieve the subsets of the blockchain they require to validate a transaction. The Bitcoin network scheme is shown in Fig. 22 When a node broadcasts a transaction to its peers, they further broadcast it and flood the network. Thus, the propagation of transactions in the network is not instantaneous and every node does not have the same view of the mempool. When a transaction is broadcasted over the network, as discussed earlier, there is no IP address related information associated with the transaction. Thus, it is not usually feasible to find out the IP address of the node that broadcasted a specific transaction. This makes it difficult to attach IP addresses to Bitcoin addresses by listening to transactions on the Bitcoin network. Juhász, Stéger, Kondor, & Vattay, (2018) have tried a Bayesian approach to identify Bitcoin users where they installed more than 100 Bitcoin clients and analysed the propagation of these messages in the Bitcoin network. They claim to have identified several thousand Bitcoin clients and bind their transactions to geographical locations. However, such an approach would provide an estimate which might not enable a tax administration to assign an IP address and subsequently an IP address owner/user to a Bitcoin transaction beyond reasonable doubt. As the Simple Payment Verification/Light nodes depend on other nodes for verification of transactions, they can be used to identify Bitcoin addresses in their wallet, and enable associating IP addresses to Bitcoin addresses. To prevent this, the SPV Nodes use bloom filters57. However, Gervais, Capkun, Karame, & Gruber, (2014) found that SPV clients with bloom filters also leak considerable information regarding Bitcoin addresses in their wallet and make associating IP addresses to Bitcoin addresses possible. Another feature of the Bitcoin network is that the participating nodes usually connect to each other using the port number 8333[58]. This can create a potential problem for the network in case of a widespread disruption in traffic on this port, which can seriously affect the mining and validation of blocks and consequently, the price of Bitcoin significantly. However, this issue has been addressed in Bitcoin Core 23.0[59]. 2.3.11 Forking 2.3.11 Forking Just like a fork in a road, forking in a blockchain refers to a situation where the blockchain diverges into two potential paths forward. This can arise due to a temporary lack of consensus in the network regarding the block(s) to be added to the main blockchain, resulting in a temporary fork. This can also be due to changes in the software run by various nodes which validate transactions and add blocks to the blockchain. If the blockchain software undergoes a major change, for example due to a major security threat or a necessary improvement, and the new blockchain is incompatible with the previous version, such a change is called a Hard Fork. If the software updates are backward compatible it results in a Soft Fork. Hard Fork Soft Fork As the Bitcoin Blockchain is decentralized with each node maintaining its own copy of the blockchain, it is possible that at some instance divergence might arise between the nodes about the blockchain. Temporary forks can emerge in cases like when two blocks are mined within a short interval by two different miners, and they reach various nodes almost simultaneously. This results in some nodes adding the first block and some nodes adding the second block to the blockchain, resulting in the nodes having two different perspectives of the blockchain at that moment. The blockchain eventually reconverges as more blocks are added to one of the forks. The blocks added to the other fork get orphaned and are discarded, the transactions in orphaned blocks remain unconfirmed. This is the main reason why it is recommended to wait for 6 confirmations of the transaction i.e., waiting for six subsequent blocks to be added to the blockchain after the transaction for confirming the validity of the transaction. This is graphically depicted in Fig. 23 2.3.11.1 Hard Fork 2.3.11.1 Hard Fork A hard fork occurs in a blockchain when a major change happens in the blockchain software/protocol and these are incompatible with the previous version of the blockchain. This is a way through which new features can be incorporated in the blockchain protocol or security loopholes in the software can be plugged. However, all nodes of the Bitcoin network might not accept the change and upgrade. As the changes introduced make the nodes that upgrade incompatible with the old protocol, a split occurs in the blockchain. The blocks created by the nodes running the old version of the protocol would be invalid for the upgraded nodes. As a result, two crypto assets are created and the owners of the crypto assets prior to the point of hard forking get equal number of crypto assets in the both the blockchains right after the hard forking. A prominent example of hard forking is the creation of Bitcoin Cash Blockchain from the Bitcoin Blockchain. To increase the number of transactions that can be included in a block in Bitcoin, it was proposed to segregate the signatures from the main transaction data to accommodate more transactions in the 1MB block size limit. To avoid the update, some Bitcoin developers and users decided to initiate a hard fork and created the Bitcoin Cash which has a block size of 8MB and does not segregate signatures. Hard forks are important events from tax perspective as it results in the ownership of crypto assets in both the forks of the blockchain after the fork has taken effect, for those who owned any Bitcoin amount right before the fork. For example, the hard fork in Bitcoin took effect from block number 478558 of Bitcoin blockchain. If we look at the address 3FGs7JfaoAZTT6Sda73XrJ6i5Gwsuw9GUC which received 8.0 BTC in a transaction included in the no. 478557[60] right before the hard fork happened and query the Blockchain Explorer61 at present, we find a result as shown in Fig 24. This shows that this Bitcoin address also became a Bitcoin Cash address and the owner of this address received 8.0 Bitcoin Cash by virtue of the hard fork. This is analogous to splitting of shares in equity market and is an important taxable event. 2.3.11.2 Soft Fork 2.3.11.2 Soft Fork Soft Forks are minor changes in the blockchain protocol/software that are backward compatible. Thus, a new blockchain is not created and the blocks created by nodes running the updated software are treated as valid by the nodes running the old version of the software. However, the blocks created by old nodes would be treated as invalid by the nodes running the upgraded software. If a significant number of nodes upgrade their software, this results in no disruption in the functioning of the blockchain. Soft forks usually do not have any tax implications unless they trigger a hard fork like in case of Bitcoin. 2.3.11.3 Taxation of forking events 2.3.11.3 Taxation of forking events A) Hard Forks: As explained earlier for those who own any crypto asset amount right before the fork, hard forks result in the ownership of crypto assets in both the forks of the blockchain after the fork has taken effect. This results in acquisition of crypto assets by the users of one blockchain on another blockchain without any consideration. The two taxable events that arise out of a hard fork are: i) Acquisition of crypto assets in the other blockchain ii) Disposal of the crypto assets acquired as result of the hard fork The tax treatment of acquisition of crypto assets in the other blockchain due to a hard fork differs across jurisdictions. While some jurisdictions like the US and Japan consider crypto assets received because of hard forks as taxable income, with the value of the newly acquired crypto assets taken as the fair market value of the crypto assets at the time of the hard fork. Other jurisdictions like the UK, Finland, Sweden etc. do not tax the crypto assets received because of hard forks at the time of their receipt, and their cost of acquisition is taken as zero. However, upon the disposal of the crypto assets received because of hard forks, a capital gain or income tax may be charged depending upon the local law (presence or absence of capital gains) with the tax liability depending upon the basis/cost of acquisition. In Australia, the Australian Tax Office has issued guidance for hard forks where individuals/entities running crypto asset businesses need to apply trading stock tax rules instead of Crypto Tax Rules in hard fork events. B) Soft Forks: As soft forks are minor software changes and do not result in a new blockchain, they are not taxable events and result in no tax liability. 2.3.12 Bitcoin Wallets 2.3.12 Bitcoin Wallets Bitcoin Wallets are software that store the address(es) of a Bitcoin user (Fig. 25). A wallet is a software that keeps a track of the crypto assets owned by various addresses in the wallet, generates and manages new addresses for new transactions (as it is recommended to generate new addresses for every Bitcoin transaction). The wallet software also provides a consolidated interface enabling the owner to find the aggregate sum of all UTXOs owned by him/her in the form of a Bitcoin balance. Recommendations of transaction fees are also provided by wallet software after analysing the network congestion and transaction fee trends. There are mainly two types of wallets used by Bitcoin and other crypto assets. Cold wallets are the wallets stored on a paper or some specialized hardware wallets that are not connected to any network or the Internet. A collection of Bitcoin addresses as shown in Fig. 7 is known as a paper wallet. There are multiple hardware wallets like the Trezor hardware wallet and the Ledger Nano hardware wallet. These USB drive like wallets do not communicate with any other device unless physically plugged while accessing the private keys. It is like the digital signature USB drives which need to be plugged-in to sign a document. Hot wallets are connected to the Internet and the blockchain network. They are often in the form of smartphone apps like the Trust wallet or computer applications and browser extensions like the Coinbase wallet and Jaxx Liberty wallet respectively. Since, hot wallets are connected to the Internet, they are usually recommended to be used only for small transactions. For privacy, the wallets create a new address for every Bitcoin transaction. Many wallets also use a mnemonic seed phrase along with a password and using this seed key they can generate many public and private key pairs and use a new key for every transaction. Such wallets are known as Hierarchical Deterministic wallets. One such wallet is shown in Fig. 26. The practice of generating a new Bitcoin address for every transaction also protects Bitcoin users from risk of quantum computer enabled attacks. As explained earlier, while broadcasting a signed transaction, a user Alice needs to send her public key along with the signature. Thus, even if a quantum computer enabled attacker Qua finds Alice’s private key using Shor’s algorithm, he can derive no benefit, as Alice’s address would have no UTXOs to be spent once the transaction is recorded on the blockchain. Such wallets make it difficult to track the transactions on the blockchain, as a wallet can have numerous Bitcoin addresses and it can be difficult to associate them to a single user by analysing transactions on the blockchain. Also, the Bitcoin balance shown by the wallet on the dashboard is an aggregate of all the UTXOs that can be spent by all the Bitcoin addresses in the wallet. Thus, there is nothing like One Bitcoin which resides in a wallet, a balance of 1.2 BTC on the wallet means that the Bitcoin Blockchain agrees that the Bitcoin addresses in the wallet have ownership of UTXOs which aggregate to 1.2 BTC. These wallet services generate and manage addresses using ECDSA, as described above and provide services like creating transactions with optimum number and amounts of UTXOs, signing them and broadcasting on the Bitcoin network. Most wallets do not charge any fees for it. However, if the wallet charges a fee, it might be subject to service tax/GST in various jurisdictions. In many jurisdictions the wallet services charging fee might not be exempted from VAT/GST as for a service to be VAT Exempt the service must itself be an exempt service, and the argument that it is an input service to an exempt service does not suffice for VAT exemption to a service (C-2/95 SDC[62] and C-350/10 Nordea[63]) It is also important to note that many such hot and cold wallets do not capture any identity information regarding the user or carry out any KYC compliance procedures. Anyone with access to the Internet and a smartphone or PC can create an account or buy a hardware wallet and start transacting in crypto assets. This kind of wallets where the keys are owned and directly controlled by the user of the wallet are known as non-custodial wallets. Author: (1) Arindam Misra. Author: Author: (1) Arindam Misra. This paper is available on arxiv under CC BY 4.0 DEED license. This paper is available on arxiv under CC BY 4.0 DEED license. available on arxiv available on arxiv If n+1 pigeons occupy n holes, then some hole must have at least 2 pigeons National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-4. If n+1 pigeons occupy n holes, then some hole must have at least 2 pigeons If n+1 pigeons occupy n holes, then some hole must have at least 2 pigeons National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-4. National Institute of Standards and Technology (NIST). Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-4. ((2^128) ÷ (600 × (10^18) ×365×86400)) https://steviecellis.medium.com/the-beautiful-hash-algorithm-f18d9d2b84fb Wang, X., & Yu, H. (2005, May). How to break MD5 and other hash functions. In Annual international conference on the theory and applications of cryptographic techniques (pp. 19-35). Springer, Berlin, Heidelberg. Daum, Magnus & Lucks, Stefan. (2005). Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss. In the 2030s, quantum computers will be able to crack the SHA-256 algorithm used by Bitcoin https://www.cisa.gov/uscert/ncas/tips/ST04-018 In computer science, a one-way function is a function which is easy to compute for every input, but given a computed output, it is very hard to invert. As discussed in 2.3.3 using Shor’s algorithm on quantum computers it would be possible to obtain the private key corresponding to a given public key efficiently. However, if the attacker has a hashed version of the public key and not the public key itself, he/she need to find the public keys first using Grover’s Algorithm https://download.wpsoftware.net/bitcoin-birthday.pdf Regular Expressions are patterns which are used for matching strings by computers https://en.bitcoin.it/wiki/BIP_0039 There is no concept of loans or any overdrafts in Bitcoin transactions https://www.blockchain.com/explorer/transactions/btc/e9412cfda50be55c0a1989fb0ac7a2514a2f47852804d 4d7cfdebb33f5e780f3 https://en.wikipedia.org/wiki/Blockchain https://finance.yahoo.com/news/cryptocurrencies-dag-based-framework-why-081019399.html In Computer Science, A merkle tree is a data structure which is used for verification of data in a large distributed dataset. It allows huge amount of data to be efficiently mapped in the form of a tree. If it is required to check if any changes have been made to the data in the merkle tree it can be done by checking if the data is consistent with the root hash instead of traversing the entire merkle tree. https://bitnodes.io/nodes/live-map/ This pool of transactions getting arranged into blocks and being mined, along with other parameters of Bitcoin network can be visualized at https://mempool.space/ and https://mempool.space/mining https://en.wikipedia.org/wiki/Knapsack_problem https://en.bitcoin.it/wiki/Weight_units Source: https://upload.wikimedia.org/wikipedia/commons/thumb/f/fd/Knapsack.svg/375pxKnapsack.svg.png A Blockchain Explorer is a website that enables anyone to search any information regarding a Transaction, Address or Block in the Blockchain. Different Crypto Assets have different Blockchain Explorer websites. Block Height is the number of blocks mined since the Genesis block of Bitcoin was mined in January 2009 https://github.com/bitcoin/bitcoin/blob/master/src/pow.cpp Source: https://developer.bitcoin.org/reference/block_chain.html#block-headers Source: https://mempool.space/graphs/mining/hashrate-difficulty#3y Source: https://ccaf.io/cbeci/mining_map https://www.aa.com.tr/en/economy/bitcoin-mining-consumes-as-much-energy-as-167-countries/3109915 https://en.bitcoin.it/wiki/Comparison_of_mining_pools https://ccaf.io/cbeci/mining_map https://ccaf.io/cbeci/mining_map/methodology https://www.shodan.io Source: https://mempool.space/graphs/mining/pools#1y https://mempool.space/graphs/mining/pools#1y https://explorer.btc.com/btc/blocks https://etherscan.io/chart/blockreward https://coinmarketcap.com/currencies/bitcoin/ https://coinmarketcap.com/currencies/ethereum/ https://www.lexology.com/library/detail.aspx?g=e4cfac02-9134-4629-85cb-cffaa9859dc0 https://en.wikipedia.org/wiki/Byzantine_fault https://fastercapital.com/topics/understanding-pool-rewards-and-payouts.html https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 The service provided by the mining pool to the users might not be exempt from the perspective of VAT/GST as financial service, depending on the classification of the Crypto Assets in the domestic law of a jurisdiction https://terrapool.io/ A detailed analysis of proof-of-stake consensus mechanism has been done by Nguyen et al. (2019) Nguyen, C. T., Hoang, D. T., Nguyen, D. N., Niyato, D., Nguyen, H. T., & Dutkiewicz, E. (2019). Proof-of-stake consensus mechanisms for future blockchain networks: fundamentals, applications and opportunities. IEEE Access, 7, 85727-85745. Crypto Assets are burnt by removing them from circulation permanently by sending them to a special address, called a burn address, that cannot send or receive any Crypto Assets, making them inaccessible and effectively destroying them. https://bitcoinops.org/en/topics/transaction-bloom-filtering/ https://bitcoin.org/en/full-node#network-configuration https://github.com/bitcoin/bitcoin/blob/e88a52e9a2fda971d34425bb80e42ad2d6623d68/doc/releasenotes/release-notes-23.0.md#p2p-and-network-changes https://www.blockchain.com/btc/tx/98ecc4189d3f33eee96afbff948219ba0ba2342c263241602b95437050c1130b https://www.blockchain.com/search?search=3FGs7JfaoAZTT6Sda73XrJ6i5Gwsuw9GUC https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 ((2^128) ÷ (600 × (10^18) ×365×86400)) ((2^128) ÷ (600 × (10^18) ×365×86400)) https://steviecellis.medium.com/the-beautiful-hash-algorithm-f18d9d2b84fb https://steviecellis.medium.com/the-beautiful-hash-algorithm-f18d9d2b84fb Wang, X., & Yu, H. (2005, May). How to break MD5 and other hash functions. In Annual international conference on the theory and applications of cryptographic techniques (pp. 19-35). Springer, Berlin, Heidelberg. Wang, X., & Yu, H. (2005, May). How to break MD5 and other hash functions. In Annual international conference on the theory and applications of cryptographic techniques (pp. 19-35). Springer, Berlin, Heidelberg. Daum, Magnus & Lucks, Stefan. (2005). Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss. Daum, Magnus & Lucks, Stefan. (2005). Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss. In the 2030s, quantum computers will be able to crack the SHA-256 algorithm used by Bitcoin In the 2030s, quantum computers will be able to crack the SHA-256 algorithm used by Bitcoin https://www.cisa.gov/uscert/ncas/tips/ST04-018 https://www.cisa.gov/uscert/ncas/tips/ST04-018 https://www.cisa.gov/uscert/ncas/tips/ST04-018 In computer science, a one-way function is a function which is easy to compute for every input, but given a computed output, it is very hard to invert. In computer science, a one-way function is a function which is easy to compute for every input, but given a computed output, it is very hard to invert. As discussed in 2.3.3 using Shor’s algorithm on quantum computers it would be possible to obtain the private key corresponding to a given public key efficiently. However, if the attacker has a hashed version of the public key and not the public key itself, he/she need to find the public keys first using Grover’s Algorithm As discussed in 2.3.3 using Shor’s algorithm on quantum computers it would be possible to obtain the private key corresponding to a given public key efficiently. However, if the attacker has a hashed version of the public key and not the public key itself, he/she need to find the public keys first using Grover’s Algorithm https://download.wpsoftware.net/bitcoin-birthday.pdf https://download.wpsoftware.net/bitcoin-birthday.pdf Regular Expressions are patterns which are used for matching strings by computers Regular Expressions are patterns which are used for matching strings by computers https://en.bitcoin.it/wiki/BIP_0039 https://en.bitcoin.it/wiki/BIP_0039 https://en.bitcoin.it/wiki/BIP_0039 There is no concept of loans or any overdrafts in Bitcoin transactions There is no concept of loans or any overdrafts in Bitcoin transactions https://www.blockchain.com/explorer/transactions/btc/e9412cfda50be55c0a1989fb0ac7a2514a2f47852804d 4d7cfdebb33f5e780f3 https://www.blockchain.com/explorer/transactions/btc/e9412cfda50be55c0a1989fb0ac7a2514a2f47852804d 4d7cfdebb33f5e780f3 https://en.wikipedia.org/wiki/Blockchain https://en.wikipedia.org/wiki/Blockchain https://en.wikipedia.org/wiki/Blockchain https://finance.yahoo.com/news/cryptocurrencies-dag-based-framework-why-081019399.html https://finance.yahoo.com/news/cryptocurrencies-dag-based-framework-why-081019399.html https://finance.yahoo.com/news/cryptocurrencies-dag-based-framework-why-081019399.html In Computer Science, A merkle tree is a data structure which is used for verification of data in a large distributed dataset. It allows huge amount of data to be efficiently mapped in the form of a tree. If it is required to check if any changes have been made to the data in the merkle tree it can be done by checking if the data is consistent with the root hash instead of traversing the entire merkle tree. In Computer Science, A merkle tree is a data structure which is used for verification of data in a large distributed dataset. It allows huge amount of data to be efficiently mapped in the form of a tree. If it is required to check if any changes have been made to the data in the merkle tree it can be done by checking if the data is consistent with the root hash instead of traversing the entire merkle tree. https://bitnodes.io/nodes/live-map/ https://bitnodes.io/nodes/live-map/ https://bitnodes.io/nodes/live-map/ This pool of transactions getting arranged into blocks and being mined, along with other parameters of Bitcoin network can be visualized at https://mempool.space/ and https://mempool.space/mining This pool of transactions getting arranged into blocks and being mined, along with other parameters of Bitcoin network can be visualized at https://mempool.space/ and https://mempool.space/mining https://mempool.space/ https://mempool.space/mining https://en.wikipedia.org/wiki/Knapsack_problem https://en.wikipedia.org/wiki/Knapsack_problem https://en.wikipedia.org/wiki/Knapsack_problem https://en.bitcoin.it/wiki/Weight_units https://en.bitcoin.it/wiki/Weight_units https://en.bitcoin.it/wiki/Weight_units Source: https://upload.wikimedia.org/wikipedia/commons/thumb/f/fd/Knapsack.svg/375pxKnapsack.svg.png Source: https://upload.wikimedia.org/wikipedia/commons/thumb/f/fd/Knapsack.svg/375pxKnapsack.svg.png https://upload.wikimedia.org/wikipedia/commons/thumb/f/fd/Knapsack.svg/375pxKnapsack.svg.png A Blockchain Explorer is a website that enables anyone to search any information regarding a Transaction, Address or Block in the Blockchain. Different Crypto Assets have different Blockchain Explorer websites. A Blockchain Explorer is a website that enables anyone to search any information regarding a Transaction, Address or Block in the Blockchain. Different Crypto Assets have different Blockchain Explorer websites. Block Height is the number of blocks mined since the Genesis block of Bitcoin was mined in January 2009 Block Height is the number of blocks mined since the Genesis block of Bitcoin was mined in January 2009 https://github.com/bitcoin/bitcoin/blob/master/src/pow.cpp https://github.com/bitcoin/bitcoin/blob/master/src/pow.cpp https://github.com/bitcoin/bitcoin/blob/master/src/pow.cpp Source: https://developer.bitcoin.org/reference/block_chain.html#block-headers Source: https://developer.bitcoin.org/reference/block_chain.html#block-headers Source: https://mempool.space/graphs/mining/hashrate-difficulty#3y Source: https://mempool.space/graphs/mining/hashrate-difficulty#3y https://mempool.space/graphs/mining/hashrate-difficulty#3y Source: https://ccaf.io/cbeci/mining_map Source: https://ccaf.io/cbeci/mining_map https://ccaf.io/cbeci/mining_map https://www.aa.com.tr/en/economy/bitcoin-mining-consumes-as-much-energy-as-167-countries/3109915 https://www.aa.com.tr/en/economy/bitcoin-mining-consumes-as-much-energy-as-167-countries/3109915 https://www.aa.com.tr/en/economy/bitcoin-mining-consumes-as-much-energy-as-167-countries/3109915 https://en.bitcoin.it/wiki/Comparison_of_mining_pools https://en.bitcoin.it/wiki/Comparison_of_mining_pools https://en.bitcoin.it/wiki/Comparison_of_mining_pools https://ccaf.io/cbeci/mining_map https://ccaf.io/cbeci/mining_map https://ccaf.io/cbeci/mining_map https://ccaf.io/cbeci/mining_map/methodology https://ccaf.io/cbeci/mining_map/methodology https://ccaf.io/cbeci/mining_map/methodology https://www.shodan.io https://www.shodan.io https://www.shodan.io Source: https://mempool.space/graphs/mining/pools#1y Source: https://mempool.space/graphs/mining/pools#1y https://mempool.space/graphs/mining/pools#1y https://mempool.space/graphs/mining/pools#1y https://mempool.space/graphs/mining/pools#1y https://explorer.btc.com/btc/blocks https://explorer.btc.com/btc/blocks https://explorer.btc.com/btc/blocks https://etherscan.io/chart/blockreward https://etherscan.io/chart/blockreward https://etherscan.io/chart/blockreward https://coinmarketcap.com/currencies/bitcoin/ https://coinmarketcap.com/currencies/bitcoin/ https://coinmarketcap.com/currencies/bitcoin/ https://coinmarketcap.com/currencies/ethereum/ https://coinmarketcap.com/currencies/ethereum/ https://coinmarketcap.com/currencies/ethereum/ https://www.lexology.com/library/detail.aspx?g=e4cfac02-9134-4629-85cb-cffaa9859dc0 https://www.lexology.com/library/detail.aspx?g=e4cfac02-9134-4629-85cb-cffaa9859dc0 https://en.wikipedia.org/wiki/Byzantine_fault https://en.wikipedia.org/wiki/Byzantine_fault https://en.wikipedia.org/wiki/Byzantine_fault https://fastercapital.com/topics/understanding-pool-rewards-and-payouts.html https://fastercapital.com/topics/understanding-pool-rewards-and-payouts.html https://fastercapital.com/topics/understanding-pool-rewards-and-payouts.html https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 The service provided by the mining pool to the users might not be exempt from the perspective of VAT/GST as financial service, depending on the classification of the Crypto Assets in the domestic law of a jurisdiction The service provided by the mining pool to the users might not be exempt from the perspective of VAT/GST as financial service, depending on the classification of the Crypto Assets in the domestic law of a jurisdiction https://terrapool.io/ https://terrapool.io/ https://terrapool.io/ A detailed analysis of proof-of-stake consensus mechanism has been done by Nguyen et al. (2019) Nguyen, C. T., Hoang, D. T., Nguyen, D. N., Niyato, D., Nguyen, H. T., & Dutkiewicz, E. (2019). Proof-of-stake consensus mechanisms for future blockchain networks: fundamentals, applications and opportunities. IEEE Access, 7, 85727-85745. A detailed analysis of proof-of-stake consensus mechanism has been done by Nguyen et al. (2019) Nguyen, C. T., Hoang, D. T., Nguyen, D. N., Niyato, D., Nguyen, H. T., & Dutkiewicz, E. (2019). Proof-of-stake consensus mechanisms for future blockchain networks: fundamentals, applications and opportunities. IEEE Access, 7, 85727-85745. Crypto Assets are burnt by removing them from circulation permanently by sending them to a special address, called a burn address, that cannot send or receive any Crypto Assets, making them inaccessible and effectively destroying them. Crypto Assets are burnt by removing them from circulation permanently by sending them to a special address, called a burn address, that cannot send or receive any Crypto Assets, making them inaccessible and effectively destroying them. https://bitcoinops.org/en/topics/transaction-bloom-filtering/ https://bitcoinops.org/en/topics/transaction-bloom-filtering/ https://bitcoinops.org/en/topics/transaction-bloom-filtering/ https://bitcoin.org/en/full-node#network-configuration https://bitcoin.org/en/full-node#network-configuration https://bitcoin.org/en/full-node#network-configuration https://github.com/bitcoin/bitcoin/blob/e88a52e9a2fda971d34425bb80e42ad2d6623d68/doc/releasenotes/release-notes-23.0.md#p2p-and-network-changes https://github.com/bitcoin/bitcoin/blob/e88a52e9a2fda971d34425bb80e42ad2d6623d68/doc/releasenotes/release-notes-23.0.md#p2p-and-network-changes https://github.com/bitcoin/bitcoin/blob/e88a52e9a2fda971d34425bb80e42ad2d6623d68/doc/releasenotes/release-notes-23.0.md#p2p-and-network-changes https://www.blockchain.com/btc/tx/98ecc4189d3f33eee96afbff948219ba0ba2342c263241602b95437050c1130b https://www.blockchain.com/btc/tx/98ecc4189d3f33eee96afbff948219ba0ba2342c263241602b95437050c1130b https://www.blockchain.com/btc/tx/98ecc4189d3f33eee96afbff948219ba0ba2342c263241602b95437050c1130b https://www.blockchain.com/search?search=3FGs7JfaoAZTT6Sda73XrJ6i5Gwsuw9GUC https://www.blockchain.com/search?search=3FGs7JfaoAZTT6Sda73XrJ6i5Gwsuw9GUC https://www.blockchain.com/search?search=3FGs7JfaoAZTT6Sda73XrJ6i5Gwsuw9GUC https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A61995CJ0002 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786 https://curia.europa.eu/juris/document/document.jsf;jsessionid=CD1328EA651A7F81A11CBDAB3C8E3AC9?text=&docid=108324&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=1203786