Do exchanges pose a systemic risk?

Demons in Digital Gold, Part 2

goes without saying that YOUR exchange would never go down

If you have not already done so, please read the introduction to this series.

Systemic risk is the possibility that an event at the company level could trigger severe instability or collapse an entire industry.

— Investopedia

Systemic risk can be defined as “financial system instability, potentially catastrophic, caused or exacerbated by idiosyncratic events or conditions in financial intermediaries”. [The] failure of a single entity or cluster of entities can cause a cascading failure, which could potentially bring down the entire market.

— Wikipedia

Let’s start with some good news! This post covers more than the dour question “Do exchanges pose a systemic risk?” We first need to discuss a sampling of the risks faced by exchanges in general.

Let’s have a BRIEF chat about your account on a cryptocurrency exchange, as these have become prime targets for ne’er do wells. Fat takes and traceless getaways are an attractive combination to hackers. Read the first half of my post Keeping your cryptocurrencies for suggestions. And be extra alert for phishing emails, as a cornucopia of those are making the rounds.

Risk of exchange hacking

Every system on the Internet has vulnerabilities. And the realities of cyber-security can make one pretty uncomfortable …

Attack is easier than defense. It’s not just the complexity of modern computer and internet systems — fundamentally, it’s easier to break into one of these systems than it is to prevent others from doing so.

— Bruce Schneier, world-renowned security expert

The uncomfortable truth is that successful attack requires a SINGLE exploitable vulnerability, while perfect defense requires ZERO exploitable vulnerabilities. The uncomfortable economics, therefore, is that defense is inherently more costly than attack.

One hopes that exchanges are deploying for top-notch cyber-security. Just as it would seem TOTALLY OBVIOUS that exchanges have all the requisite compute infrastructure. Uhh, hmm, then why did most exchanges grind to near halt during heavy trading days in the last quarter of 2017?

those 1,584 “likes” were probably better described by “dislike” or stronger verbiage

that time your “out of business” message emulated a DEC VT100 terminal

Now to be fair, the one (underbuilt infrastructure) does not imply the other (weak cyber-security). But it makes you wonder, no?

Major cryptocurrency hacks make headlines with UNCOMFORTABLE frequency (note that only the most recent of these was an exchange):

19 Dec 2017: Bitcoin Exchange Youbit to Declare Bankruptcy After Hack

6 Dec 2017: Cryptocurrency Mining Market NiceHash Hacked

21 Nov 2017: Tether Claims $30 Million in US Dollar Token Stolen

What is the impact of exchange hacking? As unregulated entities, there isn’t one answer to that question. There is no FDIC to step in with a binder of time-tested processes to implement. In a sense, it is up to the exchange and (somwwhat) the court system with jurisdiction.

Let’s look at the aftermath of the recent Youbit hack cited above. There are three possibilities on the table, and it shouldn’t come as a surprise that none of the three are very nice for their customers.

1. Bankruptcy. Well at least that IS a process, but that is where the good news begins and ends. From Youbit: “All assets of the company will be frozen as it is, and the court will appoint a bankruptcy trustee to handle the actual bankruptcy proceedings. We expect those proceedings to take two to three years.” Holy crap, that’s like 200–300 cryptocurrency years!
2. Restructuring. Also a process, though the customers may not like the idea of management staying put and running the show. Youbit again: “The withdrawal of your assets will be suspended for more than one year as the rehabilitation process proceeds.” As with bankruptcy proceedings, a haircut is in the cards, AND the customers are but one class of creditor.
3. Acquisition. Said to be the most popular option amongst the customers. Probably because “acquisition” is the only one of the three words that has ANY positive ring to it. Customers ought to beware of what you wish for, as ‘splained by Youbit: “The plan will be made so that the members’ principal will be compensated as much as possible, but it will be treated as a dividend payment plan for a certain period. It is expected that the withdrawal and transaction service will be reopened soon after the acquisition is confirmed.”

I’m no attorney, and I don’t even play one on Twitter. So PLEASE don’t take me literally when I say that if your exchange is hacked, one way or another you are screwed. That screwing can take forms you’ve heretofore not imagined. To wit:

• In the August 2016 Bitfinex hack, the take was 120K Bitcoin then valued at $72M. Let’s imagine a Bitfinex customer we’ll call Lucky.
• Lucky owned a bunch of Ether, but zero Bitcoin. “Close call,” says Lucky, “good thing I don’t hold any Bitcoin.” Not so fast.
• Take it away, Bitfinex: “After much thought, analysis, and consultation, we have arrived at the conclusion that losses must be generalized across all accounts and assets. This is the closest approximation to what would happen in a liquidation context. Upon logging into the platform, customers will see that they have experienced a generalized loss percentage of 36.067%.”
• “Well f — k me!” rants Lucky, “at least my cash balance is safe.” Umm …
• That 36.067% haircut also applied to CASH held at the time.

Now there was SOMETHING of a silver lining, which made SOME KIND of sense, in a through-the-looking glass way. Bitfinex issued “IOUs” to customers in the form of — wait for it — a new token called BFX. This became increasingly curious, as Bitfinex seemingly gave customers a choice:

• Exchange BFX tokens for shares in parent company iFinex, via a special purpose vehicle (SPV) and/or a Monaco-based trust, or
• Wait for Bitfinex to redeem the BFX tokens at an unspecified future date.

That doesn’t sound at all dodgy, right? The Bitfinex “get well story” has enough plot twists for a post of its own later in this series. Let’s mark this juncture with the acronym “USDT”: US Dollar Tethers, a token supposedly pegged to the US dollar and supposedly backed 1:1 by actual US dollar reserves. As a mnemonic device, picture USDT as the tip of an iceberg.

Risk of exchange technical failure

Touched on briefly above, EVERY exchange experiences technical failure during high-activity periods. These failures manifest themselves in many troubling forms for customers: login, trading, fiat transfers to/from the exchange, and cryptocurrency transfers to/from the exchange. If and when a customer manages to login, desired tasks are either unavailable or excruciatingly slow to execute.

None of the above makes for satisfied customers, but this state of affairs persists at all major cryptocurrency exchanges. Occurring during high-activity periods, these technical failures create a feedback loop: the emotions and motivations causing higher activity feed on themselves. While missing out on increasing prices is frustrating for customers, it does not hold a candle to the PANIC of not being able to act when prices are dropping.

December 16–22 saw a drop of 30–50% in the major cryptocurrencies. Legions of customers reported 6 to 12 hour outages, with a complete inability to reach their exchange website. Customers reported lost orders, and perhaps worse, DELAYED market orders executed at MUCH lower prices than when placed. The technical failures added panic to an already stressed landscape.

Risk of exchange liquidity

Imagine you have an equity brokerage account with Charles Schwab, and you place a sell order. Charles Schwab is REQUIRED to search out the best bid available across the market. Matches are NOT made within a Charles Schwab book, rather, matches are made across a compound market-wide book. Effectively, there is an equity market pool of liquidity.

As noted in the previous post, cryptocurrency exchanges DO NOT work in the same manner as Charles Schwab, et al.

Your sell order is matched against buy orders in the exchange’s dark pool. The match — your sell order and one or more buy orders — is settled entirely within the exchange.

There is no cryptocurrency pool of liquidity. There are only isolated PONDS of liquidity at each exchange. Effective arbitrage MIGHT smooth these isolated ponds into a pseudo-pool of liquidity, but effective arbitrage isn’t possible given the long latency and narrow pipes between exchanges. What are those long latency, narrow pipes? The blockchains underpinning each crypto-currency, ironically.

“Is this a problem?” you ponder. You betcha’, it is a hell of a problem. During the aforementioned December 16–22 action, MAJOR cryptocurrencies trading on MAJOR exchanges differed in price by as much as 20% for HOURS at a time. “That’s nuts!” you say. “Why such pronounced price differences?” Panic had a lot to do with the precipitous overall drops in prices, and users on various exchanges experience various levels of panic.

One imagines the pain and suffering experienced by users wanting to sell on the more panicked (lower prices) exchange, and the users wanting to buy on the less panicked (higher prices) exchanges. Perhaps most unsettling from a cryptocurrency market perspective was the BROKEN price discovery.

Risk of exchange financial failure

To date, the best known exchange financial failures were the direct result of major hacks: Mt. Gox (2014)and Youbit (2017). Acknowledging that cryptocurrencies are completely unregulated, and at best lightly regulated, there is a real possibility of financial failure due to malfeasance or incompetence.

What might precipitate a purely financial failure? Hypothetically speaking, a leading possibility is fractional reserves. An exchange might have less than the full cryptocurrency reserves described in the previous post.

In theory, every exchange keeps a full reserve of each cryptocurrency they own. In other words, your exchange holds an amount of Bitcoin in its wallet equal to the grand total of all bitcoin holdings of all users as recorded in their own internal database.

As long as prices rise, a fractional reserve would very likely go undetected. Should prices drop dramatically and customers move away from one or more cryptocurrency en masse, trouble would snowball. Some of the fractional reserves would become highly leveraged, and the exchange would have an increasingly difficult time squaring the assets on their balance sheet. In turn, that would increase the likelihood that the exchange could not meet fiat currency withdrawals and outbound crypto-currency transfers.

Adding margin — available to customers at many of the major exchanges — into the mix increases the volatility at each step in the above paragraph.

At last! What about systemic risk?

Point of emphasis: we are discussing systemic risk in the context of the cryptocurrency market. We are NOT talking about Great-Financial-Crisis style systemic risk, impacting the worldwide financial system.

Let’s cut to the chase. YES, exchanges pose systemic risk to the cryptocurrency markets. We’ll tackle each of the risks explored above.

Exchange hacking A significant hack at a major exchange could easily start dominoes to fall. With history as a guide, every exchange hack forces an account freeze of indeterminate duration. That alone is cause for widespread concern. News of the Youbit hack caused a dramatic initial reaction: the price of Bitcoin, for example, dropped over $1000 in ones of hours across all of the major exchanges.

Youbit was categorically TINY compared to Bitfinex, Bitstamp, Bittrex, Coinbase, Kraken, and Poloniex (to pick half a dozen in alphabetical order).

Exchange technical failureWhile less panic-inducing than a sizeable hack, technical failures are far, FAR more commonplace. An outage at a major exchange DOES stress customers, and more often than not, technical outages accompany high traffic caused by dropping prices. Stress + dropping prices is a formula for accelerating a drop in prices across ALL exchanges.

This is as good a point as any to highlight a key takeaways of behavioral economics: LOSS AVERSION is much stronger than profit motivation. This is such an important yet overlooked point, I strongly encourage everyone to learn more by reading the exceptional “Thinking Fast & Slow” by Daniel Kahneman.

a picture to help you remember to read Kahneman’s book

In short: losing $100 is stronger motivation than gaining $100. Panic drops in prices are sharper and more precipitous than the parabolic gains seen in cryptocurrencies.

Loss aversion is important in the context of systemic risk, as a relatively “innocuous” event along the lines of an exchange outage could be the grain of sand that starts an avalanche.

Exchange financial failureCertainly the most obvious source of potential systemic risk is the financial failure of a major exchange. Such an event would be a ginormous boulder compared to previous paragraph’s grain of sand. This is the fairest analogy to the role of Lehman Brothers’ failure in the Great Financial Crisis.

I am not forecasting an exchange financial failure, so please no “FUD!” cries. Given that many of the major exchanges are completely unregulated, you should factor this possibility into your thinking.

Broken price discovery

Reasonably accurate price discovery is a necessity for a functioning market. Participants need to be able to trust the prices they are seeing, in order to make informed decisions. Wildly different prices on different exchanges for a major cryptocurrency make ALL prices on ALL exchanges suspect. When prices become suspect in the eyes of participants, bad things happen.

Some people continue to believe in the efficient market hypothesis, and they jump to the conclusion that people on OTHER exchanges must know something meaningful. People thinking along these lines place a disproportionate weight on the exchange with the WACKIEST prices. In this manner, the price emerging from the dark pool of an exchange, oh, I dunno, experiencing massive technical failure, carries misplaced importance for customers on other exchanges.

Perhaps the least bad amongst the bad things is people wait for price discovery to return to normal. In this context, that means narrowing the price differences across different exchanges. “Well that doesn’t sound at all bad!” some would say, “It’s a kind of circuit breaker.” Indeed, some people who should know better said EXACTLY that during December’s drama. Having crowds of market participants waiting is a BAD THING, because those are people NOT in the market. And that means less liquidity …

NEVER forget about liquidity

“Get out when you can, not when you have to.”

— Jesse Livermore

Exchanges are the on-ramps and off-ramps between fiat currencies and cryptocurrencies. And let’s be honest: exchanges are in their early days. Rather than further belabor their technical difficulties, if you have not experienced the phenomenon first hand, do your own homework online. You’ll find countless well-documented stories, and that’s just December 2017 [ed: rim shot].

We’ve established that cryptocurrency exchanges are isolated PONDS of liquidity, with the links between exchanges so tenuous as to be ineffective. Therefore, the time-tested adage that “liquidity is a coward” is greatly amplified compared to the mature and well-linked equity markets.

Two closing thoughts melding liquidity and systemic risk:

1. When the going gets tough, isolated ponds of liquidity translate into LESS liquidity. Higher bid-ask spreads. More imbalanced order books. Greater gaps between trades. Faster price moves. And potentially, no bids.
2. The true exits — withdrawal to fiat and transfer across blockchains — are MIGHTY narrow during “normal” operating conditions. Under stressed operating conditions, the true exits may flat-out shut.

And before signing off, remember …

I’m here to lay out facts that you may have overlooked. You’re here to reach your own conclusions.

Afterword: “Good thing I keep everything on a private wallet!”

This is tangentially related to the topic of systemic risk scenarios above, and I would be remiss not to address it explicitly. Holding your cryptocurrencies on a private wallet is a GREAT idea, with a variety of options as presented in Where can I keep my Bitcoin?

In the obvious sense, maintaining your own private wallet helps you avoid the “dangers in the woods” as outlined above. Assuming you are of the mind to ride out the storm, you are in a superb position to do so. In the near-doomsday scenario of exchanges going bust, you wait for a strong surviving exchange to emerge.

In a perhaps less obvious sense, maintaining your own private wallet puts you in “your own set of woods” with a unique and serious challenge. Should you be of the mind to take some cryptocurrency off the table, for example, you face the ugly hurdle of transferring from your private wallet, across the appropriate blockchain, to an exchange. During a NASTY traffic jam.

Bitcoin (specifically BTC) illustrates the ugliness of the hurdle best. The blockchain maxes out at 5 transactions per second. (Full SegWit adoption will triple that to 15 TPS.) Transaction backlogs occur under normal operating conditions most weekdays, manifested by a growing queue of transactions (called the mempool) waiting to be mined into blocks.

Miners are free to select any transactions from the mempool to include a new block, and being a properly greedy bunch, they most always select those transactions with the highest fees. In periods of high transaction activity, motivated people pay higher fees to literally “jump to the front of the queue.” Transaction fees often increase 10-fold in a span of hours.

This presents at least two specific challenges to said motivated people:

1. Determining an appropriate transaction fee. Some wallet apps “suggest” such a fee, but their algorithms yield wildly varying results under dynamic traffic conditions. I have witnessed wallet apps suggest a high priority fee 5-times greater than necessary for the transaction to be mined into the next block or two. Some people use available Pareto charts to peek inside the mempool, part science and part art.
2. Getting jumped in the queue. Submitting a transaction with a “jump to the front of the queue” fee is NOT the end of the challenge. In the time it takes for the next block to be mined — 10 minutes on average, potentially much longer due to the nature of probabilities — other motivated people see the “new and higher” fees just submitted and are entirely free to use “newer and even higher” fees. That may strand an already submitted transaction for an indeterminate period of hours … or days.

3. Sticker shock. Transaction fees are specified in satoshi/byte. The larger the transaction, the larger the actual fee. The actual size of a transaction is mostly determined by the number of UTXO inputs, and join the club if that sounds foreign. Good news: wallets hide all of the details and display the sum of all UTXOs held. Bad news: in assembling a new transaction, wallets may select MANY smallish UTXOs to “empty out the spare change.” Few wallet apps give the user control over selection of UTXOs. Users may subconsciously become accustom to 250 byte transactions at 100 satoshi/byte and unknowingly submit a 1000 byte transaction at 1000 satoshi/byte. The former works out to 0.25 mBTC and the latter 10 mBTC.At the time of writing, the former is a fee of $4 and the latter $150.

Next in the series …

Store of value / Vulnerabilities in store

Follow me @Pressed250 on Twitter

Copyright © 2018 Bruce Kleinman. All Rights Reserved.