Demons in Digital Gold, Part 5
Working desperately to recover his hardware wallet, Bob finally remembered where he put his “wallet words.” Yup, in the bright green folder. Yup, the folder that he shredded after completing last year’s taxes.
If you have not already done so, please read the introduction to this series.
re·me·di·a·tion \ ri-ˌmē-dē-ˈā-shən \ noun_the process of improving or correcting a situation_
— Cambridge English Dictionary
We’ve discussed the contemporary cryptography that protects cryptocurrencies. It is UNBREAKABLE. Should you end up on the wrong side of all that cryptography, there isn’t person on the planet who can help you.
The difference between stupidity and genius is that genius has its limits.
— Einstein
You are going to do something stupid with cryptocurrencies, the probabilities guarantee it. Effort can minimize the likelihood. Effort can minimize the impact. Sooner or later, though, you WILL do something stupid.
The topic on the table is what happens AFTER you do something stupid. Specifically, can you fix it?
When it comes to crossing the street, our intuition is (hopefully) close to the actual probabilities. “That very loud McLaren may not stop at the red light,” observes your subconscious, in the process of saving your ass. (Make it a whisper quiet Tesla and all bets are off. Better look left, right, and left again.)
When it comes to contemporary technology, however, our intuition underestimates the actual probabilities. The complexities involved are a major contributor. There isn’t a human on the planet that COMPLETELY understands a basic smartphone: analog hardware, digital hardware, firmware, operating system, and apps. Complexity leads back to our oft-referenced Rumsfeldian categorizations:
- known knowns — things we know we know
- known unknowns — things we know that we do not know
- unknown unknowns — things we don’t know that we don’t know
Crossing the street — like most of real physical world life — is dominated by the first two. Contemporary technology is dominated by the last two: those “unknowns” are spanners thrown into the works of our intuition, causing us to underestimate our likelihood of doing something stupid. So yes, ALL OF US are going to do something stupid with cryptocurrencies.
The simple joy of the Recycle Bin …
How many times have you deleted a file by accident? You might recognize the goof immediately or it might take days, and in either case your Recycle Bin/Trash will almost certainly have the file available for recovery.
Mistake. Recognition. Fix. That is remediation. The Recycle Bin works so well that you probably don’t appreciate it. (Overwrite a file by accident and remediation is more nuanced, but that is an analogy for another day.)
… and the tremendous relief of limited credit/debit card liability
If you have not been the victim of credit card fraud, count yourself lucky. Annually, more than 10% of American have their credit card information compromised (over 5% for debit cards). It is a gut-wrenching experience.
Gut-wrenching psychologically but NOT financially, as your liability is capped. Zero dollars, if you report the issue before any fraudulent charges are made (loss or theft of card, for example). Fifty dollars, if you make the report within 48 hours, and most issuers knock the $50 liability down to zero.
So you can do something STUPENDOUSLY stupid — leave your credit card behind at a restaurant — and FTC mandated remediation will save you. Hardly the simple click-and-drag joy of the Recycle Bin, nevertheless fairly remarkable that you are so fully protected from your OWN mistake.
… and the safety net underneath institutional failure
It is unlikely that you’ve experienced a bank failure, but it actually happens. And when it does, the FDIC all but parachutes in a team to execute the customer remediation playbook. (Those who doubt our government can do anything quickly — much less correctly — read up on FDIC actions.) All you need to do is [a] double-check that your bank is really FDIC insured, and [b] keep your balances within the FDIC limits.
Thought experiment: you can chase yield (on certificates of deposit and whatnot) and open an account with an Internet-only bank you know virtually nothing about. In other words, risk seeking behavior. Perform [a] and [b] above, and you’re good to go, safe as houses.
Brokerage accounts are protected from institutional failure by the SIPC. Yup, be sure do double-check that your brokerage is really an SIPC member, be aware of what securities are covered (there are a few exceptions), and keep your balances within the SIPC limits.
We probably would not have E*Trade without SIPC protection. Back in the day, E*Trade and the other “Internet brokerages” seemed to good to be true. The SIPC made them safe choices for masses of regular people, and the knock-on effects dramatically reduced the costs of investing (in equities, options, bonds, etcetera) for everyone.
Why spill ink on a “Beginners Guide to the Safety of Your Money” when you already know all this? Because we take these protections — FTC, FDIC, SIPC — for granted. Losing your credit card is a PITA, sure, though the remediation WORKS.
When bad things happen to cryptocurrency exchanges
All things equal, I would start with “bad things” at the individual level and work up to “bad things” at the institutional level. We’ve got a clean segue setup for the latter, however, to say nothing of the fact that we’ve already beaten the institutional horse silly with earlier posts in this series.
From Bitcoin you’re HODLing may be a derivative
A derivative is a contract between parties that must TRUST each other to fulfill their obligations. When a party cannot meet their contractual obligations, bad things can happen.
[If you hold coins on an exchange] You literally own a bitcoin derivative: an entry in their internal database, representing a tiny fraction of the underlying asset that is the exchange’s reserve of Bitcoin held in its wallet.
You are placing A LOT of trust in your exchange. If something happens to your exchange — through hacking, malfeasance, or plain bad luck — you will be in a world of pain.
From Do exchanges pose a systemic risk?
I’m no attorney, and I don’t even play one on Twitter. So PLEASE don’t take me literally when I say that if your exchange is hacked, one way or another you are screwed.
What might precipitate a purely financial failure? Hypothetically speaking, a leading possibility is fractional reserves. An exchange might have less than the full cryptocurrency reserves described in the previous post.
As long as prices rise, a fractional reserve would very likely go undetected. Should prices drop dramatically and customers move away from one or more cryptocurrency en masse, trouble would snowball.
Cryptocurrency exchanges are isolated PONDS of liquidity, with the links between exchanges so tenuous as to be ineffective. Therefore, the time-tested adage that “liquidity is a coward” is greatly amplified compared to the mature and well-linked equity markets.
The true exits — withdrawal to fiat and transfer across blockchains — are MIGHTY narrow during “normal” operating conditions. Under stressed operating conditions, the true exits may flat-out shut.
From Store of value / Vulnerabilities in store
Now imagine hackers do eventually discover a protocol vulnerability in one of the major cryptocurrency blockchains. An unknown unknown, present today, lying latent.
I am NOT suggesting that such a vulnerability exists with ANY probability. What I am suggesting is that the possibility CANNOT be ruled out. EVER.
— Such a possibility is inherent in every technology. — The probabilities are higher in newer, innovative technology solutions. — This is at odds with security over a considerable time for a store of value.
Summary: shit can and does happen to cryptocurrency exchanges. Today’s topic: what happens to your holdings?
Well, umm, how shall I put this: it depends. And unfortunately that is NOT an “it depends” on deterministic factors. Cryptocurrency exchanges are at best lightly regulated, and there are NO protections equivalent to those of the FTC/FDIC/SIPC discussed above.
Your best-case scenario MIGHT be total institutional failure and “proper” bankruptcy proceedings administered in the exchange’s domicile. That certainly doesn’t SOUND like anything resembling a “best case scenario,” given that you would be an unsecured creditor facing years of proceedings and an unknown outcome. On the positive side, it is a tunnel and there is a light at the end of it.
In the case of a PARTIAL institutional failure, you could easily find yourself at the mercy of the very people in change of the FUBAR exchange. Your ability to transfer fiat and cryptocurrency would most certainly be frozen. You might face a haircut on ALL of your holdings — cash included — regardless of the nature of the failure. Anything goes. THAT is why bankruptcy might provide a better outcome.
Bottom line: should you find yourself on the wrong exchange at the wrong time, remediation is almost entirely unknown and out of your hands.
When bad things happen to good wallets
In the previous post, I shared a story about what can go wrong with your own private wallet …
No better way to demonstrate risks than to make then real, using a story that happened to me — oops! — I mean happened to a colleague of mine.
Hey, Multibit HD is taking it’s own sweet time opening,” I thought, and from there the situation descended quickly to hell.
… with a happy ending. Stressful? Sure as hell. Remediation? Total success. Key takeaway? “Be Your Own Bank” carries a LOT of responsibility.
If you closely examine all of the possible failure modes of maintaining your own private wallet, heck, you might decide to roll the dice and keep your holding on an exchange. Either way, you face risks … at least on an exchange you don’t face the sheer embarrassment of YOUR MISTAKE being the direct cause of a terrible outcome. [I’m kidding. Mostly.]
Lest there be any doubt, I am squarely in the “Be Your Own Bank” camp. It is a primary value proposition of all cryptocurrencies. You can literally take direct ownership of wealth, without intermediaries. It’s a stunning concept. And you need to take the phrase literally: “Be Your Own Bank” means that you are everything from bank teller to branch manager to support desk.
You can carry around 10 BTC in a wallet app on your smartphone. You can store 100 ETH in a wallet app on your Mac. You can secure an entire portfolio of cryptocurrencies on a hardware wallet tiny enough to hide anywhere. The critical word is YOU — 100% of the responsibility is on your shoulders.
If you are the type of person that forgets a password from time to time, you need to consider the ramifications should that happen to The Bank of You. Your 12–24 wallet words will get you out of jail free and clear, assuming you are NOT the type of person that skipped actually writing them down.
Most readers will shrug off this line of thinking, because most of you are quite technically savvy. Show of hands: how many readers are EMPLOYED in tech? Yeah, I thought so. The real topic of this blog post, you see, is how the dearth of remediation in handling cryptocurrencies affects NORMAL PEOPLE.
Normal people expect remediation, full stop
If someone else makes a mistake, normal people expect it to be fixed posthaste. And when normal people make their own mistakes, well, they are not super-big on taking personal responsibility. In either case, it is pretty much pick up the phone and dial 1–800–FIX–MESS.
Temporary suspension of disbelief: imagine a world in which cryptocurrency exchanges have awesome support desks with Live Chat and telephone queues of three minutes. Ha ha ha ha ha ha ha! Come on, please, work with me here. [I recognize this scenario is flat-out hysterical.]
Normal Person calls the support desk with a simple issue: “I was in bill pay, and I accidentally sent 5 BTC to my gardener instead of my brokerage firm. Please fix that.” Yeah, it isn’t the end of the world, though Normal Person will not be happy with the do-it-yourself guidance from support: “Create a bitcoin address. TXT that to your gardener and have her send the 5 BTC back to you. Wait for confirmation. Then send the 5 BTC to your investment advisor.”
Normal people expect remediation to be done for them.
“Hello, I forgot the password to my hardware wallet. How do I reset it? What do you mean by ‘wallet words?’ Of course I read the directions! Yes, I have the sheet around here somewhere. Two of the boxes are blank, but 10 of the 12 wallet words will be proof enough, right?”
The mind reels.
The dearth of remediation is inherent in handling cryptocurrencies. The entire structure is built atop public key cryptography (PKC), and there are no shortcuts in PKC. Or as a prominent cryptographer once explained, “It’s math. And nobody gets to f — k with math.”
Super-crazy coincidence. Out of this universe coincidence. You’ll-never- believe-I-didn’t-make-this-up coincidence. As I was typing the silly hardware wallet monologue a few paragraphs above, this Tweet appeared:
I am NOT casting shade on Jimmy or Ledger
Jimmy Song is one smart dude in all things blockchain and cryptocurrency related. And Ledger makes the best hardware wallet. You don’t need to understand Jimmy’s technical difficulties. All you need to know is that Jimmy is HAVING technical difficulties.
I am certain that Jimmy stored his 12–24 wallet words (a.k.a. “mnemonic seed”). Point being, he cannot directly access the contents of his hardware wallet and he does not want to go through the remediation process of recovering the contents via the wallet word route. [I just replied to Jimmy’s Tweet with the photo and caption atop this post, and hashtag #CouldBeWorse.]
Hasty as it will appear, I am going to end this post on that note. There is simply no way my writer’s imagination can top the reality of Jimmy’s awkward situation.
Handling cryptocurrency can put the MOST EXPERT 0.001% in remediation-challenged positions. Normal people expect remediation. Full stop.
Next in the series …
Follow me @Pressed250 on Twitter
Copyright © 2018 Bruce Kleinman. All Rights Reserved.