FBI quantum superhackmachine goooooo

No, the FBI did not hack Bitcoin. Plus what does the bill in El Salvador really mean?

In this post:

  • What the El Salvador bill really means

  • No, the FBI did not hack Bitcoin (reader submitted)

  • Would Bitcoin make economic crashes worse? (reader submitted)

  • Announcing group subscriptions to Something Interesting


What the El Salvador bill really means

On Tuesday evening El Salvador’s Legislative Assembly passed the bill making Bitcoin legal tender with a supermajority (62-22) and a standing ovation. The full text of the law (in both English and Spanish) is available here. President Bukele also clarified a number of things about the law on Twitter. Legal tender typically refers narrowly to the payment of debt and taxes, but the El Salvadoran bill actually goes further and requires ordinary merchants to accept Bitcoin as well.

To enable this the government is going to release (but not mandate) an official government Lightning Network wallet and establish a ~$150M trust fund to act as a market maker that will convert Bitcoin into USD for any merchant that is obligated to accept Bitcoin but doesn’t actually want to hold it. The ~$150M will be held by a government run development bank, but not the central bank and is not considered a treasury asset. In other words El Salvador isn’t so much making a bet on bitcoin (the asset) as it is making a bet on the Lightning Network (the payment technology).

$150M is a small amount of money in the grand scheme of things but the symbolic significance here is still really important. A string of emerging market politicians responded to the announcement by making their own laser-eyed Bitcoin endorsements: 🇸🇻 El Salvador’s President and President of Congress, a presidential advisor in 🇨🇴 Colombia and legislators from 🇵🇾 Paraguaya, 🇵🇦 Panama, 🇦🇷 Argentina, 🇲🇽 Mexico and 🇪🇨 Ecuador. Somewhat further abroad Lord Fusitu'a of the Kingdom of 🇹🇴 Tonga in Polynesia put on laser eyes as well. Talk is cheap, but the level and speed of support here is noteworthy.

A circular Bitcoin economy - even a small one - would be a huge milestone, pushing back on the idea that Bitcoin is only a plaything for the rich. The Lightning Network has drastically lower transaction fees and uses far less energy-per-transaction than the base layer, and El Salvador is home to a rich vein of renewable geothermal energy that could provide clean energy for Bitcoin mining.

At time of writing Bitcoin’s price is ~$36k/BTC, up ~12% over the last 24 hours. We may be about to enter the "suddenly" phase of "gradually, then suddenly."


No, the FBI did not hack Bitcoin

“I saw the news article about the FBI recovering the Colonial Pipeline ransom. Can you explain what happened? Does this mean the FBI can hack Bitcoin?” - several readers

Ransomware has been on the rise recently, increasing in both prevalence and prominence as larger and more serious targets come under attack. A particularly notable recent example was the attack on Colonial pipeline (the largest oil pipeline in the Eastern US) in the first week of May. Colonial was forced to shut down for six days and eventually did pay a ransom of 75 BTC (~$4.4M at the time).1 Earlier this week the FBI announced they were able to recover ~63.7 BTC from the hackers:

The FBI was vague about the methods that they used to seize the bitcoin but did say that it was repeatable. A lot of reporting has mistaken this to mean the FBI has somehow hacked Bitcoin itself. That is … exceedingly unlikely. If someone discovers a way to break SHA-256 (the encryption protecting Bitcoin wallets) there are way more interesting things to with it than seize 5/6ths of a ransom payment.

In reality what seems to have happened is a combination of ordinary detective work combined with carelessness on the part of the hackers. Most critically the hackers seem to have been using a simplified payment verification or SPV client (sometimes called a light node) rather than a full Bitcoin node. Rather than downloading and verifying the entire blockchain an SPV client asks for and validates only the subset of transaction history necessary to know the state of their own wallet.

That will save on resources because you can ignore a large part of the blockchain - but it also damages privacy. If you only ask about certain addresses, it becomes fairly obvious which addresses are related to you. So SPV clients make it very easy to know which addresses are related to each other and what IP addresses they correspond to. So it was relatively easy for the FBI to find the computer holding the bitcoin - in this case they traced it to a server in Northern California.2 Once they knew that there are a number of possibilities - they might have subpoenaed a cloud server company, they might have hacked the server directly, they might have asked for Microsoft’s help deploying a malicious update.

What they definitely did not do was hack Bitcoin.


Would Bitcoin make economic crashes worse?

"I'm curious about what happens in a world with hyperbitcoinization in a deflationary cycle. As I understand it, currently central bankers have some monetary levers available to stimulate the economy, but what happens in a totally bitcoin-dominated economy? Are deflationary cycles likely to be more harsh?" - CL

Actually even in an entirely Bitcoin economy governments would still have tools to enact monetary policy. When we think of new money being created we tend to visualize government printers and paper cash, but the overwhelming majority of money that exists in the economy is actually created by private banks making loans. A government that relies on a hard money like Bitcoin and gold can still manage the price of credit in an economy by changing regulations for fractional reserve banking. Higher reserve requirements means fewer loans which means less money created.

The big difference here is not so much a lack of monetary tools as a lack of compartmentalization when different country shares a currency. If one country increases the reserve requirements for their domestic Bitcoin banks, the price of Bitcoin will rise everywhere. If one country relaxes those requirements, the price of Bitcoin will fall everywhere. No single country would be able to unilaterally move the price of money, but a united world government could still conceivably do so. Absent a united world government the interest rate would end up being set by the market.

The other major way to stimulate a flagging economy is fiscal policy: i.e. government spending. In a fiat world taxation and spending are entirely different and not even necessarily connected concepts, but in a world where all transactions are done with a hard money like Bitcoin or gold taxation becomes a necessary precursor to any spending. Fiscal stimulus would still be totally possible but it might be more politically challenging since the costs would have to be acknowledged more directly.

So tools to interact with the economy would still exist, but would likely be diminished. Is that a good thing? Not if you ask a central banker - they tend to warn that economic crashes under a hard money standard would be more frequent and more severe. On the other hand asking a central banker if it is necessary to control the price of money is like asking a sheepdog if it’s necessary to bark at sheep. It’s what they do.

I personally am skeptical about the benefits of centrally planned interest rates. Creating new money is effectively a heavy tax on the poor, since more of their wealth is tied to cash and future cash wages. I don’t actually think the reason governments prefer monetary stimulus over fiscal stimulus is because it is especially efficient or effective. I just think government action of any kind is more politically palatable when poor people are forced to foot the bill.


DeFi may actually need to decentralize

A strange thing about the DeFi market is that no one is entirely sure which parts of it are illegal. Or maybe a better way to describe it is that everyone knows that a lot of it is illegal and no one knows exactly which parts they will be allowed to get away with. By tradition Silicon Valley has a habit of treating laws as more like suggestions than rules - consider Uber’s approach to taxi regulations or AirBNB’s approach to hotel codes. When you move so much faster than the regulatory bodies that govern you it is easy to get in the habit of ignoring government entirely.

In theory decentralized applications (dApps) built on top of DeFi should be decentralized (hence the name) but in practice that is often not the case. Many existing prominent DeFi projects have smart contracts that are controlled by the developers so they can roll out updates or emergency stops. Most DeFi applications have pledged to eventually decentralize - but almost none of them have gotten around to it. In practice dApps are generally just startups with an over-engineered tech stack. Decentralization is more of an aesthetic than a core value.

Anyway here is CFTC commissioner Dan Berkovitz:

"Not only do I think that unlicensed DeFi markets for derivative instruments are a bad idea, I also do not see how they are legal under the [Commodities Enforcement Act] … the CEA does not contain any exception from registration for digital currencies, blockchains, or “smart contracts." - Dan Berkovitz

Consider the example of Uniswap, one of the largest apps on DeFi and almost certainly one of the smart contracts Commissioner Berkowitz was thinking of. Uniswap is a decentralized exchange (DEX), kind of like Coinbase but with no rules. Anyone can list any ERC-20 token for sale and anyone can buy them. Uniswap does not enforce KYC/AML3 rules on traders on its platform and it does not have any restrictions on what kinds of tokens can be listed.

To be clear Uniswap could do these things, because Uniswap Labs (the company that invented Uniswap) controls a majority of the governance tokens and could add any rules they wanted to the system. The reason they haven’t enforced KYC/AML isn’t because they couldn’t but because wielding that kind of centralized power doesn’t fit with the decentralized aesthetic that DeFi is trying to cultivate. Uniswap (the protocol) is at least in theory decentralized - but Uniswap Labs (the startup) is very much not. Their headquarters is in Brooklyn.

So if the CFTC has concerns about Uniswap (and it sounds like they do) they don’t have to shut down the protocol. They can just go knock on some doors in Brooklyn and politely request that Uniswap Labs vote in favor of a new Uniswap version that will enable government oversight and control.

That leaves Uniswap Labs with a tough choice. The two benefits of Uniswap are (1) users can self-custody their assets and (2) permissionlessness. If Uniswap starts enforcing government regulation then value proposition (2) no longer applies. It is unclear if users will value (1) enough to be willing to pay the higher fees necessary for a DEX. The other option is to somehow divest themselves of control of the protocol - but even if it is possible to do in a convincing way it may not actually appease the powers that be. Removing the off switch from your illegal machine probably won’t stop the government from punishing you for turning it on.

None of this is unique to Uniswap. It applies to anyone attempting to build a system that resists central control. That’s why Satoshi worked so hard to stay anonymous. He knew eventually the government would come knocking. He didn’t want them to know his address.


Group subscriptions to Something Interesting

Teams of four or more can now sign up for a group membership to the paid tier of Something Interesting at a 20% discount! Tell your boss! Tell her boss! A happy team is a well informed team. Boundless synergy awaits!

Subcribe Your Team


Other things happening right now:

  • The original Doge photo is being auctioned off as a 1 of 1 NFT at very.auction. The current top bid is 20 ETH (~$51k at time of writing)

  • Coins are leaving exchanges again:

1

That might seem like an oddly small amount but ransomware is usually priced to sell. The average cost of recovering from a ransomware attack ~10x higher than the ransom itself.

2

Some reports misidentified this as a Coinbase server but that doesn’t seem to be the case.

3

Know your customer / anti-money laundering laws.