The Breakdown - The Breakdown Weekly Recap | Feb 22 2020
Episode Date: February 22, 2020The full week's episode run in one long-run, long-chill, long-sleep episode: Monday | Off Tuesday | Is It Exploitation Season for DeFi? Wednesday | Chainlink's Sergey Nazarov on What DeFi Can Le...arn From Early Exchange Hacks Thursday | Why We Should Stop Thinking of ‘Crypto’ as a Single Industry Friday | Diagnosing the Dip: Why Today's Leading Exchanges Are Powerful, but Not Inevitable
Transcript
Discussion (0)
Welcome back to the breakdown.
An everyday analysis breaking down the most important stories in Bitcoin, crypto, and beyond,
with your host, NLW.
The breakdown is distributed by CoinDesk.
Welcome back to The Breakdown.
It is Saturday, February 22nd, and today we are, as every Saturday,
doing a quick recap of the week before posting all five episodes of The Breakdown,
or in this case, four, we took Monday off, but all three.
four episodes in one long, easy-to-consume thread. So the story of this week, I think, was a couple
things. First, it was all about defy attacks and really the surface area of defy that gives rise to
new types of attacks. So we saw attacks on BZX that started last weekend and went into this
week that brought up a huge number of new questions. So on Monday and Tuesday, actually, we
explored both of those things. On Tuesday, we had Chain Links founder Sergei Nazaroff to actually
talk about them. But I think it's been really interesting to watch the emergence of adversarial
thinking in the defy community, as in people are now looking at every single protocol, every single
platform and saying, how could people attack this in new ways? What can we do to get ahead of it? Which,
as we've seen from Bitcoin can be a very good way to think. The second story of this week
has to be the radical dip that happened on Wednesday where we had gotten very comfortable at this
$10,000 price level. It had gone down. It had gone back up and so on and so forth. And then in five
minutes, the price of Bitcoin cratered something like 5%. And it's not exactly clear what it was.
It might have been Binance and Coinbase going down at the same time. It might have been something else.
But either way, I think it gave rise to a lot of conversations about the power of exchanges in the context
of the crypto industry. So lots and lots happening this week. We also saw more from the central bank
digital currency front as Sweden pilots a new E-Krona. So a lot to dig into. I hope that you enjoy this
set of episodes and I hope moreover that you are having a great weekend wherever you are. The breakdown
will be back on Monday as usual. So until then, stay humble, stack sats, and I will catch you
on Monday. Peace y'all.
Welcome back to The Breakdown, an everyday analysis breaking down the most important stories in Bitcoin, crypto, and beyond, with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown. It is Tuesday, February 18th, and today we are going to talk about Defy, and in particular, this set of attacks or exploitations or whatever you want to call them that have been defined.
the conversation in not just defy, but crypto as a whole for the last two or three days.
I think that in many ways, defy has come to be the perhaps second greatest focus across this industry
after perhaps Bitcoin and just the role of Bitcoin in the world at large.
Defy has surged in attention. It has obviously come to define the Ethereum community.
And with recent milestones like a billion dollars being locked in defy, it is starting to get
notice from people who are outside the crypto community and who are in the mainstream financial
world. And that's why these attacks, these exploitations, which really in some ways represent
the first sustained affront to the defy system that isn't just theoretical, but is clear and in
practice, are so important, right? This is, I think, a pivotal moment in the history and evolution
of the defy space, and which should have ramifications for how the space evolves.
First, we're going to talk about what actually happened, and then second, we're going to look at the way that different parts of the community are responding to it.
All right, so there are two attacks we're going to be talking about today.
And actually, before we dive into them, let's talk about the nomenclature that we're using for a second, because in various reporting and tweets and whatever, these attacks have been called variously hacks.
They've been called exploits.
They've been called smart people seeing an arbitrage opportunity.
and that's what makes this interesting, because both of these actions weren't traditional hacks that exploit some security vulnerability,
but instead they were well-designed, complex sets of transactions designed to trigger a specific response in one piece of a defy daisy chain, effectively,
that had major ramifications for everything else within the system.
So they are exploits.
They are taking advantage of some issue within the defy system.
However, they're not hacks.
For the sake of not having to second guess this all the time, I'm going to use the term
attack.
I think it's fair, given that it had a specific malicious intent to extract money out of the
system in a way that was not what the system was designed to do.
And certainly members of the defy community are not going to be cheering on.
So attack is what it is for us, but I do think it's important to keep track of what these
actually are and make sure that we're not just using terms like hack when that's really not
what it is.
So both of these attacks happened to the Project B-Z-X.
The first attack happened on Friday right as Eath Denver was getting kicked off
and would ultimately net the attacker something like $360,000 worth of ETH.
Okay, so here's how that first attack worked.
First, the attacker took out a flash loan, which, by the way, don't worry, is a term
that we will be talking about much more in just a minute.
But anyways, they took out a flash loan for 10,000 ETH worth about $3 million from
the platform, DYDX, the trading platform. They sent half of that to compound and half to BZX.
The compound half were used to borrow 112 wrapped BTC, WBTC. With the other half, they shorted
112 WBTC. Now going back to the compound half that borrowed, they sent this to Uniswap to lower the
price, which then allowed them to profit from the short and ultimately pay back that 10,000-Eth loan.
But the crazy thing about this, and this is where the exploit comes in, is that all of this
happened in a single transaction, and that is a predication of the structure of flash loans.
So you may at this point be wondering, well, what the hell is a flash loan and why is this thing
even available?
Trust nodes summarized it this way.
They said, basically, you can borrow an asset without putting down any collateral, so for free,
but only if you pay it back in the same transaction.
You basically code a smart contract that tells the...
Ethereum network, you're going to send the borrowed ETH to one exchange to buy at a lower price and
sell at a higher price on another exchange. And since the exchanges are open source and the network
knows everything, they figure out whether what you say is true or not and so you can flash
borrow. The flash loan thing sounds incredible because it is an actual loan without requiring credit,
but a loan for a few seconds with the lender certain they'll be paid back because of the contract
conditions as the transaction just doesn't happen reverts if the loan is not paid back.
Now, flash loans came about as a way to help the market for defy over-collateralized loans function better.
So going over to CoinDesk, this is how they describe flash loans.
They say, the vast majority of defy lending facilities rely on over-collateralized loans.
Borrowers can usually only borrow around 75% of the value of their collateral.
Although that incentivizes users to pay back loans, it also requires lenders to have very high liquidity,
sometimes in a diverse range of assets in order to quickly liquidate loans.
Flash loans are instruments that allow traders to liquidate the loans on the lender's behalf.
It works by having the trader take out a loan from the lender, this time not posting any collateral,
then paying back the borrower's debt and collecting the deposit.
Using the deposit, they can pay back the original loan and pocket the remaining funds.
Again, the idea here is that this all happens instantaneously and with completely open source elements
so that the smart contract system can actually see what the price is on the other exchanges
that are being used in this arbitrage opportunity so that no one is going to be taken to the
cleaner.
That's the idea.
The problem lies in and where these exploits came from is that Defi has so many different
elements of the stack that are required to make it work, that if you can attack one aspect
of it, such as the price oracles, you can have a much bigger impact on the whole system.
And that's exactly what we saw with this first attack, where the attacker was able to take
advantage of the single price oracle driving the system to basically manipulate the price
of wrapped Bitcoin in such a way that it was going to be favorable for them.
Now, for a relatively small attack, right?
The attacker only got away with $360,000 worth of ether in this first attack.
There was a much more pronounced reaction.
And I think that that's because Defi is so at the heart of what the Ethereum
community is trying to do right now, which means those outside of it who are not fans of Ethereum
use any attack like this or any just failure like this as a way to suggest that the entire project
has failed or is doomed to fail, and those in it get fiercely defensive. So that's kind of what we
saw over this weekend is people really talking pretty existentially one way or another about
this attack. And in particular, the thing that kept coming up that I saw over and over again was
the idea of just how decentralized is defyyy. I thought actually Maya Zahavi summed it up really well.
She said, the attack surfaced some known and underplayed risks. One, a flash loan means that there is no
real cost of financing an attack. Two, it showed how centralized oracle manipulation is.
And three, it showed that we still need circuit breakers built into protocols, which is just
another version of centralization. Again, this is where the conversation was over the course of the
weekend. However, then it happened again. The CoinDesk headline today reads,
D-Fi Project BZX exploited for second time in a week, loses 630K in ether. So this attack happened
late Monday night, early Tuesday morning, depending on what you were, and it was based on a similar
premise, although it was a little bit different in its execution. Larry from the block summed it up,
and I thought he did a really good job with this. So one, take out a flash loan of 7,500 ETH.
2. Trade 3,517 ETH on synthetics for $940,000 worth of S-U-S-D, Synthetics USD, at price close to $1.
3. Use 900-Eath to market buy Synthetics-U-S-D on Khyber and Uniswap to push the price to more than $2.
5. B.B.Z.X. By using the S-U-S-D as collateral.
much more than he was supposed to because price of SUSD appeared higher.
Six used the borrowed eth and the remaining ETH balance to repay the flash loan and net 2,379
ETH in profit.
So if the exploit previously was the price of RAPT-C, in this case it was the price of synthetic
USD, which basically allowed the attacker to pump the price of synthetic USD from one to more than
$1.2. So basically, the exploit here was being able to market by this synthetic U.S.D, this synthetic
version of a U.S. dollar over and over and over again. Someone else, another analyst estimated
that it was 20 rounds of purchasing, basically, to drive up that price so that when the
oracles looked to see how much the collateral was worth, it was worth much more than it should
have been because of that exploit on the price. Now, the net of all this is that the attacker walked away
with something like $630,000 in ether,
but you can see how much more complicated this is
than just calling it a hack or something, right?
This is just taking advantage in some ways
of the low liquidity of a lot of these synthetic assets
to be able to drive up the price
in a way that these automated systems
based on price oracles can't accommodate.
That's what I wanted to get into from here
is what the actual reaction has been
and where it leaves defy.
Picking up from where we just were, when CoinDesk's tweet said bad actors have made off with $630,000 worth of ether,
Cryptobabi wrote, are these really bad actors or just smart people taking advantage of bad system design?
Me thinks the latter.
Now, the conversation in the thread was all over the place.
One response said, there's an ethical hacker approach to these problems, they chose the unethical.
I'm sure they're smart.
Someone responds to that person, though, and says this wasn't a hack, though.
It's arbitrage taking advantage of thin liquidity of the defy space.
Now, this point was also brought up in a thread by Amin Sur who wrote,
The recent attacks on BZX have little to do with BZX or Flash loans.
The culprit here are the decentralized exchanges which have poor liquidity and are prone to manipulation.
Given exchange depth, the amounts available for Flash loans and use of Dex price oracles,
these results are inevitable.
Using price oracles that bring in outside information can help.
But the real fix is to use Dexes that actually have depth.
And that's not likely to happen anytime soon, even after ETH 2.0,
because the underlying consensus protocols limits Dex's speeds.
That said, BZX and other DeFi building blocks need to test their exposure to manipulable
dexes more thoroughly before opening up again.
Now, this question of pausing operations was another one that was a big part of the conversation.
So Taylor Monaghan wrote,
Stop giving teams, products, and platforms the benefit of the doubt.
BZX is repeatedly f***ed up, repeatedly, at least six times.
How the hell were they able to lose another 650K?
I give zero f***s about writing bad code. All code has bugs. What comes next is what matters.
Fool me once, shame on you. Fool me twice. Shame on me. Fool me six times and lull. No, it's cool.
Defy hype. So her point here is that this has been a consistent theme and problem with this
particular company and that she believes that this company should not be trusted and that if anyone
had any doubt of that, the fact that they basically were subject to the same exact type of attack
just a couple days after, without really trying to address the attack surface of the first attack
should be more than enough evidence for anyone else.
I think this is a salient point because even if one is excited about a space,
you don't want incompetent companies ruining it for everyone else.
And I don't know as much as Taylor does about BZX.
I haven't been watching them until this weekend.
However, if what she says is true and there is a consistent pattern here,
that's not who you want as your standard bearer in the same way that Bitcoin exchanges don't want to
all be defined by Mount Gox or someone else, right? You want the best who are serious about this sort of
challenge and the reality that this is a whole new arena of challenges that are going to be
faced by Defi to be the ones who are out there learning and reacting and responding. That's just the
case. And I think that gets me to my major thought about this, which is that we have had this
interesting conversation in the defy space and the Ethereum space more broadly over the last few
weeks, months, whatever, about how ready for primetime defy is, and in particular whether Ethereum and
defy need more marketing. The thing that's interesting to me about defy right now is that it is a community
of enfranchised early adopters who understand in some ways, at least at least of their own money,
the risks of being involved. These aren't people who are being convinced.
that they need to put their money in this system rather than the stock market.
It's not pensioners who have serious life implications for losing something if everything goes
belly up. It is, like I said, enfranchised early adopters. That means that when these things happen,
we can have these intense, real debates, but without the potential for people being existentially
hurt. I don't think that we want to give that up yet. I don't think that the Ethereum community
and the defy community should want to give that up yet.
If this happened in the context of having millions more people involved,
you can bet that it would be much more significant.
You also would see much more vicious attacks, right?
The more that this space grows,
the more of these types of attacks are going to happen.
And the reality is that we don't know what the attacks of the future are going to look like.
We're not going to be able to predict them all because people are very smart.
and they're going to figure out all of the wrinkles in this new system.
That's okay. There are plenty of people out there, including folks who aren't just defy partisans,
who think that there could be some major upsides, right?
Alex Krueger, Kroger Macro, who's a pretty skeptical guy by nature, says,
Flash loans offer instantaneous collateral-free liquidity.
This is legendary.
Just like a liquid derivatives market brought discipline to Bitcoin,
flash loans bring discipline to defy.
A few will profit at the expense of the careless,
and in the process make the market more efficient and resilient.
Need to crack a few eggs to make an omelet.
Now, of course, there is another reason to be glad that this is still an early adopter market that's relatively small,
which is summed up by Preston Byrne, who writes,
Defi is already regulated.
The government just doesn't think it's a big enough deal to enforce against, yet.
Now, ultimately, this space is still in its infancy,
but I do tend to agree with Larry Sermak from the block who wrote,
it's defy exploitation season.
The first exploit showed a lot of people
that something like that is even possible.
Now it's go time.
I think we're going to see a lot more of this type of attack coming,
and it may not be exactly the same.
It may be a little bit different,
but when you see people who are able to instantaneously walk away
with $300,000, $600,000,
it's going to have a lot of eyes look over at this space
and ways that we may not like.
So here's the bad news and the good news about this.
The bad news is that I do think that we're going to see a lot more of this type of attack.
The other bad news is that this is going to provide a lot of narrative ammunition for those who don't think Defi is valuable
or who think it creates so much systemic risk that any upside is mitigated.
The good news is that there was never a chance that Defi was going to make it to the mainstream
without a period of pain, right?
without an exploitation season where these systems were really stress tested and pressure tested
in a serious way, not just theoretically, but by people who want to take advantage of them to make
money. That's happening now, and I think it's going to happen more.
The good news about this is that if defy does make it through to the other side, and particularly
if it does so in a way where the decentralized and decentralized finance remains and is sustained,
then I think the whole space is stronger for having gone through it.
So that is my take on this.
I think that these attacks are the first of what are likely to be many more that we see attempted.
I think that the fact that they are happening in the context of this enfranchised early adopter
market is a good thing.
And I think that it should create or remind us that it's valuable perhaps to have some
amount of inherent conservatism when it comes to playing with real money.
Defi is playing with live ammunition, and we need to treat it that way.
Let me know what you think.
Hit me up on Twitter at NLW.
I'm really interested.
I think this is a fascinating moment, and I will catch you tomorrow for another episode of
The Breakdown.
Peace.
Welcome back to The Breakdown.
An everyday analysis, breaking down the most important stories
Bitcoin, crypto, and beyond with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown.
It is Wednesday, February 19th, and today we are going to be doing two things.
First, we're going to spend just a little bit of time touching on some of the key news from the last couple days.
The whole conversation around the defy attacks on BZX has taken a lot of the energy and time on this
podcast, which will be the case again today.
and I want to make sure that we're not completely glossing over a couple interesting bits of news.
But then second, we are, in fact, going to turn our attention back to these defy attacks.
In specific, we're going to actually hear from Sergei Nazaroff, the CEO of ChainLink.
Yesterday, Chainlink announced that they would be helping BZX transition from their current Oracle approach
to something that is hopefully more decentralized and resistant to the types of attacks that we've seen.
The reason that I thought it was worth continuing this conversation is that, to me,
Defi is unarguably one of the most important parts of the entire crypto industry.
It is something that is driving a huge amount of energy and excitement and optimism for the future.
And these attacks really represent something incredibly important and novel,
which is the idea that in the future, exploits won't just be hacks and security flaws,
but about the fundamental designs of the system and how people can take advantage of them,
how people can take advantage of low liquidity and smart contracts.
In other words, there are much more sophisticated type of attack
than just some sort of brute force exchange attack hack,
and I think that it's really worth spending time
understanding what happened and how this can be avoided in the future.
And that's what Sergei is really here to help us do.
But first, let's look at a little bit of the news from the last day or so.
One of the banner headlines from yesterday
was that the Bloomberg campaign had announced their financial reform.
package and that it made mention of crypto. Now, in terms of what it specifically said, there wasn't
necessarily a huge amount of exciting or unexpected or new or different things, right? They said,
quote, cryptocurrencies have become an asset class worth hundreds of billions of dollars,
yet regulatory oversight remains fragmented and underdeveloped. For all the promise of the blockchain,
Bitcoin and initial coin offerings, there's also plenty of hype, fraud, and criminal activity.
Their plan went on to basically say that they want to clarify who is responsible for overseeing different parts of the space,
figuring out a framework to determine when tokens are actual securities.
Obviously, they're focused like all administrations would be and should be on preventing fraud,
and they want to clarify the tax regime.
So this is really just a sort of a duh package, right, in the sense that you should hope that our regulatory apparatus is
capable of engaging with these new types of assets in their own terms, and that's really what
the Bloomberg campaign is pushing for. Now, the two things that are notable about this are, one,
that it exists at all. And I think this was really captured well by Neeraj from Coin Center,
who tweeted, what a ride it's been watching this once tiny hobbyist issue grow into something
presidential candidates have plans for. I think that point really can't be overstated,
just how notable and what a milestone moment it is in something.
some ways that Bloomberg, who is very quickly becoming the or at least one of the two contenders
for the Democratic presidential nomination, has seen fit to put this as a part of his
financial reform package.
Now, the one other little notable detail is that this isn't taking the same blockchain,
not Bitcoin, that we've seen.
It talks about for all the promise of Bitcoin alongside blockchain.
And that's a pretty notable thing, right?
it at least suggests that there is a willingness to engage and an openness to Bitcoin,
not just the technology behind it being something interesting.
So certainly something that we'll have to watch for more signal on.
Again, it's just one little bit of information inside a larger proposal that is itself only
partially filled out, but still notable.
Now, a second little bit of news today that got people nervous.
I noticed a tweet from Larry Sermak over at the block this morning that Maker was up 15%
in the last four hours.
and quote, some weird transactions happening as well.
Now, in the thread, there's a lot of discussion around what might be happening.
Someone noticed that it seemed like uniswap was being drained of Maker.
Larry talks about how there was a huge surge in volume on BitFenex and OkX as well,
and someone who's clearly trying to accumulate as much as possible.
Udi Werthheimer says maybe Maker or someone affiliated with Makers buying them up as a white hat thing.
Larry Surmac says, that's what I was thinking,
because if there is just a tiny chance someone could pull it off, i.e. some sort of strategic attack,
it's not worth the risk. But Maker could also activate a delay in the governance process, I think.
Udi responds, maybe buying up the tokens will make it easier to get the vote for the delay pass.
I don't know, just thinking out loud. Taylor Monaghan, who we heard from yesterday, also chimed in saying,
it could be the Maker team got in touch with known whales, asked them to remove liquidity from market.
Less liquidity would also result in price spike due to shallower market, even without the huge buys.
Here's 8 million removed from Uniswap pool.
It would be interesting to see if known maker whales and or maker team are all doing the same.
So this one is pretty unresolved unknown, but I think it goes back to the conversation
and our main conversation today, which is new attack surfaces that are being exploited in
DFI, or at least a concern that in the wake of these attacks, more and more focus is going
to be spent on where there are chinks in the armor of DFI that can be exploited.
So with that, let's shift over to the main part of our conversation, our interview with Sergey from ChainLink.
Sergei Nazaroff is the CEO of ChainLink, which is a decentralized Oracle product, right?
ChainLink's job is to try to create a mechanism for smart contracts and on-chain functions to take advantage of off-chain data.
And in particular, in the context of Defi, the data that most matters to smart contracts is price data.
As we've seen with these attacks on BZX over the last couple days,
part of the challenge was price oracles that were reporting data that was,
if correct, correct only after a manipulation about one source.
So in the first attack, the price of WBTZ was attacked,
and the price Oracle was then reflecting something wrong,
allowing people to make off with more gains than the system should have otherwise let them,
because that price was artificially deflated on WBTC.
The second attack was something similar,
but was about driving the price of synthetic USD up,
and then that extra price increased the amount of collateralization that was happening,
allowing the attacker to take away more eth than the smart contract system
should have allowed them to,
because that synthetic USD price, rather than tracking to $1, as it should have,
got up over $2.
So in some ways, both of these issues had at least a little bit to do with price,
Oracles. So today, I wanted to have Sergey come in and explain a little bit more. Now,
Chainlink did announce yesterday that they would be officially helping BZX make this change,
but in some ways the interview isn't really about that. It's more about the idea of price
oracles and where they fit in Defi in general. Now, one quick note on this interview,
for the sake of presenting it as the conversation happened, it's very, very lightly edited. So it's
much more natural, much less produced than normal. Keep that in mind as you're listening, and I hope
you enjoy. All right. Sergey, it is so great to have you back on the show. Really appreciate you
taking the time. Great. Thank you for having me. Okay, so this has been, obviously, the major topic of
conversation over the last three or four days, these attacks and what they mean for Defi.
And what we're interested in talking to you about today is specifically the roles of
price oracles in these attacks. So I guess just by way of starting, can you actually give
our listeners a quick primer on the role of price oracles in defy? Sure, sure. So what people are
seeking to do in defy is replicate a traditional financial product like a money market or a
derivatives product. And all of these products function on the basis of price data. So what that
means is from a technical point of view, you have the product itself, which is in this case,
smart contract code, logic written in something like solidity on Ethereum. And that solidity defines
how the contract, how the financial product will behave, how much interest it will pay,
who will benefit from an outcome from a derivative, you know, what settlement price should be
of certain futures contracts, not what, but how to react to price. So it codifies what the
contract is about. But the contract is then entirely dependent on the inputs into it.
So if you input one price, there's one interest rate.
You input a different price, there's a different one.
You input one threshold for market prices getting to a certain high.
You have one price for settlement.
You have a or a different outcome for a derivative, right?
So I think the thing that's actually important is how defy contracts differ from how people
conceptualize smart contracts up until this point.
People conceptualize smart contracts right now in two slightly limited ways.
The first one is people assume that smart contracts on Ethereum or HyperLedge or any of these networks can speak with external data sources.
Despite being called smart contracts, they in fact cannot.
So the security model that secures those state changes and that logic which defines the contract means that it's computed on multiple independent redundant node operators,
which their job is not to go get data and input data because they can't really come to consensus about these various external values.
that's that kind of breaks some of the security model and it forces you to choose who's responsible for that.
And basically, you arrive at a place where smart contract code can only be about data that's already inside the network where it began to exist.
And this is, this idea has come from the fact that everything that's almost everything that's a smart contract so far is a token.
And the token generates its own data on chain by generating tokens and then all the data that the contract needs.
to interact with because it began on chain is still on chain.
And so there's no problem there of interacting with external systems for price data.
Now, the, the, the, the other nuance is that these defy contracts, they're starting to redefine
what a smart contract is, right?
So people call a tokenization contract a smart contract, and they call a defy contract,
a smart contract.
But the attack surface area of a contract related to.
generating tokens is only its on-chain code.
That is kind of the only place from which you can attack it
and also whoever holds private keys related
to moving the tokens and things like that.
But with the D-Bai contract, you have an entirely new
attack surface area called an Oracle.
So what the Oracle does is it sits between a secure system
like Ethereum where smart contracts are computed
and external off-chain systems that know about things outside
of Ethereum. And these systems don't have private keys. They don't have a way to get that data
into a defy contract, and they don't have a way for that data to be particularly reliable.
And this is what an Oracle or a decentralized Oracle network in the case of Chainlink does,
is it supposed to securely provide external data into a smart contract so that that smart contract
can know about things like what is the overall larger market price.
And it can, if the Oracle represents the larger market price accurately,
then the decentralized financial product has the correct input and can function correctly.
If the Oracle provides an incorrect market price,
then even the best written, most secure, most audited,
decentralized financial product will fail because that input is incorrect.
And the nuance here is that when you talk about a smart contract in this defy context,
you're actually talking about something that is composed of an on-chain component,
which is the code and of an off-chain component, which is the Oracle.
Now, the on-chain component has been built and heavily reviewed by a large group of people,
but the Oracle component is right now just really coming into existence into a secure form,
largely through our work at ChainLink and kind of creating a decentralized mechanism to guarantee that the input into a Defi contract is in fact reliable enough to trigger it.
And therefore, you can now once again call a Defi smart contract, a smart contract, because both the on-chain code is reliable and also the off-chain code related to all the events that effectively control the contract also now reaches a high enough threshold to be considered.
reliable enough to be to be included in the definition of a smart contract if that answers your question.
Yeah, absolutely. I think that's a really, really helpful background because the place that I wanted to go with
the with this is that it was, basically, oracles have been at the center of the problems that we've
seen with BZX over the last couple days, right? Can you explain just a little bit about how price
oracles became part of this attack service for these attacks that we saw?
Sure. So there's actually a few dimensions and a few attack vectors related to oracles.
One of them is the Oracle mechanism itself. So there's the software,
there's the or the code that's responsible for acting as a data transport layer that's responsible for
transporting data into the contract. And then there's the data source. So the data source is either
the data aggregator or an exchange API or in this case it was actually an on-chain data source,
where the price data was generated on chain,
but you actually have these two dimensions of risk with oracles.
One is the code related to securing the Oracle,
and the other one is the data source, its security,
the quality of that data source,
the ease of manipulating it,
and this capacity to manipulate it is often also mitigated by redundancy.
So in short general terms,
one of the risks that we've been seeing unfolded,
is some people have said that perhaps an on-chain price oracle is the only price feed that you need.
And the reality is that that narrative is putting a substantial amount of people at risk because not only is it not a good idea.
The first point is that it's really not a good idea to use one source of price data.
For example, in ChainLink, we do not actually directly feed cryptocurrency exchange price data into our
our large reference data contracts. We use data aggregators that are experienced high-quality
teams like BNC, KICO, Amber Data, Crypto Compare, a whole bunch of other ones that are experienced
teams that smooth out data. Once that data is smoothed out, then you can consider the data
source as mitigating these large amount of risks.
So the first point is not even whether you're using an on-chain data source or an off-chain
data source, a cryptocurrency API or a Dex price.
It's that you don't really want to put yourself at the mercy of a single data source for a market
that could very quickly swing.
So part of the problem is that even if the snapshot that you took,
when you were building the DFI product said that this market is very high in volume and then it would
therefore would cost a lot to manipulate it, volume swings extremely quickly in the cryptocurrency
space. And so a month or two later, that market on that DECS or that cryptocurrency exchange that
you chose as the market to power your DFI DFI DAP could suddenly be thinly traded and could be
a very risky dependency even if it's correctly feeding data into your into your DFI application.
So I think the first nuance point to this problem is it is probably not a good idea to go to one exchange API
because the snapshot at the time of your building a defy application says that that is the market where where price discovery happens.
You're pretty much almost always, you're pretty much always better off going to a data aggregator or ideally multiple data aggregators
and allowing them to smooth out all these risks, which is a significant role that they play in this.
ecosystem for people that are sensitive to high quality data and crypto traders and people that
use them. But in financial markets, this is what data companies do, is they smooth out this massive
dimension of risk. And that's a big part of what they risk, what they exist. So the first thing is
perhaps not using a single exchange or a single market that could become rapidly different
and volume is perhaps, I think, to keep in mind. The second level of risk is the level of risk
with Dex Price oracles. Now, there's a number of papers around front-running issues with Dex's
like Flash Boys 2.0 from Ari Jules and Phil Diane and lots of other good folks.
And that say that there's certain ways to manipulate existing decks prices. And other than that,
it's one of these things where because Dexas are sometimes very thinly traded or have large swings and
volume in and out of them, you basically arrive at a situation where the capacity to manipulate
those markets is actually sometimes greater than centralized markets. And there's a big,
so there's two levels of risk here. The first level is you chose one data source for a market. That
market became thinly traded. It became easier to manipulate. And in addition to all that, it was a, it was an on-chain
decks about which there's been significant research that the prices in that environment can
sometimes be manipulated. Now, sometimes it's not worth manipulating them at certain costs,
but if they become a price oracle for your highly leveraged or high value decentralized
derivatives or futures product, then perhaps all of a sudden manipulating those on-chain prices
is sufficiently useful or valuable to justify those costs. And so that's why both using one
single data source is a huge risk, but using something that from a technical point of view has
certain additional risks for manipulation like an on-chain dex price, and attaching your
market to that when that market can rapidly grow in value and give people a reason to attack it
is generally speaking something we caution people against. The way that we approach this
is we have multiple independent node operators pulling from multiple high quality data aggregators.
For example, even our smallest orical networks never go below seven nodes. And each of those
seven nodes is connected to its own data aggregator, which then smooths out price data.
from many, many different exchanges.
Likewise, if new exchanges appear,
if swings and volume happen,
it's accounted for by these high-quality data aggregator
and kind of data companies.
So the things to be really cautious about
are both the security of the Oracle mechanism.
So how is that software redundantly secured?
Is the software itself of a high level of quality?
Does it implement trusted execution environments?
doesn't implement, you know, various signing procedures and secure messaging procedures,
all these types of things.
And then the second point is making sure that if you really want to dig into these things,
you understand the world of financial data and price data, which is a complicated question.
Now, our hope is that defy developers don't actually need to do that.
Defy developers should be able to show up to an infrastructure where they have,
a price that can actually include on-chain prices if they want, or it can include off-chain
prices. So we have something called a meta-oracle capability where we can compose a larger
market price from on-chain prices, off-chain prices. Right now, it's predominantly driven
almost entirely by off-chain price discovery in centralized exchanges. But I think the way that
this space and the way people build things in this space should look is not that people are
force to solve the Oracle problem when what they're trying to do is build a decentralized financial
application. The way it should look is the same way more mature spaces, more technology look,
is where people who make applications have a stack of here's where I'm going to run my logic,
so that could be something like Ethereum, here's how I'm going to connect to various external
systems. And in our case, we have a lot of expertise and experience with deciding or helping
people decide what high quality data providers are or high quality method methodologies would be.
And therefore, we're able to provide a reliable on-chain price that's both decentralized
at the Oracle level and in this case, relative to this attack, decentralized at the data,
data source level. And I think that the lesson of this attack is kind of that both of those
things are very important, both the middleware security component and the data source security
component and and that sometimes you really need to consider if if something something like an
on-chain generator of prices like a Dex is you know if those additional risks are actually worth
worth whatever you're getting from it in my experience so far the the risks of an
unchain dex price used as an Oracle greatly outweigh the benefits and realistically even
even we've seen so far in things like our meta oracle capability is the ability to implement
something called pricing bans using off-chain price data to ensure that an on-chain Oracle does
an on-chain decks doesn't deviate too far from market prices. So I think deckss are great
and I think they're doing a lot of great things with the space and I think they're improving
and they're going in the right direction. But linking the outcome of your very high value
kind of very fast-moving market to an on-chain decks whose code is entirely open and
has different ways that people can approach attacking it. And that being the only thing that
triggers the outcomes in your market is a significant risk that we've so far been able to
solve with what we've made. So we just recommend either people find a way to decentralize
their data sources and their Oracle mechanism or use something like us, you know, whichever,
whichever works for them. But if things aren't considered in this more holistic way,
both by users who want to understand what is the security of a DFI DAP and by developers
of the DAP, like what are my security risks in relation to oracles and data sources in addition
to contract code, then it's very possible that this type of thing will continue. And I don't,
I don't think that'll be great for the space in general.
So that's kind of where I wanted to go and maybe leave this,
is what you think the impact of these attacks on the space are.
You know, it sounds like you guys, based on the announcement yesterday,
are now actively helping BZX think through this for the long term.
You've mentioned or made mention of some of the lessons that already
were potentially seeing around using that kind of decks data
as a single source of pricing information and the vulnerabilities that creates.
But what are the other lessons or takeaways?
And I guess do you see this sort of attack happening more or just, you know,
new forms of attacks happening more as Defi gets more popular?
Yeah, I think these attacks are happening predominantly towards these derivatives and futures
and highly leveraged fast-moving markets with larger and larger amounts.
because there's a way to get a payoff there.
So the ratio of effort to pay off is relatively low.
And the numbers are growing as defy grows.
So what that means is that if the ratio of effort to pay off is getting better and better,
then attacks like this move up on people's target lists.
Now, realistically, as as defy grows,
if people don't successfully secure their oracle mechanism through whatever collection of approaches
they're comfortable with, then the losses will become larger.
And as the value in different subsets of the defy ecosystem, whether that's lending or some
kind of collateral-based system or whatever it is, as the value there increases, and if the
Oracle mechanism doesn't improve in security, then those things also move up on people's
list. So suddenly the ratio, maybe if the ratio of effort is still relatively high, but now the
rewards are very, very high. So I think we see a number of people out there that have different
Oracle mechanisms, some of which they baked without an external audit, some of which, that's speaking
to the security of the Oracle software itself, some of which is powered by price data feeds where
volume swings really regularly in centralized markets. And I think one of the things that's just
been saving people is that the ratio of effort to payoff is still low, relatively low. But
defy is definitely picking up speed. There's definitely growth. I mean, we recently passed a billion
dollars and there's more and more usage of it. And I think the reality is that as the amount
of value that goes into defy increases, you'll see a progress.
of these types of attacks around different sectors of defy.
So perhaps some of more of these attacks will happen in derivatives and futures-based
platforms with high volume fast moving markets, but that subsection of defy will probably become
hardened on this against this pretty quickly to a degree because we're working with a lot
of people in that space to effectively solve this problem, as well as other problems related
to Oracle reports that, you know, so that people can't manipulate their markets. Now, once that
section of the DFI ecosystem gets hardened. And if the value in DFI keeps increasing, I think people
will start to focus on other markets that they'll figure out ways to conduct all kinds of
multi-layered kind of derivatives or shorting schemes related to an Oracle failure in places where
there isn't a fast-moving market, something with lending or something based on collateral or
something where you can't immediately trade in and out of large amounts, but maybe you can create a
derivative or a short around, around some kind of Oracle event related to, related to that
collateral lending market and then have a huge payout that way. And the, I mean, I think the
reality is that part of the reason why this problem persists is because the losses haven't been
big enough, right? So if if the loss at some point becomes big enough, you're going to see
people take this as seriously as they've taken cryptocurrency exchange security.
Right? So what I've seen happen in it with exchange security over my, you know, I don't even know how many years I've been in this space now. I mean, building smart contracts for seven mining for years before that. But over overall that time, what I've consistently seen is that some kind of exchange fails in how exchanges secure the value they provide to users through private key security issues or whatever collection of issues. And then the, the volume or the usage shifts to cryptocurrency exchanges that do.
have good security guarantees. And as the value of cryptocurrency exchange usage grows, the losses
become larger and larger, right, because everybody has more money. So this seems like a very
analogous situation to me that as defy grows, and especially if it starts growing rapidly,
the people that have proper security for their Oracle mechanism will be able to explain that
to their community and show themselves to be secure. And then if somebody,
Oracle mechanism fails, much like with cryptocurrency exchanges, if somebody's private key security
scheme fails, then that becomes a top of mind kind of issue for users, not just for developers,
but for users of that product. And then those users historically looking at cryptocurrency exchanges
migrate all of their usage rapidly to secure systems that can explain how they're hardened against
against certain attacks. So I think the growth of defy will is a very good thing. I think it'll
create more incentive to attack increasingly varied parts of defy. And what I'm very hopeful of is that
you know, coin desk and you know, and kind of the community can start to think about how do we
mitigate this risk before there is a big loss. Because big losses by our community,
by defy, paint defy in a negative light, just like the Dow or large cryptocurrency hacks
paint their respective systems in a negative light. And I think the thing that's worth avoiding
or worth kind of learning some lessons about from how cryptocurrency exchange hacks
and smart contract hacks have affected certain sectors is that maybe it's not a good idea
to wait for that. Like maybe the better option is to somehow pay much more attention to the security
risk such that the losses never reach a level where people are saying that, you know,
oh, defy doesn't work because, you know, I heard that there was a hack for $300 million.
I mean, I don't, I don't want to hear that. I want, I want defy to keep growing at a massively
fast rate. But the reality is that that's a mix between.
how many users want to use defy and how able defy is to deliver on both returns and the technical
guarantees that defy decentralized finance seeks to deliver. And even if those guarantees are
not fully realized from a security point of view initially, they're definitely something that
I think we should start realizing more as the value secured by defy increases. Yeah, I couldn't
agree more. I think one of the things that I was discussing yesterday on the podcast was exactly this,
that right now we're experiencing these new challenges, figuring out new types of attack surfaces
and obviously new types of fixes in the context of a relatively enfranchised, empowered early adopter
crowd, right, who are by and large savvy to the types of risks that it entails. And I think
that's actually greatly to defy's benefit. You know, the stakes of some of these types of financial
products are massive if they go not just mainstream, but just get even a little bit bigger.
And so the fact that right now these sorts of challenges can be worked out without more systemic
risk and risk among people who really can't afford to take it, I think is to the benefit of
everyone who's invested in the long term, the long term health and growth and opportunity of
defy. But listen, Sergey, I really appreciate all your thoughts. It's always great to have you here.
I'm really excited to see what you guys continue to build in this context and what we learn from,
you know, each of these attacks and unfortunately the ones that are probably yet to come as well.
So thanks so much for your time. Yes, thank you for having me. Again, great chatting with you.
One of the things that I thought was most interesting listening to Sergey in that interview was this
idea that almost that DeFi is going through a natural evolutionary growth process where it is going
to have attacks that come after it and try to exploit new attack surfaces. And that in some ways,
this is akin to the early days of crypto exchanges where attackers exploited basically everything
that could be attacked in the context of crypto exchanges. And it took a lot of painful learning.
By learning from the mistakes of exchanges, by taking more seriously the security of every aspect of the defy chain,
we may be able to avoid some of that pain, which is obviously to the benefit of everyone who's invested in the success of defy in the space as a whole.
So really interesting thoughts, and for me, just reinforcement of why these attacks were so meaningful.
It wasn't that a huge amount of money was made away with, but they are warning shots.
They are shots across the bow of what could come and why we need to be so conscientious of everything that we're doing in Defi, especially while it's still early.
Anyways, guys, that is it for today's episode of The Breakdown.
I hope that you enjoyed this interview, and I hope you enjoyed the quick news briefing at the beginning.
We will be back tomorrow with another episode.
And until then, thanks for listening wherever you are.
I'll catch you soon.
Peace.
Welcome back to The Breakdown.
An everyday analysis, breaking down the most important stories in Bitcoin, crypto, and beyond,
with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown.
It's Thursday, February 20th, and today we are doing something a little bit different.
We're going to look through the news, but in the context of a larger overarching idea,
which is that crypto is not a single industry.
When we discuss this crypto industry or the blockchain space or whatever you want to call it,
we often speak about it in very monolithic terms, as though everything is a part of the same ecosystem.
And arguably for a long time that has been the case.
However, the more that the industry matures, the less realistic it is to lump everything together.
And so today I want to look through the news and discover that there are really
at least five different subcategories that we could be discussing things in.
And I want to talk a little bit about why it might matter for us to start having a better
differentiation. So that's the theme of the day, why crypto is not a single industry.
All right, so let's look at our first category of news. Well, we are still trying to fully come
to grips with understanding what happened with these BZX attacks earlier this week.
And at this point, it's not so much about BZX, it's not so much about the particular amounts lost.
It is about understanding new risk profiles in Defi.
In many ways, the conversation that I've seen has been a coming of adversarial thinking to Defi.
Now, adversarial thinking is something that's very intrinsic at this point to the Bitcoin community,
where people within the community who wanted to succeed are constantly asking,
what could go wrong?
How could people attack this?
What do we do if that happens?
I mean, even today in the Bitcoin community, which is a completely separate thing, as we'll get into,
there is an entire conversation about minor concentrations sparked by a post on CoinDesk's new op-ed
platform by Haseau.
So anyways, adversarial thinking has come in a big way to defy as people start to look through
every major platform, every major protocol, and ask, how could it be attacked and what the problems are?
And I think in some ways this week has shown, just even based on the difference in how these
attacks were carried out, that defy is a whole phenomenon unto itself, where the attack
surface simply doesn't look the same as it did for crypto spot trading.
It is a fundamentally different thing based on programmable finance and the composability of
finance and really needs to be taken in its own terms.
So that's the defy side of things.
Now, let's look at our next category of conversation.
We have a whole slew of stories from the world of nominally enterprise blockchain, or maybe just a better way to put it, is blockchain's interacting with the traditional financial system.
So this isn't about cryptocurrencies and digital assets.
It isn't really about programmable finance per se.
It's about what blockchain tech can do for the existing financial infrastructure.
So example one, Paxos is going to be offering the first live.
blockchain-based settlement for U.S. equities. So basically, when equities, deals are made and sold,
there's everyday settlement. So at the end of the day, the deals that have been made have to get
cleared out, and cash gets exchanged, the equities get exchanged, et cetera, et cetera. And this happens
through clearinghouses who actually facilitate that settlement. Well, Paxos is bringing this to bear on
the blockchain. Last year, they announced that their pilot with Credit Suisse had been given a no-action
letter from the SEC, allowing them to proceed, and today they announced they're actually able to get it
running. So this is inside baseball, this is infrastructure for the legacy financial world.
Similar news came out of Australia, where the National Stock Exchange announced that it planned to
launch a digital ledger technology program to compete with the Australian Stock Exchange, which is
itself building a blockchain-based replacement for its clearing system. Again, more of this
insider financial infrastructure type of thing.
One more quick bit of news in this same category came from the Bank of Korea that is looking
at building a blockchain-based system to bring better record-keeping to the bond market in
Korea, which is one of the largest bond markets in Asia. So again, the point here is that we have
this set of news all around the digitization and the blockchainification of financial infrastructure
that has practically nothing to do with defy, right, in anything we were just talking about.
And very little to do with what we're talking about next, which is governments racing to figure
out their digital currency strategies.
On now to our third clearly distinct and differentiated topic, which is central bank digital
currencies and, moreover, the battle for the future of money and how central banks are
going to deal with the emergence of new types of digital monies.
So Brazil has said that they are going to launch a quote near instant payment system called PICS
that is designed to speed the system up and reduce costs for Fiat transfers between individuals and
businesses.
Now, they said explicitly that this is about a response to cryptocurrencies.
The president of the Central Bank of Brazil, Roberto Campos Neto, said,
PICS came from a need for people to have a payment instrument that is both cheap, fast, transparent,
and secure. If we think about what has happened in terms of the creation of Bitcoins,
cryptocurrencies, and other encrypted assets, it comes from the need to have an instrument with
such characteristics. So this will not be a cryptocurrency per se, but it is being designed in
response to the force that cryptocurrencies are creating in the world. So now let's go through quickly.
Let's review the context that we've had for our quote-unquote crypto industry just in one day.
We've had one composable, programmable money and what that means. We've had two.
security settlement and basic infrastructure for the legacy financial system that has literally
nothing to do with token assets.
Three, we have central banks trying to figure out how they're going to respond to new competition,
competition that they've never really felt before in the same way.
But let's move on to our fourth topic, which is completely different again.
Fourth up on our list of stories that don't really seem to have anything to do with each other,
but yet are uncomfortably lumped into one quote-unquote industry,
is that Juventus, the soccer giant out of Italy,
has become the latest sports team in what is now becoming a trend
to experiment with NFT-based digital collectibles.
Juventus is partnering with Sorare
to create digital cards for their fans.
So this is a licensing deal
through which Juventus will be partnering with Sorare
to create digital cards that represent their fans.
famous soccer players like Cristiano Ronaldo in digital collectible form on the ERC 721 standard.
These are fun, interesting, cool ways for fans to engage with the team.
They could represent the future of sports engagement, but they have literally nothing to do.
And I mean literally nothing to do with central bank digital currencies or the settlement
of equities in more efficient ways.
These are such fundamentally different fields that it almost feels insane to talk about them together.
And so let's go to the fifth and final of the categories of stories that we'll talk about today.
In this quote unquote crypto industry, which comes back to Bitcoin, but not just Bitcoin as a crypto asset,
but Bitcoin as a hedge against what is increasingly a crazy world.
For Bitcoiners, they're looking out across an economic scenario where the world's
largest economy is absolutely crippled and brought to its knees and effectively non-functioning
right now because of coronavirus. And yet in the U.S., stocks and other assets and equities are
reaching all-time highs, right, on the back of a decade or more of incredibly cheap money.
And this conversation about Bitcoin in the macro environment is so fundamentally different,
again, from everything that we've talked about today. It's different, even though it relates to
the financial markets to this idea of blockchain as infrastructure, it's different fundamentally
from the idea of NFTs sharing only this context of digital scarcity, which is one of the chief
innovations of Bitcoin. So the point that I'm trying to make is that just taking a single day's
snapshot, there are at least five different seemingly on the surface unrelated categories of
stories and news and conversations that are all lumped together as either the
the blockchain industry or the crypto industry or whatever you want to call it.
So why do we discuss these things? Why do we debate about these things like they're part of
the same category? Well, there are a few reasons. The first is the most obvious that they have
a similar underlying technology. Inevitably, however, any new technology innovation is going to
ultimately find its way to mature in different types of business or consumer-facing context
where it no longer matters as much what the underlying and hidden inputs are in the system,
but only what the end result is for the end user or the end business case.
I believe we're starting to see that break where it becomes less and less interesting
to talk about them in terms of the inputs and more and more interesting to talk about
these things in terms of their outputs and impact.
A second part of the reason that we talk about these things in the same terms,
or as they're part of the same thing, is that they have historically been competing
for a constrained set of resources and a constrained narrative space.
So what I mean by that is that there has historically been only so much interest
available to blockchain slash Bitcoin slash crypto slash Ethereum slash defy slash whatever
in the basis of attention, time, money, talent, etc.
And so by speaking in this way, we're actually competing to make people who are looking
in from the outside think that that space is about the thing that we care about.
about and we're invested in. There is to some extent in the short term a zero-sum game between
companies who want to build around the Bitcoin protocol and want to get people to care about that
versus companies who want to build around defy and want people to care about that. Now, that zero-sum
game is, I think, a constraint that is very time-bound, but it is a real thing. And so it's understandable,
at least in some ways, that that fight has been happening. This relates to point three about why these
conversations, why these topics have been lumped together, which is that from the outside looking
in, there's only so much headspace that any outside observer has, and so they have been lumped together.
There hasn't been necessarily a big clear differentiation between the nuanced parts of this space,
and realistically, we're still in a context where we're dealing with memes and narratives
that have resulted from that competition that have impacts today.
look at the way that governments talk about blockchain, not Bitcoin, just as one example of that.
There has been this pressure from the outside in that everything that we're doing here in this
crypto industry, quote unquote, even though it feels so differentiated, has been lumped together.
A fourth and final issue, though, is that the public spaces where we discuss crypto and this industry
and everything around it reward enemy making. If you look at people who have been able to rapidly
grow their following on social media, it tends not to be on the basis of just adding value or being
a really good steward of an idea. It tends more often to be picking a tribe, figuring out the
memes that get that tribe excited, and going to war with other tribes. And this is not a Bitcoin only,
this is certainly not a crypto-only phenomenon. This is very much about the structure of the algorithms
that drive social media, be it Twitter or Reddit or whatever.
it is a real factor that does shape our industry to this day. So what's the takeaway on all this?
Why did I decide to do an entire episode about this? Well, one, it was a way to tie together five
disconnected news stories on a day that there wasn't really clearly a banner headline news story.
So take that for what you will. But two, it is something that I actually think about a lot,
that a lot of our time and energy and attention is spent on these never-ending debates about
whether people should care about this thing versus that thing and whether they can coexist,
when it might be better to spend that time on, well, literally anything else. However, this isn't a
morality lesson. And like I said, I do think that the public spheres in which we engage
reward this sort of combativeness, right? So what are you going to do about it? I also think that
there is a sort of self-defense mechanism that these communities go through where by having this
contest internally, they actually strengthen their defenses when it comes to extra
challenges and other attack surfaces. So I don't even want to mitigate that there is some value
in the fight. However, I do believe that by recognizing that this industry is maturing into several
subcategories that either are already in the case perhaps of Bitcoin or will potentially be in
the future their own categories unto themselves, we actually do ourselves as service as it relates
to those external forces and people coming in. I believe that there is going to be more attention
focused on this industry going forward.
I think that the way that governments are responding to Libra is exemplary of that.
I think that every time Bitcoin is pronounced dead but then continues to be the best performing
asset in the world, it brings more attention.
And I think that it would be better if we're able to better help people navigate to
where they are naturally interested, right?
There is that resource competition.
Of course we want our thing, our area of this world, to define the rest of it.
And I also think that there's good arguments that these things aren't mutually exclusive
and that you should be rooting for multiple at the same time.
However, I also think that when it comes to new people coming in
and new institutions coming in and new resources coming in,
they are going to have intrinsic biases
towards different parts of this industry that get them interested.
I don't think that forcing all of them to go through a gauntlet of
my thing is the only real thing here is going to be helpful
as compared to just letting them go find where their interest
match their resource allocations, right?
let the money that wants to go into settlement solutions for traditional equities go find it,
and then from there get them into Bitcoin.
I don't think that we lose much by that.
In fact, I think that we do better by allowing money to find where it's most interested in getting
their hooks in somehow.
That's my little rant for today.
Mostly, like I said, it was just a way to connect the news on a day where there was a lot
of disconnected news, but it is something, as I said, that I've thought about a lot, and I want
to know what you guys think now.
So hit me up on Twitter at NLW.
Let me know if you also see what I'm seeing where the crypto industry, quote unquote,
is actually fragmenting into a number of sub-industries all trying to mature, you know,
in an interrelated perhaps, but ultimately independent way.
Anyways, guys, thanks for listening.
I appreciate you.
And I will catch you tomorrow with another episode of The Breakdown.
Peace.
Welcome back to The Breakdown.
An everyday analysis breaking down the most important stories in Bitcoin.
crypto and beyond with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown.
It is Friday, February 21st, and today we are going to start by diagnosing the dip.
We're going to be discussing some theories for why the Bitcoin price fell so dramatically
a little earlier this week in such a short amount of time.
Second, we're going to be talking about fire in the exchange funding market and what it
might mean for what type of products investors are interested in. And third and finally, we're going
to take a little hop, skip, and a jump over to the world of Central Bank digital currencies,
looking at both Sweden, who has announced some interesting tests as well as analysis around
the impact of coronavirus on China's digital currency plans. Let's break it down.
We had been feeling pretty good about this 10K number. It had gone up to 10K and then fallen and then
gone back up and then fallen and then gone back up again. And we were getting pretty settled at that
level. When all of a sudden on Wednesday, the price dumped something like 6% in under five minutes. It was
this huge, huge falloff. And we've more or less stayed at this 9500 to 9600 level ever since then.
So the most common analysis that I saw on what happened had to do with Binance and Coinbase going
down at the same time. Both of the sites had unscheduled maintenance, and that creates potential
liquidity issues, not to mention concerns of volatility or concerns of hacks, right? Because at the
beginning of Binance going down, we weren't sure what the answer was. It wasn't clear why the site was
going down. And so you potentially have a scenario where if you have major providers of liquidity
who are going offline and a few whales who can dump on the market, potentially you see this
sort of dip. So that's the analysis that I saw from a number of people like Maddie Greenspan
and others. And I'm not sure what the answer is. This is a little above my pay grade when it comes
to actual market analysis. However, what I will say is that it is a reminder to me of the significance
that a small handful of actors, particularly exchanges, have in determining confidence in the markets
at any given time. And I think that that's something that we always have to keep an eye on.
Earlier this week, Coin Metrics also did a study around concentration of wealth within different
asset communities. And I think it's part and parcel of the same conversation, which is that
if we are operating in an ecosystem, which is theoretically free from the ability for people
to manipulate and debase the currency or whatever we're trying to escape from the old financial
system, yet wealth, i.e. power, is concentrated in a very small number of hands.
and in the cases of exchanges, we have not only power in terms of actual liquidity, but also
influence in terms of market sentiment. The point is that if power is concentrated in a few
hands, it becomes potentially an approximation of what we're trying to leave behind.
So my sense is that that's something that we shouldn't be worried about per se in terms of
this specific instance, but it is something that we should continuously be vigilant about, right,
and ask how we make sure that we're not just reliant on single points of fitness.
failure. Today, as I'm recording this, we're getting another example of just how much
Binance can dominate a news cycle. Both the block and CoinDesk are reporting on a memo from
Malta saying that Binance is not registered there. And Binance is saying that they've never
been registered there, but we all remember a tour a year ago where they seem to be touting the
fact that they were in Malta. And their official defense is basically that they're based
in many places. They've never had a single jurisdiction. They're decentralized, whatever.
And honestly, I'm not even really sure why this particularly matters or why we care about where
they're based, except insofar as, I guess, if it looks deceptive.
But the point is that, again, they're dominating a news cycle for what effectively is kind of a
non-story.
So that's just another indicator of the power that Binance has relative to the rest of the industry.
It is interesting to see then that we continue to find the most invested category, or at least
one of the most invested categories in the entire crypto and crypto-adjacent ecosystem is in exchanges.
For as much power as this generation of exchanges have, it's clear that there is belief that this is not fixed,
permanent, or inevitable for the future.
The first exchange news comes with regard to the Hong Kong-based BC group who operate OSL,
which is an institutional-focused crypto exchange.
Fidelity International has invested 14 million into the exchange operator.
And again, to me, this is another example of one of those stories where the big,
interesting thing isn't necessarily the number, but is about the company who is investing.
The fact that it's this globally renowned asset manager in Fidelity International
obviously has implications for understanding who is spending time looking in at the Bitcoin
and crypto markets.
But in some ways, this was the second fiddle news when it comes to exchange fundraising to FTX.
FTX has hit the trading scene in crypto with incredible force.
This is a company that's something like nine months old who are already seeing billions in volume of derivatives trading.
And the block reported yesterday that they are out raising an equity round at a billion dollar plus valuation,
which, if that comes to fruition, would make them one of the fastest growing unicorns in
startup history. Now, it should be noted that the Block Report is saying that they're seeking to
raise an equity round at that valuation, not that it is completed. And as anyone who's ever
raised venture capital knows, the money is not there until it's actually in the bank. However,
I think it doesn't take away anything from the ascent and the incredible rapid growth of
FTX. This is an exchange that has perfectly captured the zeitgeist of the crypto markets now,
the shifting and growing focus on derivatives. They've even
done interesting things like created futures markets around current presidential candidates.
And there is a sense among people who are in the know in crypto that if a new generation
of exchanges is going to challenge the dominance of the actors we have, it's going to be led
by companies like FTX. So something very interesting to watch and a reminder in this case
that for as much as we might be concerned about power concentration and influence concentration
among leading exchanges and companies like that, there are contenders.
Let's end this Friday breakdown with a quick trip through the status of the battle around
Central Bank digital currencies and their competitors.
So first, we saw yesterday news out of Sweden.
Sweden's central bank is beginning to start testing its digital currency that it calls
the E-Krona.
The pilot, which is being built with R3's Corder Network and is being supported by Accenture,
is designed initially to run until February of next year, so a year.
but could extend farther. Now, there are two interesting details about this announcement for me.
The first is what I believe is an under-discussed issue as relates to central bank digital currencies,
which is the way in which they potentially make central banks compete with commercial banks.
So Reuters wrote, this revised role in the payment system could lead to individuals holding money
in risk bank accounts, something that would overhaul the distinction between central and commercial banks,
Risk Bank being the Bank of Sweden, the Federal Reserve of Sweden.
It strikes me that one of the headwinds for central bank digital currencies
could be this new competition that it creates with central banks
who aren't going to want to give up that role in the economy.
Now, the other interesting detail came from the actual statement itself
that said the E-Krona would, quote,
reduce the risk of the Krona's position being weakened by competing private currency alternatives.
So again, we are back to Libra and this idea that,
governments and part of why they're responding is that they are afraid of currencies that are being
issued by corporations, right? And in particular, I think, as is obvious, the Libra. So really interesting
to see this play out in real time, not just theoretically, but to see central banks explicitly
acknowledging that they are reacting to that type of threat. Now, the other threat and reason
that central banks are so actively engaging in this digital currency battle is China.
China has made it very clear that they are working towards a digital yuan,
and banks like Japan's are very nervous about the type of economic influence that this might give them.
Well, this week we saw some indication about how people involved with China's central bank are viewing the coronavirus
and what it might do as it relates to the digital currency project.
China's economy is still effectively shut down right now, with no clear end in sight, despite some rhetoric here and there.
Some have taken that to mean that the digital currency project could be moved back.
However, the former president of the People's Bank of China in an interview with China Daily
towards the end of last week, the beginning of this week, said that it might actually speed things up,
that the efficiency, cost effectiveness, and convenience make it even more desirable during an epidemic.
This is interesting also in the context of the role of physical cash in potentially spreading the virus.
The government has actually quarantined old paper notes and distributed new notes in the areas where the virus outbreak actually happened.
So this is an interesting little wrinkle in the story of how the coronavirus might impact the economy in our crypto sector and beyond.
Now, as I was recording this, we actually had a bit of interesting news coming out of Libra.
Libra was, of course, the catalyst for so much of this activity, but has been beset by many, many challenges, many regulatory, but also.
companies and members of the Libra Association dropping out. Well, for the first time in a long time,
we've had an announcement about a new company that is joining. Shopify has joined the Libra Association
as of a blog post this morning on Friday. The post said,
Our mission has always been to support the entrepreneurial journey of more than one million
merchants on our platform. That means advocating for transparent fees and easy access to capital
and ensuring the security and privacy of our merchants' customer data. We want to
create an infrastructure that empowers more entrepreneurs around the world. So to me, this makes much more
sense than legacy companies like Visa and MasterCard being involved with Libra. Libra is an assault on the
traditional financial order as it relates to money. And certainly it makes sense for Visa and MasterCard
to keep their enemies close, so to speak, by being involved so they have an insight into what's going on.
But when it comes to real alignment, you have to think that it's these companies that they're
that are destabilizing and fundamentally challenging the old world that those institutions were
built around.
But differently, the most ideal partner in the world for Libra would be Amazon, and the only
reason that's not going to happen is that I assume that at some point we're going to see Bezos bucks,
too.
Whatever happens with Libra, though, it is very clear, very, very clear that tech is looking increasingly
to get in on the game of finance.
We saw it even yesterday with news that Patreon would start to get into the business of
effectively payday loans for their creators, where they would be doing cash advances for their creators.
And now, on the one hand, this makes complete sense, right?
They have data about the track record of creators and what money is likely to come in,
so there's no reason they can't advance that.
However, at the same time, it shows very clearly that in their calculus,
growth is going to come from financial institution-like factors,
not just building this great service where fans connect to the favorite creators.
The point is, again, that whatever happens with Libra, the tech assault on finance is in full swing,
and it's going to keep playing out, and it's hard to see how it ends.
But for now, guys, I think I've given you plenty to think about for a Friday.
I'm headed off for a good weekend, chilling at home with my family.
I hope you are headed to something fun or something calming or whatever it is that you need.
Thanks, as always for listening.
I will be back breaking down the news with you on Monday.
Peace, guys.