> In the third section I analyze its security model, specifically the cost of mounting a 51% attack on the assumption that hash power is available for rent and doesn't need to be purchased by the attacker.
Bitcoin mining requires special devices (ASICs). These ASICs would lose their value if Bitcoin lost its value. Given this fact, why would anyone rent them out, or rent out the hash power?
If your hash power typically translates to $X per day and someone offers you 2X $ to rent the hash power for a day, I suspect most people would rent them out
Profitable mining does. If you’re looking to make money, you need ASICs. If you’re just looking to disrupt the network, e.g. for military purposes, commandeering a cloud or two would do.
> ASICs are orders of magnitude faster and more efficient per dollar
Every supercomputer in either the U.S. or China plus its cloud resources would be able to mount a 51% attack. And this isn’t counting e.g. the NSA or GCHQ’s supercomputers, which are optimised for code cracking.
Remember that general-purpose computers use orders of magnitude more energy than specialized hardware for the same task. So if bitcoin uses (say) 0.05% of energy globally, matching the hashrate using general-purpose hardware (assuming an alternate reality where the planet has enough hardware for someone to attempt this) would require something like 5% of global energy usage. Diverting that much energy away from the rest of the world is not even remotely feasible.
> would require something like 5% of global energy usage
Fair enough, supercomputers + cloud was optimistic. They can’t do 40 zettaflops.
Half of that, worst case, we could, though not triviallt. For bursts at a time. (Worst case because the math supercomputers designed to break encryption do is similar to that required to break Bitcoin.)
Practically speaking, were we to do this, we’d procure the ASICs. (And target in-jurisdiction mining, lowering the hurdle.) No private party is particularly incentivised to launch such an attack de novo. We may never need to actually attack: a law appropriating tens of billions to create a crypto deterrent would crash prices on its own.
> a law appropriating tens of billions to create a crypto deterrent would crash prices on its own
Doubt that. All that would happen is driving the industry underground or overseas. It wouldn't be the first time a government overplayed its hand and failed to acknowledge that bitcoin is a global technology.
That isn't slowing down. I have exactly 0 faith that governments across the world could start from scratch and cooperate to outpace and then surpass the private sector in a chip fabrication project, no matter how many billions they throw at it.
Seizing overseas fabs to attack a private industry would be a historically unprecedented, diplomatically suicidal move. It wouldn't stay secret for more than an hour, and they'd have to stay and operate the fabs for years to manufacture enough chips. Then of course while that's happening, the rest of us would use that time to prepare a mitigation, not sit around on our ass for 5 years waiting.
This is actually not true. If you look at the Wikipedia article on supercomputers you'll find that there is a special network for Bitcoin because it can only do sha256x2.
Specialized mining hardware is in the exahashes range whereas even the best general purpose are terahashes at best and even that is a stretch.
Plus the attack has to be sustained, you can't just do it for a few seconds or minutes and disrupt much.
The author really undersells how difficult/nearly impossible this is and will be for a long time, at the very least. If the market transfers successfully from miner subsidy to transaction fees, then it will always be nearly impossible.
Aside from Satoshi's hoard.. there's also just regular destruction. Units can be mined and then permanently lost. The system has a limited number of units that can be generated in total and no mechanism to replace the lost units.
If that ever became a significant issue I imagine users would be happy to increase the precision via a fork.
LN supports sub satoshi (i.e. higher precision) payments on L2.
If you're talking about the numbers getting super small and being unwieldy, most fiat currencies have the opposite problem of the numbers getting super large, they just redenominate every now and then.
I love how everyone responding to you seems to think that this is fine because you can just continue dividing the currency, as if the problem is a technical one, and seem to be ignoring or unaware of the actual problem:
Constant deflation is HORRIBLE for any economic system. By design it rewards early capital holders and punishes you for needing to make any transaction. It disincentivizes doing anything. You are always better off not spending money. This may sound good to idiots who just like "line goes up", but that makes normal people not use that system if they have the option.
Bitcoin, by design either on purpose or through negligence and a lack of basic economic knowledge can only ever reward the original whales and harm normal users of the system. Hoarding is the only rational position. That's what crypto proponents push for, because they are already bought in and want to reap the rewards. It's always hilarious and infuriating when they claim this system is more equal, more distributed, or more egalitarian than any other.
> But somehow people still buy food and shelter even though they could put their money in VTSAX instead and get 7% returns.
Silly people, needing a roof over their heads and nutrition.
> We could use a world with more saving and less consumerism.
Everyone saving more would be disastrous for global human welfare. It won't preserve resources in any meaningful way and would set society back generations. If that's your goal, great.
But what we need to do instead is shift toward consuming sustainably. That might mean consuming less in some instances, but in a many cases it means consuming differently, especially in how we consume energy.
Right, money needs to circulate to everyone so that people can afford to spend their lives on other than subsistence work. Saving primarily benefits the saver (secondarily those who take out loans).
I also find it infuriating when crypto fans defend the massive advantage afforded to early miners. To me the only truly fair distribution is one where the rewards never change; later generations of miners should get the same reward as those mining right after genesis, rather than fight over crumbs. A pure linear emission doesn't really make money any less sound [1].
> In private discussions I have heard three counter-arguments, none of which I accept
I think this article skips the most compelling (to me) counter argument.
If there’s a 51% attack, the currency loses all value. Nobody will want to trade Bitcoin or use it as a currency once this attack is exploited. So a 51% attacker is disincentivized to perform said attack because doing so would make the prize lose its value.
Now I write this, I suppose if your worry is a government trying to destroy Bitcoin, then that’s exactly how to do it…
> a 51% attacker is disincentivized to perform said attack because doing so would make the prize lose its value
North Korea and Russia heavily use crypto. If either does something super stupid, the Congress could create a credible commitment to repeatedly launching attacks on their payment networks, including Bitcoin. This isn’t some far-fetched threat.
> a regulated exchange like LedgerX, which custodies all the cash that would pay out on the bet
Bitcoin crashing would take out LedgerX. At that point, you’re an unsecured creditor. There is also legitimate question to them paying out a massive short after something like this.
The exchange is not long Bitcoin, and it holds (edit: typo) all trader assets separately from its own, so no, a crash in bitcoin wouldn’t “take out” LedgerX. You’re just making stuff up now.
> exchange is not long Bitcoin, and it hold me all trader assets separately from its own, so no, a crash in bitcoin wouldn’t “take out” LedgerX
It would take Herculean effort for any crypto business to survive, well, crypto wiping out. Deposits would become worthless, cash would be pulled, credit would vanish as would investment. If markets don’t take them out, their banks and regulators will. It’s the crypto equivalent of Treasuries defaulting.
It doesn't matter -- LedgerX doesn't own those Bitcoin or the customer deposits and never did. Even if the business fails (from e.g. being in debt and the fees drying up), customer assets are held separately from their own assets and would be available for withdrawal.
Since you pretty clearly didn't research before posting, you may not realize that FTX bought LedgerX (in late 2021), and that owner did become insolvent, and regulators did look into the books, and even that didn't prevent options contracts from being settled and assets withdrawn. Guess we found Hercules!
If you're not willing to admit when you're wrong, you'd be doing the site a favor to stop posting out of ignorance -- it's not helping.
> customer assets are held separately from their own assets and would be available for withdrawal
This protects cash and crypto at LedgerX. (Assuming it has few senior creditors.)
Shorts are different. If you place 1 BTC short with LedgerX, it doesn’t hold 1 BTC of cash. Instead, it maintains claims on others. Those claims become unlikely to pay in a crash. That’s LedgerX’s counterparty risk, which does it in, which does you in. Shorts are inherently leveraged in a way longs are not.
> that owner did become insolvent, and regulators did look into the books, and even that didn't prevent options contracts from being settled and assets withdrawn
Yes, standard bankruptcy priority was followed. Also, no leveraged positions needed to be unwound way out of the money.
There is plenty online about why shorting coins on crypto exchanges is stupid. It’s a simplified version of why FX shorts, when done with large anticipated gains, are placed offshore from the target currency.
LedgerX doesn’t support short-selling or margin trading. If you buy a put (the suggestion I made in my original comment), the counterparty sets aside the cash to honor it.
(I think you’re confusing short-selling with a short position, but that doesn’t sound like mistake someone with your bio would make.)
Are you done being confidently incorrect, or can I expect you to pollute more discussions with baseless claims you know nothing about?
Bookmarking to warn future HNers what they’re dealing with.
It’s fine to make mistakes. It’s not fine to be that wrong, with that level of confidence.
I don’t know anything about LedgerX or Crypto trading but do have a fair bit of fx experience so have a few questions about what you are describing.
Doesn’t this just move the counterparty risk away from the exchange and onto another participant in the crypto ecosystem? One that is even more systematically long crypto and one with less regulatory protections around senior debt?
Why would someone be a counterparty to this trade? It seems like they are trading a lot of downside risk to get cash equivalents upside.
I’m sure I’m not understanding something about this setup but it certainly seems worse in all ways than an exchange actually enabling more traditional shorting.
Thanks! You're showing a lot more curiosity and honesty than JumpCrisscross.
>Doesn’t this just move the counterparty risk away from the exchange and onto another participant in the crypto ecosystem?
They have to set the money aside for the (cash-secured) put they're writing, out of their control, so no, you don't depend on any later solvency of that counterparty to honor the put. And, as above, customer access to these assets survived even the FTX bankruptcy, since they're not recognized as exchange assets in the first place.
>Why would someone be a counterparty to this trade? It seems like they are trading a lot of downside risk to get cash equivalents upside.
Same reason anyone else sells cash-secured puts.
>I’m sure I’m not understanding something about this setup but it certainly seems worse in all ways than an exchange actually enabling more traditional shorting.
Except that you, the person taking a short position (by buying puts) actually get a payout in the worst-case scenario, and have effectively no counterparty risk. That's at least one way that it's better.
Also, I don't know what's "non-traditional" about buying puts as a means of establishing a short position. It seems that, like JumpCrisscross, you're being sloppy about the difference between short-selling (borrow an asset to sell) and a short position (any position that increases in value as the underlying decreases).
Edit: Also, one thing that bothers me here is the lack of a coherent model behind the objections. On the one hand, you both want to claim something is impossible, but when I show it is, you want to insist that that way is "worse in every way". What?
> have to set the money aside for the (cash-secured) put they're writing, out of their control, so no, you don't depend on any later solvency of that counterparty to honor the put
There is no legal mechanism for them to insulate that cash from creditors.
I guess I can't say I'm surprised by yet another confidently wrong claim on your part. This is one of the most high-profile cases of bankruptcy, where very determined creditors are hellbent on pulling out every penny from a very obvious fraud. And in this case, we already know that -- right in line with my claim -- depositors at one arm of the debtor did in fact have their deposits legally insulated from the (very extensive) creditor claims.
And yet you are claiming, in this very instance, that that is not possible, even as it already happened. You couldn't be more wrong on the facts here.
Perhaps you could have limited yourself to a lesser claim that, under specific conditions, that you enumerate from actual knowledge, depositors can't step ahead of other creditors. By being open and honest, and revealing the full basis of your belief, you could have said something at least true, even if you were (very honorably) wrong about the applicability to this particular case.
You didn't take that route. You instead went with the tried-and-true "if I say it confidently enough, I have to be right". Sigh.
In the other thread[1], you claimed I'm upset at you for your views on crypto. This is childish and false. I love to hear meaningful corrections to my worldmodel. Your comments aren't doing that. You're instead finding the most solid parts, and baselessly asserting things about them that are demonstrably false. I can't actually learn from that sophistry or meaningfully update my beliefs. No one can.
You are really missing what he's saying. That this particular default was subject to a bankruptcy judge means a few things that would bring alarm bells to any professional risk manager. Its not a _good_ thing, its just not the worst thing.
A few off the top of my head:
It went to bankruptcy at all. With more forceful regulatory regimes (eg banking/brokerages) they skip bankruptcy proceedings for the most senior debt holders entirely. The regulator steps in and disburses the funds much faster.
The judge had discretion, there was no legal insulation to LedgerX's creditors. They just had maintained enough arms distance to satisfy a bankruptcy judge to rule in one set of creditors favor over another's.
His point is that unlike in other regulatory regimes, nothing in the law, says that deposits at a CFTC exchange are more senior to any other liability. And the precedence on clearing house default is not extensive.
Most risk managers would view the fact that this judge ruled in their favor as the saving grace to a mistake on the risk management side.
Also, you are on tilt here. Statements like "You couldn't be more wrong on the facts here." are pretty embarrassing when you are misconstruing things so dramatically.
Ah, I misunderstood what you were saying. I thought you were suggesting that the counterparties were passing money between each other. Instead, this _is_ a traditional short position. The counterparty is setting aside the cash, with LedgerX, who is actually a registered CFTC clearinghouse so does have oversight and is (theoretically) watching their operations and they are therefore using properly applied risk management for "other peoples money". But the counterparty risk remains with LedgerX. It hasn't gone anywhere and is still something that would need to be managed.
Its been a few years since I did risk management for a CFTC derivative exposed firm but at the time clearing house default procedures were very much up in the air. Dodd-Frank allowed for clearing houses to be declared as systematically important but only CME, ICE and OCC were designated as such. Has that changed?
Other than that, I'll be honest I don't remember what the debt claims were with regard to clearing houses. Is there some special provision of the bankruptcy law that makes "LedgerX doesn't own those Bitcoin or the customer deposits and never did." true? Because typically this would be up to a bankruptcy judge to decide (as opposed to say custodial assets at a brokerage or deposits at a bank which have senior claims by law). That doesn't look to be what has happened in this case by the way. In this case it looks like a bankruptcy judge looked at the books and said "yep these assets/liabilities balance appropriately so its an easy win to just sell the clearing house to someone else". Which is precisely what 'JumpCrisscross said.
So, I'm not put off by this, because its a message board. But maybe you should look at some of your statements to see if they meet your own standards. You've made a few claims that set my alarm bells ringing as someone who has actively worked in this space.
A few examples "actually get a payout in the worst-case scenario, and have effectively no counterparty risk" which is not true. "LedgerX doesn't own those Bitcoin or the customer deposits and never did" which is up to a fairly complicated legal disposition to figure out. "customer assets are held separately from their own assets and would be available for withdrawal" which is an article of faith.
Generally speaking, "no counterparty risk" is impossible in finance. With traditional finance there is a lot of law, regulation and precedence to help mitigate it but even then actors in the space manage counterparty risk as a matter of course, including by managing their clearing risk. When crypto is involved I think it would be charitable to be even more patient with people who are incredulous about that statement, even in cases like this where it is falling back on normal finance.
Sorry for the long delay to reply, these are good points that are worth addressing.
Yes, you're right, counterparty risk is not completely gone, and it never is. Even for a stock share in Schwab cash account, for all I know, it's some massive, elaborate fraud where the share never existed and I've never compensated for it not being there. Yet most of us would roll our eyes at someone insisting that you "can't profit from future [unexpected] successes at Google" -- even by owning shares -- because "lol counterparty risk".
I thought I was careful about hedging my remarks to allow for cases like this, and it feels like special pleading to scream bloody murder about that (very tiny) risk, when a) it applies to everything, even that Google share above, and b) that clearly wasn't the kind of counterparty risk that JumpCrisscross (JCC) was warning about to support his thesis that you can't short crypto.
Rather, he was claiming that the loss in value of crypto would cascade to your counterparty being unable to honor their side of the short position -- a position, mind you, that is fully backed by cash no longer in their control, and regarded as customer assets by the exchange. He's clearly working from a model in which any such counterparty is using margin, and where the resolution of the contract depends on later sales, with certain price minima, despite my painstaking re-clarification(s) that the short position's model and the exchange do not work like that.
Note in particular his comment "If you place 1 BTC short with LedgerX,", which was never part of my model, and not something LedgerX supports to begin with!
There are many things you can say about that kind of reply, but not "this is a meaningful attempt to engage with SilasX's point", so of course, I'm going to call that out.
(From all I've read, the status of one's deposits at LedgerX is the same as the stock at Schwab -- even if the stock market crashes and Schwab unable to pay its bonds, that Google share is still yours. If you have actual information on that topic, that would be useful to know -- I have a hard time parsing the regulatory filings myself -- but JCC certainly didn't, beyond re-parroting assertions about how LedgerX would definitely crash and use your money to pay off creditors.)
Bottom line -- JCC had many opportunities too root-cause the basis of the disagreement and narrow it down to substantive, resolvable claims about the world, but at every point elected to simply assert increasingly irrelevant points with greater confidence. I've never seen that lead to a meaningful dialogue. And so I wasn't surprised when, the following day, he played the same unproductive game.[1]
As for your point about bankruptcy: I have to remain skeptical that the hyper-savvy risk manager is worried about the Google long blowing up because of the risk that some general market crash would tear down Schwab, reveal that they weren't really holding shares, and then put your claimed Google shares junior to Schwab's creditors -- especially when we have a very recent example of a bankruptcy court electing not to do that (for FTX). If you disagree, I'm happy to hear why.
Savvy risk managers don’t tend to use retail brokerages not because of the risk but because other venues suit their operating model better.
That said if they were using Schwab for a long equity position they would not be worried about their shares being used for other creditors payback because the law says it can’t. Share holders have more senior claims than other creditors. Further, even if Schwab was insolvent there is a long chain of custody on equity shares managed by a too big to fail entity (cede) to fall back on.
Other kinds of tradable assets don’t have such protections (such as fx futures or even fractional shares) so when trading these risk managers actively do look at the balance sheet of the clearing partners. In many cases that is a too big to fail entity like the CME but clearing default was a hot topic the last time I worked in the space. I don’t know the specifics of LedgerX held crypto but given it’s a cftc regulated exchange and a bankruptcy judge actually having to rule on this, my guess is those tokens do not have the same protections as a google share at Schwab.
None of this of course matters for a single btc, that’s not enough to get professional risk management involved and if the crypto space went away tomorrow you’d just move along on losing that. But! For someone wanting to put on a large short (think a Soros style bet) figuring out how to manage the counterparty risk is a big part of the trade and it would be very common to not put that trade on with an exchange or otc desk headquartered in the country whose currency you are shorting. Precisely because you’d be worried that the basis for your short thesis would cause contagion that collapsed your counterpart.
I can see how that thinking could be extended to an exchange whose business was focused on crypto. Again, I don’t know the crypto space well enough to take have a meaningful opinion.
Not enough rentable hardware exists on the planet. The article's suggestion that someone would throw billions of dollars into a black hole to "buy up" all hardware globally, get nothing in return, and outpace those who act in their own rational self-interest is just silly.
You're right that the article doesn't address that counter-argument, but the suggested means of profiting from the attack is immune from it:
> A successful 51% attack, indeed even a credible threat of such an attack succeeding, would almost certainly sow fear and uncertainty in a wide range of public markets. An attacker could leverage this because they would have a certain amount of control over when news of the attack broke, so they could (for example) take a short position on a portfolio of financial stocks before launching the attack.
A 51% doesn't get you coins, it lets you spend coins twice. Imagine:
1) borrow a bunch of BTC, 2) use it to buy stuff you want, 3) 51% attack to fork the chain and reverse your spend, 4) pay back the borrowed BTC
What does it matter if the price of BTC falls through the floor afterward?
Of course depending on what you buy, what your lender knows and cares about, and more, you might still face repercussions that make it unreasonable to expect to benefit, but that's enforced outside of BTC rather than by BTC, relying on the systems BTC proponents often explicitly distrust.
You can already spend coins twice, it's just that one of the addresses you send the coins to ultimately won't get them. So people have to wait some time to ensure the transaction fully processes before they can give you the goods in full confidence that they have received payment.
At some point, if cryptocurrencies become more established, it might be financially beneficial for one blockchain if another blockchain becomes non-viable.
Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".
I think this is not a realistic worry for potential attackers. If someone gets control of 51%, there will be a lag time for when people start to truly believe that the currency lost its value. So there will definitely be a huge value gain for any attackers that manage to pull this off.
"An attacker could leverage [a market crash] because they would have a certain amount of control over when news of the attack broke, so they could (for example) take a short position on a portfolio of financial stocks before launching the attack."
> it means that bitcoin is ultimately not, as is often claimed, protected by mathematics or physics or even economics, but rather by the social cohesion, cooperation, and (dare I say it?) trustworthiness of the mining community
This isn't a dig. Bitcoin's value does come from the community and authority of the chain.
If it were just math, you could fork Bitcoin and have a competing currency that had the exact same code as Bitcoin. It wouldn't have any value because miners, exchanges, and users wouldn't believe it did. They believe in Bitcoin because it's been around a long time (it's Lindy) and the community around it has proven very resilient to all sorts of different kinds of attacks over the years.
I mean, it solves the byzantine general's problem, which requires two thirds honest participants. I'm not aware of anyone who's ever claimed that bitcoin "mathematically protects" you even when everyone else is lying.
It's protected by both. So ommitting one factor isn't wrong.
If you say flu is caused by a virus, it's not wrong. But flu is also caused by weak immune system, human interaction, lack of UV lights everywhere, evolution, among other reasons.
What's protected by math is the custody of the coins. The system is a delicate balancing act of incentives, math and social consensus. It's common among detractors to want to flippantly dismiss it as "only having value because of shared belief." That's not entirely accurate. All of the components are necessary to give Bitcoin its interesting properties which allow it to function as the first currency not managed by centralized control and these properties are inherently valuable.
Yes, but if nobody else values the output of your particular fork, it hardly matters.
The community ultimately chooses which fork you run if you want to actually participate in a monetary system. Really, that's all this argument is -- any currency exists within a monetary system that is willed into existence by its participants, and no amount of maths will ever change that. It's not like gold had much use for the majority of its history, and yet it became the dominant currency.
Bitcoin is very much protected by math. Transactions require cryptographic signatures. That's math!
Obviously not talking about the Nash equilibrium but still relevant.
The important distinction is who (or what) is being trusted. It's always possible that a compromised bank employee commits fraud against me, or a capricious treasury secretary causes runaway inflation with stupid monetary policy (this was actually one of the main motivations behind bitcoin, as immortalized in the Genesis block "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"). These vulnerabilities aren't really possible with Bitcoin, because you place your trust in a massive community rather than a few key individuals.
1. The miners won't just up and leave, or are regulated out of existence.
2. The developers (and/or miners) have your best interest (and not theirs) at heart.
3. Hodlers won't suddenly do a run on BTC bringing down the value dramatically. Diamond Hands often turn into Bag Holders (with out diamonds in the bag, btw).
4. The government won't prosecute you for holding BTC or exchanging it for goods and services, or say, dollars.
5. There's nothing propping up the value of BTC other than the good will of hodlers. There's no FDIC, Federal Reserve, or other large entity that can inject capital to stabilize the price.
6. Your public wallet tied to your real name/bank account won't get tied to a money laundering/human trafficking case accidentally. Why? Because you accepted BTC from a known bad wallet!
Something I've always considered a curious decision about Bitcoin is the decision for halvings to occur as discrete events rather than as an exponential decay occurring on each block. Having them be discrete events is probably easier for someone to verify by eyeball, I guess, but it has the disadvantage that it creates moments in time where some large portion of the hardware in the market can suddenly no longer mine honestly and profitably.
This decision seems to greatly increase an attacker's chances at obtaining a huge supply of hardware that is too inefficient to mine profitably, but can be used profitably for a short time to attack the network.
I suppose Satoshi never imagined there would be specialty hardware used to mine, and that whatever commodity hardware mined bitcoin could find another use.
I don't follow your attack logic. If mining hardware becomes inefficient why would using it to "attack the network" be profitable? Can you say more about what attack you're thinking of?
He absolutely did imagine speciality hardware would be used to mine:
"At first, most users would run network nodes, but as the network grows beyond a certain point, it would be left more and more to specialists with server farms of specialized hardware."
> If mining hardware becomes inefficient why would using it to "attack the network" be profitable? Can you say more about what attack you're thinking of?
The idea is that under normal day-to-day circumstances, a big deterrent to dishonest mining is that miners are deeply invested in the hardware and attacking the network would devalue that investment (if it craters the market). Normally if you have a big mining operation, the winning strategy is not to “defect”.
But halvings change the dynamic, because they take a bunch of hardware that was profitable one day and make it unprofitable the next. So for a brief period there's a bunch of hardware floating around that can't be used profitably to mine, and so has no value to honest miners, but has temporary value to dishonest ones if they can accumulate enough of it.
I don't think this will be feasible for a while, but a few halvings from now it could be.
> He absolutely did imagine speciality hardware would be used to mine
Satoshi era was consciously operating under a “gentlemen’s agreement” not to do mining farms
But I don’t think we really need to elevate him to a deity level, 2010 bitcoin client had a lot of dumb stuff in it that everyone promptly scrapped when Satoshi went away
This is the only argument I have found against Bitcoin that have substance. I can see this as a problem, but so far there have always been enough miners that was profitable. One day that might not be true though - hopefully it wont.
One reason for the halving cycle could be the way it kinda shocks the price and that makes people speculate and talk about Bitcoin like crazy. This is the perfect way to have a wrecking ball breaking the old broken system. Or it might just have been easier to implement.
Not the fact that the value proposition is poor because its inputs are destructive to society whilst providing questionable incremental value over existing currencies?
Can you demonstrate this at all? Bitcoin has been mined for over a decade and never came even close. When miners drop off, mining difficulty decreases.
If you're talking about a nuclear war scenario, we will have much bigger problems than bitcoin mining being slow.
> Bitcoin has been mined for over a decade and never came even close.
The problem with using past performance of the Bitcoin network as an indicator of future performance is that the exponential nature of halvings means that each decade is a vastly less subsidized environment for the network than the one that came before it. Over the last decade the network has given ballpark 4.2mm BTC to miners for their services; there are now about 1.7mm BTC available for miners for all time.
Expecting this trend to continue forever means expecting the value of Bitcoin to double every four years. It’s basically the wheat and chessboard problem: possible the first few times, then quickly impossible https://en.m.wikipedia.org/wiki/Wheat_and_chessboard_problem
Transaction fees are supposed to compensate for the decline in newly minted coins. Using very bad back-of-the-envelope math, transaction fees are about $2 right now, with about 2,300 transactions per block. That works out to a couple billion dollars over the last 10 years, which isn't peanuts.
(Again, bad estimate that uses USD and today's numbers as if they'd been the same since the beginning.)
The single biggest threat to BTC isn't that. It is tokenized BTC. As soon as enough people realize that there is a lot more utility to bitcoin, as a tokenized version, on other networks, they might stop using bitcoin itself. I did that years ago.
>As soon as enough people realize that there is a lot more utility to bitcoin, as a tokenized version, on other networks, they might stop using bitcoin itself.
That is extremely unlikely due to the introduction of counterparty risks that Bitcoin users are growing more careful to avoid.
That is why people are working on that specific problem. Badger is one with ebtc. There is also going to be people who are comfortable with the risk/reward ratio.
1. The governments are competent and could do outlaw it - The outlawing of guns, drugs, alcohol, tax evasion seems to have had the opposite effect.
2. For all of the flaws of western governments, they are still within some kinda laws. Coinbase is a public US based company. They are entangled with pension funds, hedge funds, rich people. I am sure they would fight against this
3. This also assumes people follow the law. In general, people follow the law but when they see their banks implode, prices going like crazy, they lose their job... Well then they might not.
4. This also assumes the current system could survive. If you look at the math you'll see that there are not enough currency to pay of the debt. It is increasingly more levered system that is breaking apart.
The consequences of a 51% attack are greatly overstated. A 51% attacker can prevent new transactions from confirming, and roll back recent transactions. They can't roll back transactions that happened (roughly) longer ago than the sustained duration of the attack. They can't mint extra coins, or double-spend arbitrarily old transactions. Under 51% conditions, you need to be more careful about accepting recently-confirmed payments, similar to 1 sat/vB transactions in a full mempool today. You can still transact, you just need to be patient and careful. The value will drop, yes, but it won't go to zero unless the attacker is able to sustain the attack indefinitely.
Provides you complete control over your money. You can send any amount to whoever you want, whenever you want, with no third parties capable of approving, disapproving, or delaying the transaction.
Obviously, there are downsides to that. But that's what it does better.
Trying to rent 51% of Bitcoin mining capacity in the short term would mean that major Bitcoin miners would have to be set up for remote short-term rental. Are they?
A bigger threat is collusion by the top Bitcoin mining companies. At one time, that was five guys in China. There was a picture of them together at a conference. Not sure what the situation is now.
> Trying to rent 51% of Bitcoin mining capacity in the short term would mean that major Bitcoin miners would have to be set up for remote short-term rental. Are they?
They just need to point their hashrate at a pool which enables rental. Nicehash is a prime example.
> The cost of a 51% attack drops dramatically if you can rent the necessary hardware rather than buy it. Bitcoin mining hardware is available for rent. Would carrying out a 51% attack on rented hardware be possible? Would it be practical? A back-of-the-envelope calculation indicates that the answer to both of these questions is "yes", indeed, that it might be even worse than possible and practical, it might even be profitable.
If it was possible (let alone practical, let alone profitable), it would've happened by now. The article acknowledges this, but doesn't quite grasp on why - that being that the rewards and difficulty are not static. By the time one's able to rent 30,000 of the article's proposed 3.3GH/s miners, the number of hashes required to win a block would be accordingly higher.
Had this article been written a decade ago, it would've likely proposed a hash rate that's readily feasible today - and it would still be dwarfed by the increase in difficulty.
> Bitcoin can be inflated through chain splits and also by policy.
Chain splits do not inflate Bitcoin. They inflate the supply of cryptocurrencies overall, but there is precisely one Bitcoin, that being the "one true chain". Bitcoin Cash is not Bitcoin, and the chain split that produced the former did not impact the latter in the slightest; they are entirely separate currencies, and always will be.
As for "by policy", it's possible in the sense that a camel passing through the eye of a needle is possible: a lot of work, and the camel would in all likelihood cease to exist as such. Such a policy change would itself result in a split chain, and it's entirely possible/probable that the unaltered chain would continue on its merry way. In other words: the chain with the altered policy would not be Bitcoin (at least not without the global network of miners and nodes agreeing to it), for the same reason that Bitcoin Cash is not Bitcoin.
> I'll just point out that irreversibility is no panacea. If it were, it would be universally adopted as the de facto standard.
It was the de facto standard for nearly the entire history of the very concept of currency. Cash transactions are already irreversible, and legal systems have managed fine with that fact for hundreds (if not thousands) of years.
Likewise:
> In particular, if you lose your keys, or entrust them to a third party who decides to defect, then you have no recourse.
If you lose your cash, or entrust it to a third party who decides to defect, then you have no recourse.
> In fact, it is arguable that the rise of bitcoin was the catalyst that birthed ransomware as a global industry. A thief can now steal your money with impunity from the comfort of their own living room.
Theives have been able to do that with gift cards, wire transfers, check fraud, and countless other non-cryptocurrency media of exchange for about as long as telephones have existed. Bitcoin being the catalyst of nefarious acts long predating it is certainly "arguable", but even Elastigirl would pull a muscle or two in doing so.
> I think the main value of Bitcoin in the long run will be as a store of value, comparable to precious metals but easier to move around.
I agree with this. Between Lightning and the umpteen million cryptocurrencies iterating on Bitcoin's design, I don't think Bitcoin needs to be the currency of choice for day-to-day transactions, but rather for moving large sums of money around and storing it relatively securely (in the technical and valuation senses).
That's true, but that is just branding. The values of fiat currencies are bound to the economies of their sponsoring countries. The value of cryptocurrency is not bound to anything except the name, so if enough people start to believe that "bitcoin" and "bitcoin cash" are interchangeable, it will become so.
And the only reason this is not a problem right now is because the BTC/BTCC split was amicable. Had it not been, had both sides insisted on branding themselves as "Bitcoin", then it would be a lot less clear which side's claim to the name was legitimate.
Right, but that necessitates that people actually do believe two sides of a given split chain to be interchangeable. That's not the case for Bitcoin and Bitcoin Cash; they may have a shared transaction history in their ledgers up to the point where their chains split, but after the split there is no way to turn BTC into BCH or otherwise reconnect the chains. Accordingly:
> Had it not been, had both sides insisted on branding themselves as "Bitcoin", then it would be a lot less clear which side's claim to the name was legitimate.
The clarity would come from whichever chain a majority of the network adopts. Rogue chains calling themselves "Bitcoin" happen all the time; they're short-lived because they fail to attract consensus that they're the "one true chain".
It's inherent in Bitcoin (like any other blockchain) being distributed; not every node is going to immediately recognize every transaction/block in the same order, and chains frequently diverge for a block or two. Usually they sort themselves out and regain consensus pretty quickly (via the so-called "longest chain rule"), which is why it ain't exactly newsworthy.
Also happens as a consequence of the node implementations being actively developed: any sufficiently-drastic change in a node's software produces such a split, wherein you end up with two chains calling themselves "Bitcoin": one consisting of the nodes which upgraded, and one consisting of the nodes which didn't. The latter is usually short-lived, but sometimes things get... messy: https://github.com/bitcoin/bips/blob/master/bip-0050.mediawi...
Oh, right, I remember that now. That was essentially a rental attack that happened by accident, and it was mitigated by the fact that no one was actually trying to exploit it. I think Bitcoin dodged a bullet that day.
But that was ten years ago. Has anything even remotely similar happens since then? (Other that the bitcoin-cash split, of course, which was done intentionally.)
As far as I can tell, for most users a 51% would at worst look like their transaction didn't "go through". This is because wallet software waits for the system to mine a certain number of blocks before showing the final wallet balance. A 51% attack that is 1 block deep may actually be a good thing for bitcoin because it would cement the idea of needing to wait for confirmations in the minds of users. In this way, 51% attacks do not kill bitcoin, but instead the attack simply makes the network appear as though it is moving more slowly than it used to because users would need to wait for more confirmations.
No, it's much worse than that. The nightmare scenario for most people is thinking that a transaction for which they are the recipient did go through and then later have it turn out that it didn't, and the money actually went somewhere else. Because of this, the net effect of a 51% attack would be to very quickly destroy confidence in the system for the duration of the attack (at least).
The author is correct, in a sense, that Bitcoin's core security is social consensus, but he falsely equivocates it with fiat currency. They are most definitely not governed by the same sets of incentives. The incentives of Bitcoin ensure its monetary policy won't change, and those incentives have strengthened consistently over time.
He oversells the need of miners to band together to defend Bitcoin. They do not. All that's needed is for nodes to invalidate blocks, which is a simple command. No code changes or anything required. If an attacker is 10 blocks deep into an attack, node operators can just invalidate the first block of the attack, wasting all of the effort and resources of the attacker. Nodes can invalidate blocks longer than an attacker can stay solvent.
Miners must follow the economic majority of the network or risk wasting resources mining a losing chain. Miners aren't rule makers, they're rule takers. This was the main lesson of the Bitcoin Cash fork which the author mentions several times, but maybe he missed the point of it.
> I think the main value of Bitcoin in the long run will be as a store of value, comparable to precious metals but easier to move around.
I disagree with this. Bitcoin makes a terrible store of value because of the constant energy cost to prop up the network. This energy is paid for by diluting Bitcoin's value.
Bitcoin mining requires special devices (ASICs). These ASICs would lose their value if Bitcoin lost its value. Given this fact, why would anyone rent them out, or rent out the hash power?
reply