🏋️ Weighing The Downsides — Issue No. 59


The security team at Coinbase published a detailed post-mortem on a hacking attempt they thwarted in June. The attack was multi-layered, multi-step, and extremely sophisticated. The attackers demonstrated not only advanced technical capabilities, but also an adeptness at social engineering. Their approach leveraged previously unknown exploits in the FireFox browser. They also hacked servers at a prestigious university in order to publish pages containing the malicious code, thereby making them seem more authentic. While it seems some employees had their machines partially compromised, the team at Coinbase was able to detect and stymie the attack before any real damage was done. Link.

This week also saw news that a group of 15 nations, including Australia, Singapore, and members of the G7, are collaborating to develop a crypto anti-money laundering system. A central point of the system envisioned is the collection and sharing of the personal data of individuals who use cryptocurrency. The implications of the proposed system are obviously worrisome for those concerned about digital privacy rights. Advocates claim the measures are needed to combat the growing incidence of laundering money via cryptocurrencies. Link.

Money laundering is not the only unsavory usage of cryptocurrency that regulators and law enforcement have expressed concerns about. Hackers increasingly leverage Bitcoin, and other cryptocurrencies, to carry out "ransomware" attacks. The city of Lodi, California, for example, revealed this week that they were a victim of such an attack. Hacker's gained access to the city's internal network, then locked officials out of critical systems, demanding $400,000 worth of Bitcoin before they'd relinquish control. The city chose not to pay the ransom, opting instead to rebuild their internal systems from backups, but the hack caused nearly two months of disruption to the city's phone lines and financial databases. Link.

One of the things that makes decentralized cryptonetworks so powerful is that they're permissionless and censorship resistant. As is always the case, though, this comes with tradeoffs. The stories I've cherry picked this week highlight how censorship resistance can cut both ways.

For one, it makes companies like Coinbase, which custody cryptoassets for their customers, huge targets for sophisticated hackers. If the private keys protecting assets held by Coinbase are compromised, the attackers get the coins. Period. There is no central authority to reverse the transactions. The Bitcoin network doesn't care if transactions sent across it represent a theft.

This same dynamic is what's lead to the increase in ransomware attacks. Ransomware existed before Bitcoin, but its success rate was impeded by centralized payment systems, which would often reverse transactions paid out to hackers at the behest of law enforcement. Bitcoin, and other cryptonetworks, makes ransomware attacks more lucrative.

Money laundering on cryptonetworks is a problem for the same reasons, and this week's announcement of the proposed anti-money laundering system hints at a chilling second order effect of censorship resistance. Faced with nefarious activity on networks they're unable to control directly, governments and law enforcement agencies may over correct with draconian measures that intrude on the rights of law abiding citizens.

What can be done about all this? Well, for one, we have to be honest about the dynamic at play. We're inventing powerful, un-censorable, decentralized networks to allow anyone to transact with anyone pseudonymously. Should we act surprised, then, when unsavory transactions occur? Of course not. We have to acknowledge that these systems may enable bad people to do bad things, yet make the case that they're worth creating anyway.

The truth is that this tension exists well beyond the realm of cryptocurrencies. Speech on the internet has a similar dynamic, as does the principle of free speech itself, for that matter. If people only said things everyone agreed were acceptable, then we wouldn't need to protect the idea of free speech in the first place. Any reasonable person can see that enshrining the principle of free speech in a society comes with some downsides. We've decided the tradeoff is worth it, largely because the alternative— a world where a small cabal of people enforce what speech is and isn't permissible—is far worse.

This, in broad strokes, is the argument we need to make a case for in the public discourse around cryptocurrencies. Yes, there are downsides to censorship resistant digital monies, but do we really want to live in the universe where they don't exist? The transition to digital-only money is inevitable. In that future, anyone who can censor the "bad" transactions necessarily has the ability to censor any transactions. Do you trust Congress, or Facebook, or any other entity to get those moral judgements right? I know I don't.

There is a dark side to cryptocurrencies, yes. We should acknowledge this, and do our part to see that these downsides are constrained wherever possible. Yet we shouldn't compromise on the need for these networks to exist. They're an integral part of a digital future that preserves personal freedoms.


70%. The "BTC Dominance" factor at the time of this writing— that is, the percentage of all cryptocurrencies market cap represented by Bitcoin alone. This is the highest it's been in several years, as Bitcoin has rallied while most other assets have stagnated. Is price the only important factor when assessing a network's success? No. But it matters a lot. Time will tell if this represents a permanent "decoupling," or merely a temporary trend. Link.