Is your digital asset protected on the exchange? Understanding the gap between exchanges and traditional banks

Written by: Nic Carter, Founder of Coin Metrics, a cryptocurrency data provider

Compile: Zhan Juan

Source: Chain News

Over the past 18 months, some of the features originally provided by traditional banks have taken root in the crypto industry. When these features are combined with trust minimization, people call it Decentralized Finance (DeFi), most of which happens on Ethereum, with some exceptions.

There have been many articles detailing the main points and potentials of DeFi, so I won't go into details. I want to say an unexplored topic: whether trust can be minimized in a depository institution or a crypto bank. (I fully understand that talking about banks in a newsletter called "Bankless!" Sounds quite ironic!)

Let's quickly review what services a commercial bank offers. The following table is arranged from highest to lowest importance:

  • Accept personal deposits (usually banks do n’t keep full reserves, keep only a relatively small portion, and issue loans based on reserves). In many jurisdictions, these deposits are protected by the government, but only to a certain extent;
  • Pay interest on these deposits depending on the type of account;
  • Serve as a source of credit for consumers who need credit cards, small business loans, overdrafts and mortgages;
  • As a trading interface and agent, it serves users who want to send wire transfers, receive checks, and pay bills;
  • Issuing debit and credit cards;
  • Allow consumers to exchange cash for electronic deposits, either through branches or through ATMs. This service is actually a subsidy (or loss-of-sale) because it is usually (but not always) free to account holders;
  • Provide physical storage space for various items, such as valuables (even your private key!).

These services are not all provided by the current cryptocurrency exchanges, but I still often call them "banks" because they do cover the use case of absorbing deposits and are involving more and more other functions.

Here I will not repeat an article that Hasu once wrote. He talked about the various services provided by the exchange ("cryptobank"), which is a good summary of the development direction of the industry. My concern is: If crypto banks are already established, and users will continue to seek the services of such institutions, is it possible to minimize the required trust? Are cryptocurrency deposits more vulnerable to this trust minimization than fiat currency deposits?

Why do users choose crypto banks?

In my opinion, the current and future major concerns of the crypto industry are how to allow users to obtain and trade various financial assets under a series of trust models.

The birth of Bitcoin gave birth to a new model of ownership: a strong ownership of portable digital goods. For every transaction on the chain, its settlement is (probably) final. This means that transactions are not affected by general issues related to digital transmission, which previously had been caused by delays between payment and final settlement. However, Bitcoin and all subsequent cryptocurrencies introduced a new problem: requiring users to host their assets on their own.

The careful storage of information is difficult for many people, and the custodian of cryptocurrencies has emerged. Since people mainly obtain cryptocurrencies on exchanges, many people choose these exchanges as custodians. Over time, the industry developed a full reserve bank, commonly referred to as an exchange (although there are also specialized custodians for non-exchanges). These crypto banks have controlled a large part of the mainstream cryptocurrency supply, and the proportion is still rising. With the rise of betting, lending, and interest-bearing tools, many users have opted to test these new products through centralized custodians.

Thanks to address tagging and a bit of detective work, we can estimate the distribution of Bitcoin's supply between managed and unmanaged. My calculations also include long-term inactive supply, and many early coins have mostly been lost.

Coin Metrics estimates the lost BTC. The source of the hosted BTC data is shown below. The data originally appeared in Macro.WTF, with corrections here

As shown in the figure above, the number of Bitcoins under escrow (dark blue in the figure) has risen rapidly, accounting for at least 20% of the total mining supply. higher.

Below I have roughly broken down the shares held by each custodian (exchange) (please note that some of them are rough estimates):

Data sources: Coin Metrics, Grayscale, XBT vendors, Meltem Demirors / Coinshares, Japan Virtual Currency Exchange Association

It needs to be acknowledged that the historical estimates in the figure above include some inferences, because I do not have high-quality data on exchanges such as Mt. Gox, nor historical data on exchanges such as Coinbase, Xapo. Japan's exchanges are particularly good. They have realized self-regulation and truthful disclosure of their currency holdings.

I admit that this is only a lower bound estimate of the bitcoin being hosted, and there are many smaller exchanges that are not counted. But I believe that is the general situation. And the trend is quite startling: the growth rate of Bitcoin being managed is much faster than the supply of Bitcoin. Who knows what share of the hosted part will eventually reach?

With the data obtained by Coin Metrics, I was able to perform a similar analysis on Ethereum.

Data source: Coin Metrics, DefiPulse

The "Inert from genesis" section refers to the ETH that was allocated during the crowdfunding phase and has never left the genesis block for whatever reason. The proportion of this part in the supply is surprising. You can also see that although DeFi is still relatively small, it is beginning to take an increasing share. In addition, we can also see the situation of ETH hosted on the exchange, although this estimate is only a lower bound.

The following data is broken down by exchange:

Source: Coin Metrics, Japan Virtual Currency Exchange Association

We would like to thank the Japanese exchange SRO again for the information disclosure, which has brought great convenience. In addition, all balances are found through on-chain estimates.

Unlike the above Bitcoin exchange share chart, I have more confidence in the overall history of ETH, thanks to the on-chain method (though I still have to rely on GBTC's public disclosure and other Bitcoin-related public information). Of course, there are many smaller exchanges that are not included, so we only looked at some samples. We also missed Coinbase's data (it intentionally hid its balance). I think Coinbase has millions of ETH deposits. (Chain News Note: GBTC, or Grayscale Bitcoin Trust, is the closest investment tool to the Bitcoin ETF, enabling investors to invest in Bitcoin without worrying about storage or custody.)

20-25% of the total supply of Bitcoin and Ethereum is held in custody, which may be inspiring or frustrating, depending on your perspective. In a random survey, most of the people I asked actually predicted that a large part of the total supply of these two blockchains would be hosted. In my opinion, whether it is Bitcoin or Ethereum, the demand for escrow exposure is stable and growing. Once this ratio approaches a certain threshold, will it hurt both systems? This is an interesting question, but it is beyond the scope of this article.

What is the difference between a traditional bank and an exchange with a similar appearance? Let us briefly review the nature of commercial banks.

Commercial Banking Today

Commercial banks are an interesting institution, and for political reasons they are not allowed to fail completely. The society trusts banks to hold household and personal deposits. Even if the bank engages in inherently risky behaviors (granting loans), the consequences of a complete bankruptcy are unacceptable to society (the deposits of all are gone). Therefore, the government actually guarantees the safety of deposits.

In the U.S., the Federal Deposit Insurance Corporation (FDIC) guarantees that if one of its member banks goes bankrupt, each depositor can still claim its own deposit, up to a limit of $ 250,000. In the past, banks were allowed to go bankrupt, and users' deposits gained nothing. But bank failures are often contagious: savers will panic immediately, and they will want to withdraw their assets. This has happened in the United States, which is why the United States Federal Deposit Insurance Corporation was established in 1933, and commercial banks have been under federal supervision since then.

So in commercial banks today, you have both unprotected stakeholders (bank shareholders and creditors) and explicitly protected stakeholders (savers). If the bank fails, investors will be eliminated, but savers will be protected (within a certain amount).

In the field of encryption, this established model has not been fully replicated. Globally, exchanges are not regulated as banks or deposit-taking institutions; in the United States, in recent times, no new banking license has been issued at all. And most exchanges do not want to be regulated as banks. Many people just chose to apply a patch: one state and one continent to apply for a currency transfer license, in some cases register as a New York limited purpose trust company, or seek to obtain a New York Bit License ( BitLicense). Many non-US exchanges are not even regulated at all. The consequence of this is that once something goes wrong, it is difficult for exchange savers to know exactly where they are. Creditors of Gox and Quadriga have learned very well in this regard.

The industry generally believes that if you do not own the private key, then you do not own your coin. I support this view, and I feel that cryptocurrencies work best when users are the sole owners of their coins. If everything ends in escrow, the escrow agency can assert control over all transactions and put the entire system back into the licensing model, which will weaken the anti-censorship ability we value.

However, I also recognize the fact that some people always tend to store their cryptocurrencies in a certain third party. Custody of private keys is technically cumbersome and also exposes holders to the risk of extortion or theft. Although I don't approve depositing cryptocurrencies into a custodian, I acknowledge that it is a very popular way, especially when the exchange launches various pledge rewards, debit card features, interest payments and other ancillary services .

Are crypto deposits guaranteed during transactions? If so, how is it guaranteed?

The crypto industry has a point of view: if an institution cannot be "mechanized", then hopelessly, it cannot provide protection to users. But I think it might be more worthwhile to take a middle ground. Is it possible for depositors to reduce their trust in crypto banks? A key area is deposit guarantees. As exchanges act as custodians, and in some cases even extend to other banking services, but they are not regulated as banks, so what about user deposits in the event of bankruptcy or insolvency What about disposal?

Obviously, the way depositors are treated will vary according to the laws of the jurisdictions where the agencies are located. Let's start with a partially or fully regulated crypto exchange. I am not an expert in this area, so I consulted some people who have direct first-hand experience with the compliance department of the storage and encryption institution.

There are no uniform federal standards for exchange regulation in the United States. Most exchanges must be registered as a Money Services Business (MSB) under FinCEN. What the transaction requires is in fact to develop an "anti-money laundering" plan, report large cash transactions, report suspicious activities, and try to comply with the Bank Secrecy Law. The MSB license does not actually cover the behavior of the exchange in absorbing deposits.

Exchanges also tend to register state-by-state as money transmitters. The requirements vary from state to state, but it is usually necessary to prove to the state audit agency that you have sufficient reserves to be considered solvent. After much consultation, the consensus seems to be that state regulators are not particularly good at cryptocurrencies (except for individual states), so the MTL licensing system does not form a particularly strong constraint on exchanges' misconduct.

A stronger regulatory framework is the New York Limited Purpose Trust License, which has been selected by exchanges and intermediaries such as Gemini, Paxos and ItBit. The trust license does not require these entities to be insured by the Federal Deposit Insurance Corporation (FDIC), but it does allow these institutions to hold USD deposits in the name of the customer at the bank where the FDIC is insured. This means that deposits paid for stable currencies such as Paxos, Gemini Dollar, and Binance Dollar (managed by Paxos) are covered by FDIC.

There is another question I don't know the answer. Suppose a crypto exchange is hacked and ends up being insolvent, or that only a small portion of all BTC and ETH of the depositor is left. Before the hack, suppose the exchange had issued a large amount of bonds. In a normal capital structure, creditors are considered to have a "priority" level-that is, they receive first claims on the company's assets in liquidation before they turn to other stakeholders. What happens in bankruptcy proceedings? Creditors get paid first, but savers have nothing?

Aside from this extreme situation, to a certain extent you should believe that regulators tend to make exchanges fully reserve, especially when exchanges are subject to more complex state systems or to obtain New York trust licenses. In this investigation, I found that it is very difficult to obtain the following information: which exchanges performed what kind of audits for whom; whether there are structural restrictions on exchanges that cannot mix customer funds and working capital; and during the liquidation process Where the savers are. Regulated exchanges can actually do more work in these frontier areas, allowing users to be protected on these issues.

For unregulated exchanges, protection is even weaker. When an insurance company or investor requires an audit, an unregulated exchange has no pressure by definition to prove its solvency to a third party, or to separate deposits from working capital. In fact, over the years we have seen a lot of chaotic behavior in such exchanges. It is against this background that I believe that Proofs of Reserve is particularly important. This is not a perfect solution, but in the absence of a regulator to look after the exchange, it is the second best choice to prove to depositors that the deposit has been fully reserved. More important than this is that the process of regularly proving reserve conditions will constitute good housekeeping and will alert depositors earlier before problems become fatal.

While conducting this survey, I was surprised to discover that I know very little about how crypto exchanges view reserves. This is not my personal concern, as I never use a third party to host my cryptocurrency. But this is the industry's concern, and I rarely see the discussion. I asked several professionals, which regulatory regulations in the United States cover reserve or audit requirements for crypto exchanges, and whether depositors have priority in liquidation, and the more I asked, the more I became dizzy.

We have talked a lot about trust minimization, and the general topic is the background of cryptocurrency protocols. But what does minimizing trust really mean in the context of a storage institution? Bank supervision exists to protect the accounts of ordinary fiat currency depositors. However, because there is no federal standard, most exchanges do not seek to be regulated like banks (in fact, those exchanges that follow the regulatory path are actually seeking more relaxed regulation). In many cases, we only get an implicit promise that user deposits are treated in isolation and full reserves are retained.

However, exchanges do not have full control over all this, especially when it comes to cryptocurrencies. In some cases, certain events happening on the chain can affect the quality of the reserve in some way. In 2017, Coinbase mismanaged the UTXO set, which means that they have a lot of "on hold" UTXOs. If these UTXOs are to be spent, the cost will exceed their value. Does this mean that they are technically insolvent? There are also loopholes or hard forks that somehow change the registration relationship of the property. What happens if a mainstream exchange is pledged a token, is punished and the coin is confiscated?

These are issues that exchanges, regulators and depositors must face. After I wrote this article and talked to practitioners who delve deeper into these issues, I was struck by a strange paradox inherent in the crypto world: When considering open protocols, we (correctly) minimized trust In the first place, and once the assets become custody, we will ignore this issue and assume that the risk of funds is quite high (and blame users first, thinking they should not trust the exchange).

Of course, exchanges are heterogeneous, and they follow a variety of security and regulatory practices. There must be a gray area, and there are ways to minimize our trust in crypto banks. Of course, asking an exchange like Kraken to provide a proof of reserve is much more difficult (and less reliable) than simply looking at Maker's CDP (mortgage debt warehouse) on the chain, but I think we should still work hard to get the exchange Take responsibility and better understand the situation of savers. In an industry full of contradictions, this is undoubtedly the most enlightening.