Tagged: blockchain

Capital Markets Veteran Gavin Smith Calls for Better Security Standards for Bitcoin Traders


“Blockchain fintech companies can not only provide better security for bitcoin traders we can also solve the problems that plague conventional capital market companies.”

November 15, 2016    London

This is the opinion voiced at the Blockchain Money Conference in London last week. Speaking to an audience of investors, entrepreneurs, and experts including Jon Matonis, Michael Parsons and Roger Ver, First Global Credit’s CEO Smith proposed that companies needed to take a more pragmatic view of risk. During his talk he highlighted specific areas of risk that were being overlooked by bitcoin companies.

“In the conventional capital markets we have many metrics used to measure risk. They are not great; they are not foolproof, but they are a decent framework that [start to] measure where the risk comes from. In the cryptocurrency world, we don’t yet have that.” — Smith asserted.

His statement came in response to ongoing security threats that challenge bitcoin  exchanges. There is not a single year that has gone without reports of online bitcoin wallets being hacked. Many speculators turn to bitcoin trading in hopes of making easy profits from its trademark price volatility. Exchanges such as BitFinex further attract traders by offering leveraged trading based on loans being made by bitcoin holders who are not skilled traders but still want to make a return on their crypto-assets.

Are these practices — and whatever returns they promise — worth the risk if the exchange cannot provide investors with insurance during a security breach? Even the most respected Bitcoin exchanges are not able to protect their customers from hacks that have led to over $80 million worth of losses in last two years.

“BitFinex was one of the largest and most respected Bitcoin exchanges and they still got hacked,” Smith stated. “It clearly illustrates how vulnerable our funds are in absence of adequate risk management protocols.”

 Minimising Risks

Exemplifying his own company that allows bitcoins to be used as collateral margin to trade against fiat currencies, world-wide stock markets, precious metals and ETFs, Smith described what his company does to effectively reduce risk especially counterparty risk.

“First we actively grade bitcoin exchanges based on a weighted set of criteria including whether the exchange is domiciled in a respected jurisdiction, the transparency of their management structure and finally the longevity of the exchange. Once we have identified acceptable counterparties we spread assets across multiple exchanges. We need to be in a situation where we keep operating and continue to provide our customers with service even if one of our counterparties fail. So we don’t risk more than 15% of reserves on any one bitcoin exchange.”

“We further control risk by minimising the time that we have funds out of our control. We do this by continuously moving funds out of exchanges when not actively being used to trade.”

Exchanges are Centralising Bitcoin

“One of the benefits of bitcoin is that it should cut away middlemen from financial settlements, but bitcoin exchanges have failed to follow the vision themselves by acting like centralised authorities.” Smith highlighted these points and didn’t shy away from identifying that his own company was subject to the same issues. He then pointed to current and upcoming developments that are steps in the right direction of combating counterparty risk.

“I believe the real challenge over the next 2 years – for companies who operate in the cryptocurrency capital markets – is to move beyond this model of us holding client funds and being ourselves, a point of risk for the customer assets.”

“We’ve already seen some attempts to deal with this problem, but thus far these have failed because they do not cover the security of funds over the full trade lifecycle. They protect funds when they are initially placed on the exchange, but as soon as funds are committed to an active trade they are subject to the same risks as they are on a conventional bitcoin exchange because they are pooled with other trades. So while protecting inactive funds provides a partial solution, this benefit is counteracted as soon as you open a position and start trading. This is not a particularly useful innovation for funds lodged with First Global because we are actively moving dormant money out of the control of the exchange anyway. So a solution that only protects funds when there is no active trade does not really add value.”

“The second area is using smart contracts to replicate trading. Again, this is a move in the right direction but the problem with the practical use of smart contracts at the moment is lack of liquidity. There is a real challenge of creating a solution that provides good liquidity and real security through the full lifecycle of a trade including point of settlement. To my mind that is where the real benefit and the future lies; If we can create a solution that achieves this we have not only provided value in the cryptocurrency capital markets, we’ve created something that actually leapfrogs existing mainstream capital market risk.”

“All counterparty risk management strategies in existing capital markets are based on allowing banks to transact business securely. Allow bank A to trade with bank B in a way that keeps them from having counterparty risk. Nobody considers the last step in the cycle, the piece that covers the transfer of funds to the end customer. That customer is still expected to assume all the counterparty risk of working with a bank or broker or other institution. If we can create an environment that allows customer A to trade with customer B without any added counterparty risk from working with an institution in the middle, that’s where I think the public blockchain can add real value to the whole finance industry and our market will pull ahead of conventional markets in what we can offer our customers. So in the next two years not only will counterparty risk become actively managed in the cryptocurrency space, I can imagine ways blockchain tech can be adapted for mainstream markets counterparty risk management as well.”

DAO you see it, DAO you don’t

Looking critically at the aftermath of the great DAO heist of 2016

Dao heist artJune 23, 2016    Geneva / London / Hong Kong

By Gavin Smith, Chief Executive, First Global Credit

Anyone interested in cryptocurrency and innovative use of the Blockchain cannot help having heard about the most egalitarian expression of this technology, Ethereum. And anyone interested in the progress of Ether as a DIY cryptocurrency must be familiar with how Ethercoin is being used as the basis of DAOs or decentralized autonomous organizations. DAO is a method for making investment decisions where choices are made by collective agreement not by fund directors.

There already have been a few DAOs but the first one with any traction has been created by German startup, slock.it. Slock.it has members of the Ethereum project team Simon Jentzsch and Stephan Tual on its board. The DAO concept is based on a set of smart contracts that represent investment opportunities presented to the DAO ‘collective’ of investors. Along with buying tokens to the DAO comes the right to vote on which opportunities the DAO takes a position in. The view being that decisions made by consensus will be more profitable as the intelligence of all the investors is behind the selection. Investment utopic dream?

That dream turned into a nightmare last Thursday with news that of the $150m invested in the slock.it DAO at least $60m has been withdrawn by a “hacker” who exploited a vulnerability in the script that governed distributions from the DAO.

The flaw that is at the root of the DAO security problem is based on what first appears to be the strength of the Ether model with its embedded scripting language. Ether permits individuals or organizations to develop powerful smart contracts with complex behaviours. Unfortunately, this flexibility goes hand in hand with the risk that the implementation of a particular solution is not well thought through. This leaves customers of the smart contract (or in this case DAO) at risk of faulty contract implementation with weak security.

This risk has always been played down by the prime movers of the Ethereum project but the fact that the management of Slock.it is also made up of some of the core development talent of the Ether project proves that this risk is not only valid but also not easily overcome – after all, if these developers can’t get the security model right how are others supposed to?

This issue, however, pales into insignificance when compared to the much larger concern … what happens now that the hack has been discovered?

One proposed response to the hack is to roll back the Ether Blockchain – while appearing attractive at first, this route, if taken, has far reaching consequences for Etherium’s future.

Nobody condones the siphoning of funds from the DAO but it should be remembered that this project was highly experimental and participants took part in something that was largely untested with significant risks.

The strength of a public blockchain, which Ether claims to be, has always been the irreversible characteristic of any transaction. Once a transaction has been confirmed it cannot be unwound by any individual or group – this is the very strength of Bitcoin and why attempts to replicate Bitcoins’ benefit structure using private blockchains is a flawed premise – while private blockchains provide benefits of efficiency for member organisations to transact business together without holding counterparty risk, they are by nature limited in their scope, not designed to ‘include’ but exclude participants. In other words they are designed to benefit the “elite few” who run the private blockchain, for instance a select number of banks who wish to extend their cartel with greater efficiency but no benefit to the greater public.

If the Ethereum Project decides to roll back the Ethereum blockchain they simply confirm the charge that is often levelled at Ethereum – it is not a public blockchain at all but a private blockchain developed to move control of the financial industry from one set of hands into another, benefiting Vitalik Butterin and his buddies.

While many would argue that there is no harm in rolling back transactions that were a deliberate exploitation of a weakness in Slock.It’s implementation of the scripting language. You don’t have to dig too deeply to recognise the flaw in this logic.

Is the Ethereum Project going to roll back all future hacks – or just those involving members of the inner circle? What constitutes a hack? One of the proposed uses of Ether smart contracts is an exchange (say for Bitcoin) – If the smart contract incorrectly makes multiple sales at a low price which people identify and exploit – will those transactions be rolled back as well?

Perhaps a smart contract takes place between 2 organisations, one of which is inside the favoured circle of the Ethereum Project – let’s say they decide they don’t like the terms and want it rolled back – does their request get actioned while the other organization foots the bill?

What quickly becomes apparent is that once you lose the irreversible characteristic of the transaction; When it is no longer an independent network that confirms transactions you no longer have a trustless P2P network – you have crony capitalism and you are  simply perpetrating the worst characteristics of the old world financial industry order.

This event represents a critical decision point in Ethereum’s evolution. Do they go down the route of a distributed P2P network with irreversible transactions (which probably means abandoning proof of stake in favour of proof of work) or do they go down the route of a private blockchain with control retained by the select few?

For our part the First Global Credit company will continue to allow holders of Ethereum to use it as collateral for stock and futures trading but, for the time being, our Smart Contract work will remain focussed on Bitcoins’ capabilities. Ethereum, for us, is still a work in progress which we will continue to monitor with interest.