Cybersecurity and Deterrence
How to Start Disrupting Cryptocurrencies: “Mining” Is Money Transmission
Bitcoin arrived on the scene just two years after the iPhone, and in that time it has helped facilitate a whole lot of bad things. All cryptocurrency assets, not just Bitcoin, are zero sum. So every dollar “made” in cryptocurrency was simply provided by someone else. And any volatile cryptocurrency, Bitcoin included, will always be inferior for legal payments.
Now, with the rise of “big-game ransomware,” it is time to explore different methods that different governments, including the U.S. and others, can use to disrupt the Bitcoin and larger cryptocurrency ecosystem. There is no silver bullet, but there are a lot of things that can throw sand in the gears, degrading Bitcoin and other systems into unusability.
One avenue rests on an observation that Bitcoin and other cryptocurrency “miners” aren’t just creating new cryptocurrency or securing the network. They are also specifically acting as money transmitters and need to be treated that way. The U.S. government, especially the Financial Crimes Enforcement Network (FinCEN), needs to pay attention.
Why this is the case requires a discussion of how Bitcoin and other cryptocurrencies are processed and secured by the miners.
Imagine you are in a village where a series of stone tablets in the central square track everybody’s banking activity, denominated in Quatloos. If you want to write me a check for 200 Quatloos with a 1 Quatloo fee, you simply write it and hand it to me. I examine the stone tablets to make sure your balance is greater than 200 Quatloos and then hand off the check to a group of stone carvers.
Each stone carver then takes a pile of checks, ensures they are all valid, and carves a new tablet to add to the pile of tablets. On that tablet the stone carver also adds one additional check, one that pays the stone carver 25 Quatloos plus all fees for his labor, and a physical link to the previous tablet to create an unbroken record.
One stone carver is faster than the others and completes the tablet first, winning the race, which means the other stone carvers just wasted their effort. Once this new tablet is complete, I now have 200 more Quatloos, you have 201 less Quatloos, and the winning stone carver gained 26 Quatloos, effectively collecting the bulk of his payment by diluting the value of all the existing Quatloos.
FinCEN and other regulators would, without hesitation, call the winning stone carver a money transmitter—someone who accepts currency (or a substitute) from one person and transfers it to another, regardless of the means used. He processed the check, ensured that it was valid, and then recorded the check to transfer the money from your account to mine. As a money transmitter, the stone carver has a large number of legal obligations designed to prevent misuse of his services. A cryptocurrency “miner” is no different.
Cryptocurrencies all start with the same basic concept: a public ledger of all confirmed checks and a method by which the miners add to the ledger. The biggest difference between this “blockchain” and our pile of stone tablets is the nature of how the accounts are identified and the mechanism of determining the “winning” tablet.
Our village tablets have names, but the cryptocurrencies identify accounts by their public key—effectively a very big random number, and anyone can create as many public keys as they want. It isn’t a matter of making sure that “bitcoin doesn’t become the equivalent of Swiss-numbered bank accounts”: Bitcoin and most other cryptocurrencies only consist of “Swiss-numbered bank accounts”!
The mining process starts with a pile of unconfirmed digital checks, cryptographically signed by the accounts’ corresponding private keys (in public key cryptography, only the private key can generate a signature but anyone can verify the signature with the public key). Each miner takes all the checks and decides which ones they are going to consider. Miners first have to make sure that each check they consider is valid and that the sending account has sufficient funds. Miners then choose from the set of valid checks they want to include and collect them together in a “block.”
This block contains two more pieces of information: a pointer to the previous block (uniquely identified by a cryptographic hash, thus the “blockchain”) and an additional check saying “pay the miner’s numbered account the mining reward and any transaction fees.” Now the miner checks if the block would be valid, based on the particular lottery scheme the cryptocurrency employs. If not, the miner tweaks the block slightly and tries again, repeatedly generating and checking to see if the block matches the requirements.
The details of the lottery vary. Bitcoin and Ethereum use a scheme called “proof of work,” which requires simply trying until a miner gets lucky. Other cryptocurrencies use “proof of stake,” where the probability of winning the lottery depends on the amount of cryptocurrency the miner already has, sort of a “he who has the gold enforces the rules” scheme.
Eventually one miner gets lucky, becoming a “block creator” with a new block that meets the rules according to the cryptocurrency’s underlying scheme. That block is then broadcast to the world, confirming the included checks and updating everyone’s balances. Now all the miners start working on the next block with all the remaining and any new unconfirmed checks.
During this process the miners are making active decisions on which checks to include. Not only do the miners have to make sure checks are valid, but they also have to make numerous choices beyond this, usually focused on maximizing revenue by selecting the checks that provide the highest fee to the miner. So a miner who creates a block is explicitly making decisions about which transactions to confirm. This successful miner, like our village stonecarver, is a money transmitter.
And these miners are transmitting a lot of value. Let us examine a single Bitcoin block—the newest block when I wrote this paragraph. In this block the miner, “F2Pool,” confirmed 2,644 transactions representing a notional value of $1.6 billion. Of course many of these transactions are simply noise (the Bitcoin blockchain is notorious for transactions that do not represent real transactions), but even the “small” transactions represent several hundred dollars moving between pseudonymous numbered accounts. And each and every one of them was processed, validated, selected and recorded by this one mining pool.
The cryptocurrency community remarks that the mining system is “decentralized”—that is, because there are many participants, this implies that no single participant is responsible. Yet because every given transaction is validated by the winning block creator, that winning miner is the money transmitter for that transaction. Additionally, due to pooling, the mining process inevitably centralizes into the hands of a few actors: 75 percent of all Bitcoin transactions are validated by one of just seven mining pools, and a similar phenomenon is seen in the other currencies, no matter what scheme they use.
So not only does “decentralization” not absolve the winning block creator of responsibility for being a money transmitter, but also only a few actual block creators are doing most of the money transmission for Bitcoin and most other cryptocurrencies. So if we call a spade a spade, and a cryptocurrency miner a money transmitter, what does that mean?
Right now the FinCEN guidance on money transmission and virtual currencies is pretty clear: Whether or not a person is a “miner” or “creator” has no bearing on whether they are just a “user” (not affected by the Bank Secrecy Act), an administrator or an exchanger.
Using the cryptocurrency you mine is not acting as a money transmitter (in that case you are a user), nor is distributing the proceeds internally in a mining pool. But FinCEN’s current guidance never connected the dots: The miners are the money transmitters in a cryptocurrency system because they are validating the transactions.
The legal questions here are complicated and beyond the scope of this post, but here I’ll propose what I see as the ideal, if perhaps ambitious, policy fix: In an ideal world, FinCEN would issue a new guidance statement establishing that cryptocurrency miners who act to validate third-party transactions are money transmitters. This would provide necessary clarity and would not represent any new regulation or rule-making but, rather, the straightforward application of FinCEN’s existing standards.
What would treating mining as money transfer mean? For U.S.-based mining pools, it is impossible for them to function in their current form. They simply are incapable of performing the anti-money-laundering and know-your-customer (AML/KYC) required of money transmitters on the transactions they validate. After all, you can’t do AML/KYC on every Swiss numbered account. Instead, any U.S.-based mining pools would need to make a list of allowed wallets and validate only those transactions.
There is proof that one can attempt to produce a “sanctions-compliant” mining pool. Marathon Digital Holdings is a small mining pool (roughly 1 percent of the current mining rate). During the month of May, Marathon used a risk-scoring method to select transactions, intending to create Bitcoin blocks untainted by money laundering or other criminal activity. Yet they stopped doing this because the larger Bitcoin community objects to the idea of attempting to restrict Bitcoin to legal uses!
Treating mining as money transfer might also affect participants in mining pools. The pool itself decides which transactions to approve and just provides a stub for various miners to try to find a lucky winner. When an individual miner gets lucky, it sends the result to the pool and the pool subsequently distributes the revenue among the participants. Although the FinCEN guidance says that renting out computer services for mining is not acting as a money transmitter, the use of U.S. resources would bring a foreign mining pool with U.S. participants under the cover of U.S. law.
This basic observation—that cryptocurrency miners, no matter the cryptocurrency itself, are money transmitters and should be treated as such—would effectively outlaw Bitcoin, Ethereum and other cryptocurrency mining in most of the world. And some nations that generally don’t follow FinCEN’s model, notably Iran and China, are cracking down on Bitcoin mining because it poses both a local money-laundering threat and an obscene waste of energy.
Making cryptocurrency mining illegal won’t stop all mining, but it will seriously disrupt it. Bitcoin mining is not a small activity from a physical standpoint, a power load standpoint or a network standpoint. If the countries around the world address cryptocurrency mining as the security risk it is—after all, even the roguest of rogue states wants to limit money laundering that isn’t in their interest—hopefully this can reduce the cryptocurrency problem.
Additionally, Bitcoin and other proof-of-work cryptocurrencies have a security weakness: The system is secure only as long as there is a lot of continuously wasted effort. If the available mining drops precipitously, this enables attackers to rewrite history (a rewriting process that, if it only removes transactions, is arguably not a money transmitter). I’m certain ransomware victims and their insurers would pay $1 million to a service that would undo a $5 million payment.
It is time to seriously disrupt the cryptocurrency ecology. Directly attacking mining as incompatible with the Bank Secrecy Act is one potentially powerful tool.