Notes from the Vault
Larry D. Wall
August 2019

Satoshi Nakamoto's 2008 bitcoin white paper argues that a major problem with electronic payments is they rely "almost exclusively on financial institutions serving as trusted third parties." The paper notes that the reliance on trusted third parties creates various frictions, including the impossibility of making transactions irreversible.1 Thus, Nakamoto's paper set out the goal of creating a system that would allow "any two willing parties to transact directly with each other without the need for a trusted third party." The only requirement is that "a majority of the CPU [central processing unit] power is controlled by honest nodes." In the years since the paper was released, many other types of blockchain tokens have been created. In most cases, they follow the original bitcoin model in that they do not require the existence of a trusted third party and allow any two willing parties to transact directly.2

Yet the operation of a payments system without a trusted third party comes with some potentially adverse consequences. The financial world has long attracted bad actors who seek to obtain others' assets via fraud and/or theft. In part, this attraction reflects the fact that unlike physical assets, financial assets are typically designed to be easily transportable, and monetary financial assets are widely accepted in payment for goods and services. As a result, societies around the world have developed a variety of trusted third parties and other mechanisms that help to reduce the risk of fraud and theft. A further benefit of this reduced risk is that users of traditional financial claims (including money) need not have a deep understanding of the workings of their financial system to be able to transact with relatively high confidence in most settings.

This post begins with a brief summary of how the existing financial system is structured to reduce an individual's risk of theft in online transactions while providing convenient mechanisms for making payments. The post then discusses various options for protecting cryptocurrency holdings from theft, their implications for the ease in making payments, and reliance on trusted third parties.3

Transactions funds held in traditional banks
Ideally, transactions funds are safe from theft while being stored but convenient to use when the holder wants to make a purchase. Over the last century, individuals have typically held their transactions balances in some combination of paper currency and bank accounts. Paper currency is convenient for small transactions, but in most cases, it is also too bulky and exposed to theft to be a good option for large transactions balances. Bank transactions deposits provide both better security than physically carrying currency and greater convenience than storing currency at home.

As the internet has developed, the ability to make convenient electronic payments has become increasingly important, which further reduces the incentive to hold large transactions balances in paper currency. However, electronic payments systems based on existing internet technology create the potential for anyone with internet access to try to steal these transactions balances.

Both individuals and banks have a role to play in reducing losses due to electronic theft. Banks' role would naturally arise as banks compete with one another to provide services that are more valuable to consumers. However, commercial banks' incentives to help avoid such theft are increased in the United States by Federal Reserve Regulation E, which places much of the liability for loss from electronic payments on the banks.4 Further, president Ronald Reagan's signature saying of "trust but verify" holds for banks in their role as trusted third parties. Banks are subject to prudential regulation by federal supervisors that includes reviews of their electronic data processing systems. Larger banks also have internal audit departments and outside auditors that review their cybersecurity.

This is not to say that bank customers are completely protected from the risk of having their funds stolen via an electronic mechanism. Thieves are constantly looking for opportunities to use electronic means to steal funds, and consumers must provide timely notice of potential losses in order to limit their risk of loss under Regulation E. However, the relatively low risk this poses to consumers is illustrated by a Federal Reserve Board report addressing one of the risks. The report found that total fraud losses on debit cards in 2017 were only $11.20 per $10,000 transaction value, with 53 percent of the losses absorbed by merchants, 42 percent by issuers, and only 5 percent by cardholders.

Transactions funds held in cryptocurrency
Bitcoin sought to solve the problem of online theft by relying on cryptography. A person could transfer his or her bitcoin from one address to another only if that individual had the public key (address) and private key (effectively, the password for any bitcoin held at that address). The risk is that if the keys are stolen, a thief could transfer the bitcoin without the owner's permission. Moreover, the irreversible nature of the transaction meant that there was no method for the rightful owner to reclaim the bitcoin. Additionally, if the owner loses the private key, the individual effectively loses the bitcoin, as the bitcoin protocol provides no mechanism for recovering a lost private key.

One potential way to avoid losing the private key is to pick something that the user can easily remember. However, Andy Greenberg, a senior writer for Wired, reports that there are programs running on Ethereum that look for guessable private keys and empty out the accounts when found.5 The alternative to taking the risk of someone guessing the private key is to pick something sufficiently long and complex so that it is highly unlikely to be guessed, but complex keys are difficult for most people to remember.

If the private key is not easy to remember, however, then the cryptocurrency holder has several options for storing the key. The alternatives are discussed in a number of primers (for example, see here) and reviews of specific products (for example, see here). Two relatively convenient places to store a private key electronically are on one's computer or cell phone. The weakness of these options is that if the device is hacked, the funds can be stolen. Additionally, if the device breaks, there is a risk that the private key may be lost, resulting in the loss of the funds.

An alternative to storing the private key on a device connected to the internet (called "hot storage") is what is known as "cold storage" in a secure location. Cold storage is considered more secure but it is also less convenient. One low-tech form of cold storage is to record the information on a sheet of paper. That can be physically carried out, but it is at risk of being lost, stolen, or damaged. A higher-tech solution is the use of a hardware device such as a specialized USB drive supplied by a trusted third party. A variety of hardware "wallets" that create and store private keys are available. However, even here the user must take precautions as a CoinTelegraph article by Julia Magas discusses a number of ways in which these wallets have been successfully hacked. Moreover, even though these hardware devices can be easier to use than paper storage, the owner must have the device in his or her possession before making a cryptocurrency purchase.

Given the problems with individuals storing their private keys, an alternative is to place full reliance on a trusted third party. One such trusted third party that provides relatively convenient access to holdings is a cryptocurrency exchange. Still, these exchanges are also vulnerable to attacks, with a report by CipherTrace estimating cryptocurrency losses due to theft and "exit scams" worth $356 billion in the first quarter of 2019.6 Some of these losses have been covered by insurance funds set up by individual exchanges, such as was the case for the 2019 hack of Binance, according to an article by Vox reporter Emily Stewart. However, in many cases the losses were uninsured.

A more convenient way of making payments using cryptocurrency is a cryptocurrency debit card, especially a bitcoin debit card. However, as an article in 99Bitcoins notes, "Bitcoin isn't controlled by anyone so it can't issue its own debit card." Thus, bitcoin debit cards also must rely on a third-party prepaid debit card. The user would deposit bitcoin with the debit card provider, which converts them to a sovereign currency and may charge a fee for the service. The cards are relatively convenient, often relying on widely used payments systems such as Visa. On the other hand, these debit cards are also open to one of the problems that Nakamoto listed in his original white paper. For example, a web page for BitPay's prepaid Visa card provides a mechanism for disputing charges on the card, calling into question the finality of these payments.

Conclusion
The convenience of electronic access to transactions funds comes at a cost, also making it potentially possible for hackers around the world to gain access to the funds. A combination of competitive conditions, legal responsibility, and regulatory pressure on banks has resulted in bank payments systems that are easy to use. These payments systems are not completely risk free to retail consumers, but they allow consumers a comparatively high degree of convenience with relatively little concern that they are at risk of having their funds stolen.

In contrast, cryptocurrencies such as bitcoin and platforms like Ethereum place substantial burdens on their holders to avoid theft or loss, and provide (virtually) no mechanism for recovery if the funds are stolen or the private key is lost. Some trusted third parties have arisen to ease the burden on owners of cryptocurrency. However, some of the more popular third-party solutions are rather inconvenient relative to accessing bank funds (hardware solutions) or vulnerable to theft and exit scams (exchanges). Thus far, one of the safer and more convenient systems for transacting with bitcoin balances relies on the sort of trusted third parties whose frictions originally motivated Nakamoto to create bitcoin.

Larry D. Wall is executive director of the Center for Financial Innovation and Stability at the Atlanta Fed. The author thanks Brian Robertson for helpful comments. The view expressed here are the author's and not necessarily those of the Federal Reserve Bank of Atlanta or the Federal Reserve System. If you wish to comment on this post, please email atl.nftv.mailbox@atl.frb.org..

_______________________________________

1 Nakamoto argues that transactions cannot be made irreversible because financial institutions "cannot avoid mediating disputes." Yet, if transactions are reversible, this raises costs to merchants that they pass on to consumers. Further, merchants are incentivized to demand "more information than they would otherwise need" from potential customers.

2 The proposal by Facebook and others to create a Libra coin is an exception. The Libra white paper says that it will be initially designed to operate on a permissioned blockchain under the control of Facebook and its partners. As a result, Libra will, at least initially, have a trusted third party and might, depending upon how it is implemented, provide convenience and security roughly comparable to that provided by bank accounts.

3 This post focuses on the use of cryptocurrency and sovereign currency as a means of payments. Cryptocurrency enthusiasts often argue that one of the problems with sovereign currency is that it does not retain its value due to excessively accommodative monetary policy. A full discussion of the issues related to currencies (crypto and sovereign) as a store of value raises a number of issues that go far beyond this post. For current purposes, it is sufficient to note that this issue is not as one-sided as portrayed by some. The value of most crypotcurrencies has thus far been considerably more volatile than that of major sovereign currencies.

4 Regulation E implements the Electronic Funds Transfer Act as adopted in 1978 and subsequently amended.

5 Greenberg also reports on suggestive evidence that similar activity is taking place with weak bitcoin keys.

6 The CipherTrace defines "exit scams" as cases where the "founders and executives embezzled users' custodial crypto funds, and then slipped away quietly." The report also notes allegations by the New York Attorney General's Office of fraud involving the loss of $851 million. See also an article by CoinIQ author Alex Munkachy, giving a historical listing of cryptocurrency exchange hacks through 2018.