Hacker News new | past | comments | ask | show | jobs | submit login
Bitcoin's fungibility graveyard (sethforprivacy.com)
252 points by yamrzou on Feb 5, 2022 | hide | past | favorite | 367 comments

Yeah, it's a privacy nightmare. The exchanges refuse our money if it has ever passed through a privacy service and they continue to track what we do with it even after it's been withdrawn from our accounts. Nice to have a collection of examples I can point to whenever someone says bitcoin is fungible.

It makes no sense to me how bitcoin is still number one cryptocurrency despite it's garbage fundamentals. Failed at everything it was supposed to do.

Because the intersection of the stated goals and the actual goals is essentially empty. The actual goal isn't to be useful, it's to make the early adopters rich.

It's such a bizarre industry because I think the technical issues are really interesting and the potential for cryptocurrency is huge, but in practice it's 99% about speculators trying to get rich quick. That's really boring!

"The technical issues are really interesting" is how you know it's a scam. It's like working for Facebook; they keep everyone interested by having them write unnecessary but interesting projects like new build systems and new PHP runtimes. Except that every contribution makes the price of ETH go up, and FB pays you.

I...think you just described society

It is, but there's probably more actual interesting development and design activity going on than you realize.

There's simply a real discovery problem, because of the aforementioned gold rush. Participants have too many incentives to bury accurate information that speaks against their investment, spread misinformation that embellishes it, suppress information about projects they want to invest in but didn't yet, ...

That's brilliantly said!

The argumentation of typical crypto fan is like the motte and bailey fallacy mounted on a helicopter rotor, constantly oscillating between some noble goals (decentralisation, freedom, privacy, anti-inflation, anti-fractional banking) and the "have fun staying poor" snark.

that's an ignorant statement. There is a ton of development and deployment happening to make the Lightning Network be a high-throughput, low cost way to move bitcoin around the world. A lot of people are working to make bitcoin more useful to more people.

To be fair, we have given Bitcoin more than enough time to mature into the ideals Nakamoto had envisioned. Can we just call it a failed project and move on to cryptos that actually deliver on the promise.

Even with Lightning, Bitcoin won't ever be good digital cash because it won't have stable value and it isn't as private as, say, ZCash.

> It makes no sense to me how bitcoin is still number one cryptocurrency despite it's garbage fundamentals. Failed at everything it was supposed to do.

It doesn't matter that bitcoin failed in everything it set out to do (and more) because people don't "hodl" bitcoin for the things bitcoin set out to solve. They do so because the want to go "to the moon". If your only interest in crypto is speculative investment, then you aren't interested in the fact that bitcoin is broken beyond belief: The important thing is the market-recognition since that maximises the chance for high demand, which induces hyper-deflation, which sends you to the moon.

Nobody, or very few people, care about crypto for any of its features and the people that tell you they do probably "hodl" substantial amounts of crypto and hope to drag you into the pump.

There's not a single problem crypto solves without inducing a new party with equal amounts of leverage (i.e. you don't need VISA, but you do need exchanges) because at the end of the day, crypto is built to change the people that control the money rather than remove control structures entirely because that's impossible: there are always going to be people that facilitate the interaction of the blockchain with the real world and these interpreters/resolvers are the powers in crypto.

However, that doesn't matter: nobody buys crypto the currency, they buy crypto the investment and from that POV bitcoin is still the non-plus-ultra in speculative hyper-deflations.

> crypto is built to change the people that control the money

Yep, crypto is a revolution being staged to replace the establishment (central banks and traditional finance) with a new one (crypto/defi founders and adopters). The goal is to use the new marketing to draw people to the new system and become the new rich. The earlier and more you buy into it, the more incentive you have to spread the word.

This is why it makes sense to rebuild everything in crypto despite it being less efficient. It needs to be done, so that the new system (that replaces all parts of the old) is ready for people to be drawn into it.

its less efficient because decentralized things are less efficient by design. they sacrifice efficiency for the authoritiless nature. That is the goal - to remove authority from money. Money should just exist and have rules and thats it. That's what cryptocurrencies are.

to me, its that even if what is happening is that some new ruling class is being established, the difference is that the new ruling class won't be able to fundamentally change the rules anymore. Currently our monetary system is managed by rooms of Very Smart People that can change things at a whim and the cracks are starting to show.

but yeah, things are interesting though.... there is a recent upswell of proof of stake, which is just central banking all over again. So the new system might end up looking the same as the old system if these PoS coins become more common. The difference is though is that bitcoin is unstoppable. Like, its price could be 40k, its price could be 400k. The protocol will still work. The old system has no choice but to adapt or whatever.

If you compare to Monero, you see that Monero isn't even allowed on these exchanges. So, it seems that you can't really have privacy combined with high exchange liquidity.

Monero is on Kraken US. Coinbase and Gemini, acting as companies choosing to add the coin they're mutually invested in Zcash instead of Monero, is a dumb indicator to use of what's "allowed," especially when there are obvious compliant examples in the US (Kraken, DV Chain, etc).

I was under the impression the exchanges chose not to list Monero voluntarily. After all, Binance does have it.

Kraken US supports Monero, so clearly it can be done. If another exchange chooses not to, that's a company making their own decision.

Can you explain what you mean by "high exchange liquidity"? My understanding is it's a policy issue not tech.

Automated exchanges like Uniswap have Monero.

edit: Uniswap has Wrapped Monero, not actual Monero.

Not answering to the question, just correcting your last phrase: Uniswap has wrapped monero (WXMR) which is not quite the same as Monero, and with a ridiculous liquidity of ~200k$ currently (https://geckoterminal.com/eth/pools/0x14c10b4bdccd9d3f8940fb...)

How does wrapped monero work? I've seen a lot of wrapped coins but I'm not sure why they exist or why I would want to use them.

From what I've understood, coins are wrapped to enable cross-chain movements. Let's say you have X BTC, but you want to take advantage of ERC-20 features. You can "move" your BTC to Ethereum blockchain by depositing your X BTC in Wrapped BTC (WBTC) smart contract. It'll lock your BTC, and give you the equivalent amount of WBTC tokens, which are ERC20 tokens on the Ethereum chain.

Wrapped tokens enable use across otherwise incompatible blockchains.

Wrapped tokens are facilitated through a bridge. The bridge contract(s) lock the tokens on one blockchain, and re-issue wrapped tokens on a second blockchain. At a 1:1 peg.

That way the wrapped tokens can be used in Defi or Dapps on the second blockchain, and later (if desired) sent back through the bridge to be “unwrapped” into their original form, on the original blockchain.

This is so cool! I feel like this is the sort of creative enablement that smart contracts bring to the table.

Just note that for now, most of those bridges are custodian. AFAIK at the moment the only trustless one is RenBTC. The more popular WBTC and others are essentially just some trusted entity issuing IOUs when you give them your BTC.

Ah my mistake! Wrapped Monero isn't Monero, got it.

It really does seem like the main purpose Bitcoin is succeeding at is sort of a digital gold. It's not good as cash, privacy, or anything else. Lightning seems like a joke compared to the types of efforts happening on Ethereum.

Appreciate this thorough analysis of problems with cryptocurrency.

Disclosure: crypto owner

In what way is Lightning a joke compared to what's happening on ethereum? People are using Lightning to get more remittance money to their families, while over in ethereum folks are speculating on jpegs and yield farming ever-more-unsound token schemes.

Is it cheaper than Transferwise?

I can't say this for lightning or bitcoin, but a similar question was asked of nano.[1]

When I checked the numbers, it was 4% cheaper, but the convenience factor wasn't there.

[1] https://www.reddit.com/r/nanocurrency/comments/nuz7f8/nano_a...

Can you expand on "Lightning seems like a joke compared to the types of efforts happening on Ethereum" ? I was just in El Salvador and Lightning was a faster and more convenient experience than credit cards...

Happy to hear more about your experience!

To answer your question, what I've read about Lightning it sounded convoluted. The need to have a watcher keeping a channel open, invoices, just seems overly complex. I have tried receiving sats from online Lightning faucets and that part was impressive.

Ethereum's L1 growth and improvements seem more logical to me.

Is there a good place to go to track the adoption of Lightning?

Kind of strange to call Lightning convoluted and then cite Ethereum as a foil. Lightning is much simpler than what Ethereum is trying to do, and evidently so when you compare progress on each so far.

Lightning was recently added to Cash App, for one big corp fiat onramp/offramp example.

2022 is off to an interesting start!

"Block’s Cash App adopts Lightning Network for free bitcoin payments" https://techcrunch.com/2022/01/18/blocks-cash-app-adopts-lig...

Lack of fungibility makes Bitcoin worse than gold in that area. Gold doesn’t have a “permanent record” like Bitcoin. It’s more like a virtual deed to a plot of land that you can’t rent or use

Gold often has distinguishing markings on it, but in the end, a bar can always be melted down and recast.

> It’s more like a virtual deed to a plot of land that you can’t rent or use

Or, you know… gold

As gold price increases, more mining can be afforded. This helps stabilize its price because of increased supply.

As BTC price increases, more mining is still afforded, but this does not result in an increased supply and stabilized price, only in unmitigated high price and more energy spending.

If you keep calling Bitcoin digital gold they're going to start taxing it like gold. Goodbye long-term capital gains.

One project I'm following is Aztec Protocol. It's an Ethereum L2 (so faster & cheaper transactions, similar to Lightning) but it supports any Ethereum asset (ETH, USDC, WBTC) and is fully private.

The only thing that goes for Ethereum is the fact that it's used for creating worthless numerous other pump and dump crypto currencies on top of its blockchain where Shiba Inu is the latest glorious example. Solves nothing, serves no purpose but increases the demand for Ethereum transactions which ultimately drives the cost of Ethereum. All those poor sods who have invested in Shiba Inu? Plain idiots to put it mildly.

Oh, and NFTs as well. Another worthless crap just to create more Ethereum transactions. Why worthless? Because ... Ethereum is just one of multiple crypto currencies/block chains and tell me again why your particular NFT on top of Ethereum is worth more than the same object on another blockchain? And how many times can the same object be (re)sold on all other blockchains? Do you need to own all of them? Or Ethereum NFT is somehow better?

No affiliation with Aztec, but it's absurd to lump them in the same bucket as Shiba.

> pump and dump crypto currencies

Aztec has been in development since 2017, and has solved some real problems in cryptography in order to accomplish their goals. Besides, it doesn't have its own token, so there's nothing to pump.

> Solves nothing, serves no purpose

It allows Ethereum users to transact in private.

> but increases the demand for Ethereum transactions which ultimately drives the cost of Ethereum

It does the opposite, since it's a rollup - the transactions happen off-chain.

Aren't NFTs very very useful for money laundering?

Neat can you talk more about what makes it fully private? How does it work?

> It makes no sense to me how bitcoin is still number one cryptocurrency despite it's garbage fundamentals. Failed at everything it was supposed to do.

Peer-to-peer, permissionless, trustless (i.e. not controlled by any one entity), known issuance schedule, fixed maximum supply, and unyielding consensus parameters all still hold up today. Seems to be doing just fine at what it was "supposed to do".

> It makes no sense to me how bitcoin is still number one cryptocurrency despite it's garbage fundamentals. Failed at everything it was supposed to do.

It hasn't failed at not being controlled by people which fiat currencies have failed completely. Do you control the inflation rate? Do you control how much currency is being minted? And tons of other things.

> Do you control the inflation rate? Do you control how much currency is being minted?

Exchanges are essentially banks. They offer bitcoin loans, essentially creating new coins out of nowhere. Fixed money supply is utterly powerless before the inflationary power of debt.

Afaict this requires transactions to happen off chain?

If you let people manage your coins in their wallet, they can pretend there's more of them, but they can't actually trade that many

> hasn't failed at not being controlled by people which fiat currencies have failed completely. Do you control the inflation rate?

Bitcoin has proven to be a worthless dollar inflation hedge. It’s more correlated to the stock market than any real dollar.

Like a marshland for tidal water, stock is best inflation hedge working by sponging the overflowing inflational liquidity, and no wonder that Bitcoin behave similarly.

> stock is best inflation hedge working by sponging the overflowing inflational liquidity, and no wonder that Bitcoin behave similarly

Agree on the mechanics. Equities are a classic inflation hedge. But the reality is that if three people, in the last year, attempted an inflation hedge, one with TIPs or Series I bonds; one with equities; and one with Bitcoin, the last gained little over the middle. Both likely lost value relative to the first.

If your inflation hedge loses value during inflation because the Fed will raise interest rates because of inflation, yes, there were external factors at play, but no, they’re not to blame, you hedged badly.

I disagree with your assessment that Bitcoin is worthless: 1. Can't get any better for money laundering, just add a sprinkle of Tornado Cash or whatever your favorite tumbler is today. 2. Great speculation token on a par with gambling. Gambling is not illegal as far as I know in the US. It started in Indian reservation but became legit quickly when they cut a deal with each single state (so they can collect taxes) 3. Greatest Ponzi scheme ever. Same with other currencies. Get in early, make a fortune. Get in late, get screwed. 4. Very aspirational. Millions of suckers hate their government and were ripe to gobble up anything that would get them out of their not so exciting future. 5. Unleashed a massive amount of creativity. Just sign up to the top Crypto "thought leaders" on Twitter. Unlimited entertaining. 6. Petty crime and gangs move over, we are in a whole other league here. Rug pulls, scams,...It is just a matter of time before Crypto Bros will face a handgun in the mouth. Hand me the magic keys or we'll cut your kids fingers. 7. Plenty more to come. (edited spelling)

> Do you control the inflation rate? Do you control how much currency is being minted?

You don't control any of that with bitcoin.

> Do you control the inflation rate? Do you control how much currency is being minted?

If you're living in a democracy, you do get a say in those things or at least in selecting the people who decide those things, along with all the other voters.

Currency is created through lending; this works even if the currency is theoretically deflationary.

There's one thing that Bitcoin does better than almost any other cryptocurrency right now, and it's being secure against consensus attacks. Ethereum comes close, Chia arguably surpasses it, but otherwise most cryptocurrencies could very easily succomb to collusion and majority attacks.

Proof of stake chains are virtually immune to collusion and majority attacks. A single actor would need to own huge amount of resources and then essentially burn the coins. To purchase such a dominant stake the price would rise very quickly... making it very unlikely to be feasible. In comparison, attacking the larger Proof of work chains only requires a few $100M in hardware (the harder ones) and a MW-scale power source used sparingly. I don't see why PoW is still used...

They are not immune at all. The security assumptions are different.

> A single actor would need to own huge amount of resources and then essentially burn the coins. To purchase such a dominant stake the price would rise very quickly... making it very unlikely to be feasible.

You are assuming here a single-sided market where the existing majority holders are not interested in realizing profits on their holdings. For many cryptocurrencies this is not the case, especially the hyped VC-funded ones.

If you are a large majority holder, selling off to a known exploiter is a very risky move. You might be able to realize great profits of the price increases. But you don't know how much the attacker has gathered from other sources. I think realistically it can happen, but a takeover attempt from buying a large stake should be plainly obvious. The community could even organize price fixing (i.e. "hold", which we've seen on WSB) to fend off the attack. You can even pull off something like forking the chain to invalidate the funds of the attacker -- it would be pretty obvious which stakeholders are responsible for the attack. For a chain where those coins are tainted or deleted from the chain.

Those avenues are not really available for PoW chains... if an attacker gets the necessary hardware, there's not much you can do. You can try changing protocol, changing algorithms, etc. but this has obvious consequences of its own (making all mining hardware so far near worthless)... it's a bit scary to be honest.

> The exchanges refuse our money if it has ever passed through a privacy service

I'd love to learn more about this, does anyone have relevant links or info?

It's called "tainted Bitcoin". Basically, you can get a list of all transactions a coin was involved in since it was minted. If any of those transactions contain a blacklisted address, exchanges would refuse the token.

> I'd love to learn more about this,

It's worse than this.

Coinbase, for example, will close your account if you use you Bitcoins for things they don't approve of AFTER you withdraw them.

This is... remarkable. Many cryptocurrency advocates have promoted bitcoin by making exaggerated claims regarding fiat currency's centralized control and lack of privacy. Now bitcoin itself exhibits the very characteristics that were often claimed about fiat currency, except it's not an exaggeration.

Easy solution don't use Coinbase. It's not the end of the world.

> Easy solution don't use Coinbase

I most certainly don't.

But the hordes of clueless users who continue to flock to the platform are blissfully ignorant of that fact.

Worse, the fact that coinbase is behaving in a way that's completely violating the spirit of Bitcoin while profiting from it doesn't solve the problem that what they are doing is possible because of a severe limitation of the platform.

I am a big and very long time fan of Bitcoin, but the traceability / fungibility issue has bugged me from day one.

I really wish the dev. community would focus on introducing a fork with an technical solution to this problem instead of polishing the turd with minor stuff no one really cares about like taproot.

Here's a relevant episode of the ZK Podcast about cryptocurrency mixers: https://zeroknowledge.fm/111-2/

Look up AML regulations in your jurisdiction. They typically have a transaction risk level and I assume somehow the anonymity ups that risk.

It's amazing how they keep shifting the goal posts every couple years.

First it was supposed to be digital cash, but then suddenly it's gold and now "digital property".

When it became apparent that it's very wasteful they said the only thing hard money can be backed by is pure entropy.

Even though Bitcoin failed at many things, I don't see it as a failure as it literally started it all.

All the other cryptos are created after Bitcoin and learned from its shortcomings to build something better.

It did create and then prove an incredible and utterly novel and important concept.

Your downvotes are invalid.

I don't own and never have owned any btc, or any other crypto, and at this point wouldn't touch btc in particular with a 10' pole for several different reasons.

But the very concept of a distributed ledger that may actually be trusted is both revolutionary and proved.

It's collossal despite all the current degenerate uses and wasteful implementations.

Agreed. When the integrity of the chain is compromised, I'll call it a failure.

In the meantime, I'll leave it to the opinionated pissants on both sides to continue acting like they understand anything about what's to come from a system with so little precedence.

What are you expecting exchanges to do? If you passed through privacy service you need to prove that your money is not associated with crimes. It is completely your fault. I am actually happy to hear that people who are laundering money will have hard time.

On the other hand bitcoin is shitcoin. That is a fact anybody shills bitcoin is possible scammer. Anybody says bitcoin is future is retarded.

How did it fail at creating a distributed database of a finite digital good made up of non-trustworthy actors?

Yeah it's not a good currency but many design goals were reached.

I think it was a proof of concept. It did its job, but the speculators can't let go.

It's Pokemon cards, but for tech bros.

The author of this article minsunnderstinds what fungibility means. '

Fungibility does not mean non-unique or non-traceable.

Fungibility means that a given asset is legally identical to all other instances of the same thing.

For example, every $20 bill and every share of Apple stock has a serial number that uniquely identifies it, but that uniqueness is legally irrelevant. You broker has no obligation to give you a specific share of stock nor your bank a specific $20 bill. Financial securities are fungible.

Bitcoin is fungible.

== Edit:

Commentators are confusing fungibility and traceability. They are very different concepts. Non Fungible Tokens are just as traceable as Bitcoin, but they are non-fungable.

I wrote a detailed article about this [1] a few weeks ago if you want to gory details.

[1] https://www.disruptingjapan.com/what-three-card-monte-can-te...

Fungible simply means “interchangeable”, legality has nothing to do with it [0] (especially, it seems to me, in regards to a system that doesn’t seem explicitly subject to legal constraints like bitcoin.)

One bitcoin is, in theory, interchangeable with any other without a loss of value. However, bitcoins with a dubious history of transactions can, and apparently are, being refused in some circumstances. Clearly some bitcoins have less utility, less value, than others.

The traceability of a bitcoin leads to it possibly being rejected in some transactions, not because ant given bitcoin is (again, in theory) no different than any other, but because one bitcoin’s history may be tainted.

The “blood diamond” analogy seems appropriate - such a diamond remains a diamond, and is technically no different from a comparable “clean” diamond, but reputable dealers and customers will avoid them. Effectively rendering these diamonds of less value than others.

In theory bitcoins are fungible. In practice they are not.

[0] https://www.merriam-webster.com/dictionary/fungible

So when you accept BTC, how do you know if you'll be able to pass it on again? Is there a blood coin list?


Here's something interesting about tainted coins. The commenter took out a Blockfi loan on coins he's had since 2020. The person he bought them from used BISQ. Then Blockfi recalled the loan immediately.


You hire a company like Chainalysis to do risk analysis for you.

yes because thats clearly how money should work.

Banks have rules to deal with money laundering indeed.

That's how diamonds and gold work. You wouldn't accept blood diamonds for example, it would reflect poorly on you.

You wouldn't accept diamonds, it would reflect poorly on you.

They are mostly a non-scarce fleecing operation backed by a marketing gimmick.

Diamonds are scarce. Manufactured scarcity still results in actual scarcity.

Let's say you happened to make a transaction with someone who you didn't know to be a criminal. He buys a nice ring for the girl on his arm and gives you $1K in marked bills (which are bills that have serial numbers recorded by some agency).

Now in that case, he's flashing around cash, which is not that uncommon say in certain locales (Las Vegas comes to mind). In that case, the cash you received doesn't lose any value. Though you may get questioned by the police.

Now ink stained bills and bills glued to each other should be rejected since they were likely from a bank or atm heist. But that makes it easy to spot.

Isn't that what BTC was trying to compete with?

I wouldn't accept diamonds at all, as they're not money like gold is (and definitely not fungible in either sense of the arguments).

"Diamonds are bullshit" and people only think they have value because of a De Beers marketing campaign in the early 1900s.


Plus a ton of other discussion:


Well diamonds are fungible for any definition of the word you may choose and for the vast majority of the stones. Some of them are unique in that they're very large, very pure, have been worked on so much they are identifiable, have an IAG number engraved, etc. but the vast, vast majority of diamonds you can trade at any diamond shop in a very fungible manner, no questions asked.

Interesting. If I go to the website:


Their big tag line is "Building Trust in the Blockchain". I thought BTC was above needing to do that.

Exactly. Any crypto system that doesn't have the ability to break the chain of custody of 'tainted' coins is doomed to irrelevancy. Think about it - on day 0 no coins are tainted. Let's say on week 1 5% of coins are tainted and effectively frozen, leaving 90% of coins in circulation. The illegal activity doesn't stop - it just taints more coins. Maybe week 2 5% of those remaining get tainted, week 3 5% of the remaining after that, etc... Eventually you asymptotically approach absolute uselessness. I think Monero and Ethereum have both thought about this and i'm sure others exist out there too. BTC is stuck in a development graveyard and can't think about things like this- it seems doomed to irrelevancy.

Aren’t the tainted coins cleaned by government seizure and subsequent auction? If you have a tainting and cleaning mechanism then all tainted is not inevitable.

The tainted coins are the same as lost coins. There's already a solution baked into bitcoin for that (divisibility).

The theoretical maximum number of satoshis in existence per person on earth is just short of 266,000. That's assuming all 21m coins are minted and that none are lost. I feel like this is already quite a small number if you want to represent a global currency, so can the system really afford to continuously burn away BTC at a relatively large rate?

You can always move the decimal point. It's all just software, it's all mutable if you can get enough people to agree.

(Not meaning to come off as a fanboy, I think bitcoin==beaniebabies. I just don't think the "bad coins" problem is actually a problem, even if you consider Gresham's Law. Physical currencies have been through similar things and survived).

Historically, BTC has not been willing to make changes like this. The community is culturally (and I would argue pathologically) opposed to even minor changes, which I think would be even more true when more divisibility would lead to potentially lowering the value of existing user's token by reducing scarcity. I'm not convinced such a change would be feasible given those constraints and if it's not the maximum divisibility of BTC is quite low assuming it becomes some kind of world currency - if I can only have ~250k 'units' of currency the smallest amount of 'money' I can spend becomes quite large.

It puts a hard cap on income inequality!

That’s not how it works. Income inequality is not just the “number” of coins but what it’s worth as opposed to something - with inequality it becomes everyday goods and services. The cost of goods can easily continue to worsen inequality. There’s only one real world soft limit - a revolution that resets the clock.

Once all coins are tainted (or even some large %) then none of them are tainted.

"All $ bills have cocaine on them, hence no one cares if your bills have cocaine on them" [1]

[1] yeah, I get this is likely an urban myth, but the analogy holds even if it is a myth..

That assumes taint can never get diluted.

> Commentators are confusing fungibility and traceability. They are very different concepts.

No, I think the commentators and the author of the article are making a valid point that you’re missing: They may be fungible if you ignore everything else about the Bitcoin ecosystem and focus only on the blockchain ledger, but you can’t divorce the Bitcoin balances from their history. As regulations mount and exchanges become more active in recovering stolen coins, the practical reality of Bitcoin will mean that they’re not entirely fungible depending on the history.

I think many people in the comments are in such a rush to declare Bitcoin as fungible that they’re missing the point of the article.

This is something I would worry about. If a particular piece of bitcoin becomes tainted because it's associated with dirty money (or whatever), and I receive it as a payment, will it become harder to spend or of less value? What if it goes onto some sort of blacklist?

To use the recent parlance, can my money be "cancelled" by popular opinion?

Yes, and this popular opinion is one of the exchanges and online wallets. Not necessarily the miners or nodes running the network.

Yes, popular opinion can cancel you via forking the blockchain or software.

which kind of goes against the very philosophy of bitcoins in the first place, where there should not be centralized control of the currency. A blacklist of coins is a defacto centralized control.

On the other hand, the lack of centralized control means that each person can have their own philosophy of bitcoins. Literally every individual can have their own belief about what bitcoins are useful for. The only limitation is whether a particular philosophy makes sense in light of how bitcoins work and behave at any given moment.

The same could be said about the dollar. If I steal a large amount of money from a bank, or sell a bunch of drugs, I can't spend that money without laundering it first, but that has nothing to do with the fungibility of the dollar. The "practical reality" is irrelevant because tracibility is orthogonal to fungibility. They're different properties.

Unlaundered, ill gotten gains will be accepted as legal tender. The money itself will not lose its value because you've tainted it with sin--you'll just likely be caught if you spend too much of it at once.

You might notice the person at the 711 register isn't scanning bills to check their legitimacy.

In reality, few things are perfectly binary, there’s a spectrum between perfectly fungible and perfectly nonfungible.

And yes, a million dollars of stolen cash is worth strictly less than a million dollars because (leaving ethics aside) it takes a nontrivial amount of time, money and risk to launder it before you can safely spend it.

Fungibility must be perfectly binary because it's an intrinsic property of the currency. And it's essential that it be treated as such because there are huge implications to whether or not a currency has that property.

A million dollars of stolen cash is worth strictly less than a million dollars only because those bills cannot be exchanged for another million dollars. It does not mean that the dollars those bills represent is worth strictly less than a million dollars.

Think about it this way. To launder your million bucks, you pay someone $10k. Does that mean the million is worth less? No- because the $10k you paid someone to launder it is still worth $10k! It's just not yours!

No there isn't a spectrum. A stolen million is still worth a million. If a thief is laundering the money, he's choosing to spend it--no dollar just loses value all of a sudden.

You may be using cash once used to buy drugs or hire an assassin, but it doesn't get tainted and diminish your ability to spend it.

Restricted Bitcoin literally cant be used for transactions making the Bitcoin itself worthless even if it wasn't you who committed the crime that got it restricted. That doesn't happen with cash.

> The money itself will not lose its value because you've tainted it with sin--you'll just likely be caught if you spend too much of it at once.

So how is this different from, say, using a tumbler? The crux of TFA's argument is that Bitcoin is tainted with sin.

>Fungibility means that a given asset is legally identical to all other instances of the same thing.

There are a number of bitcoin addresses that the United States has blacklisted. If you interact with them (including receiving bitcoin that once passed through those wallets at any point in the past) those assets are subject to seizure.


Legally identical is a nonsense metric: if I own bitcoin I cannot sell because it has a tainted history then it is obviously not equivalent and not as valuable as bitcoin which can be.

The fact that no broker cares about which instance of the stock or dollar you own but can track it anyways proves that those things are effectively fungible. In Bitcoin it is obviously not true that exchanges don’t care in the same way - plainly obvious from the source material you are responding to.

When different bitcoin have different value by virtue of not being exchangeable at the largest liquidity pools, and your definition of fungible fails to capture that fact, you have the wrong definition.

Brokers do care about the specific stocks or dollars. There are a lot of anti money laundering laws and regulations that force due diligence in this respect. It seems like similar mechanisms are appearing in the crypto world as well.

The same can be true of dollar bills. A bag full of dollar bills from a drug deal is fungible with a bag full of dollars from your salary. But you can be arrested for the former, and not the latter. Dollars are fungible with dollars ($1+$1=2$), NFTs are not fungible with NFTs (1NFT+1NFT=1NFT+1NFT).

You can clone an NFT by forking the blockchain it's on, or making another one with the same data. People who respect NFT ownership won't be able to tell without research which one is real.

If I make a counterfeit Picasso and sell it to someone who doesn't know any better, that doesn't mean the original is now fungible, it just means I duped someone.

Etherium _is_ a fork already; Etherium Classic is the original. So it's like collecting real life objects where the newer version is more valuable.

Ha, well, I'd argue that the generalized version of what I said applies as well. Forking a currency changes nothing about the properties of the original currency because we're no longer talking about the original currency. That is not to say there aren't real world implications of that happening, but that's nothing to do with the intrinsic properties of a currency.

Ethereum classic had 9 hard forks. How is that the original chain?

A NFT isn't art or currency. At most, it's a record of ownership. When two ownership records exists, the value of the original drop steeply when the copy is accepted widely-enough.

I don't disagree, but I think that's still orthogonal to the discussion and, considering NFTs are non-fungible by definition, it's moot anyway.

But let's pretend we're talking about cryptocurrency, which does claim to be fungible. Bitcoin forked and so now you have BTC and BCH. One is more accepted, and the other lost value. But regardless of the relationship between the two, each individual currency is still fungible because you can still exchange 1 BTC for 1 BTC. Fungibility is an intrinsic property of a single currency, it says nothing about it's relationship to other currencies or it's place in the economy.

Or just screenshot it.

You basically just explained why dollar bills are not perfectly fungible either. Nothing is truly mathematically fungible in the real world.

I feel you're deliberately being pedantic. There's nothing legally dictating 1 pound of flour = any other 1 pound, but it is fungible, by the definition of them being indistinguishable.

1 NFT isn't the same as any other NFT. They're deliberately non-fungible.

Specific Bitcoin outputs have histories associated with them. While you dismiss this as related to traceability (which is also true), it still stands that one output with a favorable history is preferable to an output that was known to be mined in North Korea.

For these differences, as evidenced by the specific exchange action examples in the linked article, show that different output histories allow companies like Chainalysis, CipherTrace, TRM Labs, and Elliptic to add specific risk scores to outputs. Those with lower risk scores are worth more than those with higher risk scores. This is a breakdown in fungibility.

If 10% of $20 bills (by serial number) were not considered legal tender, then $20 bills would no longer be fungible.

The ramifications are the important part. If 10% of bills are essentially fake money, you have to verify every bill you handle, adding significant friction.

More than 20 years ago when I worked a retail job in college we did verify every bill >= $20. It was easy: a simple marker revealed if it was counterfeit, along with something that revealed watermarks etc. It wasn't much friction, it took a few seconds.

Fungibility has nothing to do with dollar bills and everything to do with dollars. You can't make a withdrawal from a bank after two years and ask for the same dollar bills back that you deposited.

but it does have to do with the dollar bills. The discussion centers on the technology as a currency and money. I think these things have bee separated in our general understanding of things, but in bitcoin they are melded into one. You control the outputs on the blockchain. The dollar bills on the blockchain. Sure, if you deposit your bitcoin at an exchange then yeah, you will get different bitcoin back, but the discussion isn't about that. It's about how the blockchain system works. And the way it works is that when you use bitcoin, and you own bitcoin, you do sorta ask for the same dollar bills back that you deposited. You don't really "deposit" them on the blockchain, but you kinda do. You deposit proof of ownership of a unit of account. Bitcoin calls it an output, a monero dev has coined the term e-note (or adopted the term i dunno) to try and better describe what it is.

maybe you know all this i dunno. if you do, slap me around a bit. if you don't, i hope this makes sense.

Haha well, no slapping necessary. I like to think I'm right but would love to be proven wrong.

It's important to distinguish between fungibility and tracibility because fungibility is an extremely important property for a currency to have, and without it it's all but useless.

Theoretically, if the US were to go to an all digital dollar, we would functionally have a blockchain (assuming all these transactions were reported centrally somewhere). This would not have changed the fungibility of the dollar, because the dollars you get in your paycheck are still the same as the dollars you get back as change or the dollars someone Venmos you for cocaine. Once they're in your bank account, there's no way to separate out which dollars came from which source. Now, you could pay someone to give you money with a "clean" history, but you're not paying more money for those dollars, you're paying someone for the service of giving you dollars with a clean history.

> Fungibility means that a given asset is legally identical to all other instances of the same thing.

No, it means it is practically identical (that is, for any potential exchange partner in the marketplace, any unit of the thing is indistinguishable in trade from any other unit.) Being legally identical is a powerful aspect of practical equivalence for anything primarily exchanged in legal markets, but not the whole of it, and pretty much irrelevant to trade in illegal markets (e.g., items which are legally in the same category of contraband and undifferentiated in law may be very distinguishable and different to the people trading them.)

What about "tainted" bitcoins? Those [0] would take some effort to "wash".

Because of serial numbering some dollar bills can be worth more than others; certainly there seems to be a 'market' for that.[1]

So, in the end it is more like: every "satoshi" is intended to be fungible but through its transparent chain can offer additional information which can be used to discriminate against ... or who knows maybe in the future bitcoins from some special address or with a special tx history are worth more ...



No, it's not. It depends on who's asking. If I see that the satoshis you're trying to give to me were part of (e.g.) a drug transaction in the past, I might not feel comfortable accepting your money. The problem with Bitcoin is that I can do that taint analysis, because the entire transaction graph is public.

I was confused by the use of fungibility too. But if bitcoins can be traced they're no longer the same as every other Bitcoin. They're history makes them unique. Therefore they might be valued differently or because workers based on their history.

For example, if someone robs a bank and they know the bank knows every serial number of every dollar bill they got then those dollars aren't worth as much as other dollars since there is risk with using them. So those dollars are non fungible with "clean" dollars. You're probably going to want then covered to clean dollars ASAP and it won't be a 1 to 1 exchange. Therefore it's the traceability that makes them non-fungible.

As well as bitcoin not being practically fungible as others have pointed out, traceability is actually a big part of that.

Bills are not traceable like bitcoin is. They have a serial number so they are identifiable, but only at the point you receive it so not very traceable and in practice impractical to identify in most cases. You can bet if the feds could feasibly blacklist bills that were stolen from a bank or held by a cartel or terrorist group, they would. But they can't. This non-traceability and difficulty to identify is what underpins their fungibility. Bitcoin's traceability is what causes its non-fungibility.

Bills are not traceable like bitcoin is.

Fungibility is a practical concept, not a legal one. Examples like crude oil, or a certain grade of steel, or yes, cash are considered fungible because there’s a market where buyers usually don’t care about the specific item’s history.

But that’s always a simplification that breaks down in edge cases, not a 100% mathematical truth.

For example, I worked on a software project where the goal was to trace a perfectly mixable material through a production chain to analyze the impact of slight contaminations that were found after the fact. The material in question would be considered fungible in most markets, but not for this specific purpose.

The author of the comment misunderstands that the sole purpose of crypto is uncensorable p2p digital cash.

Legality is irrelevant...if you are brave enough to take your freedom and actually use crypto (no kyc).

Fungibility is possible if the transaction history is hidden.

Monero and Gold are fungible.

Bitcoin is not fungible.


BTW also be aware of security risks if anyone can see your balance and transactions.

If a party may look at two different bitcoins and say "I'd pay more for this one" or "I'll accept that one, but not this one" then it seems pretty clear they're not fungible.

What does legally identical even mean in the context of Crypto?

The government can raid your house if someone sends you dirty/darknet/terror money and you deposit it on Coinbase. Bitcoin is absolutely not Fungible.

>Fungibility means that a given asset is legally identical to all other instances of the same thing.

The introduction is wrong but overall the problem is exactly what you have described. Some Bitcoins are not legally identical to other Bitcoins.

>Bitcoin is fungible.

Not if your Bitcoin comes from a sanctioned entity, then it is equivalent to 0 BTC because you can't use it... which is exactly the point of the article.

umm, no. just no.

fungibility means that two units are interchangeable/equivalent. Legality doesn't enter into it.

anything that makes unit A perceptibly different from unit B can cause humans to value unit A more less than B.

Some units may be perceived as "better" than average and carry a premium. Others may be perceived as "bad" or "tainted" and trade at a discount.

Such differences are generally considered undesirable in a money.

> legally identical to all other instances of the same thing.

Well they're not because they're traceable. Your comment is so oddly conclusive yet so insubstantial

Monero pays a large price for its fungibility, by making the UTXO set of (potentially) unspent outputs equal to the set of ALL outputs. Whereas synced bitcoin full nodes can forget all about spent outputs, Monero full nodes must keep some info about them, and be able to efficiently index this info.

For its initial block download, a node must download and verify rangeproofs for all outputs, not just the unspent ones.

Wallets must be able to sample decoys from a large fraction of all historical outputs.

This makes Monero much more bloated than Bitcoin.

A more detailed comparison between Monero and Bitcoin can be found at https://gist.github.com/phyro/ec37d8bfedd36102b0ea5824580d06...

I work for Cake Wallet and Monero.com so I'm biased, but you should try one of the wallets that does this relatively burdensome scanning task locally to see that normally it's not the end of the world. It takes me only a few seconds to scan a month of blocks.

> It takes me only a few seconds to scan a month of blocks.

How many transactions is that, however?

About 25,000 transactions per day right now. So about 750,000 per month.

Edit: here's a good comparison chart https://moneroj.net/percentage/

Great comparison. Grin is the only cryptocurrency that fundamentally competes with Bitcoin in the long term.

> This makes Monero much more bloated than Bitcoin.

Would you call bloat something that is essential for privacy?

I do when comparable privacy can be reached without, and with even much less historical bloat than bitcoin:


It's not comparable though. The simplified (though slightly wrong) way to think about Grin is that its privacy is like Monero but without Monero's ring signatures. Its transaction graph privacy is quite weak.

While the author of this article makes some mistakes, here's an example of that weakness: https://medium.com/dragonfly-research/breaking-mimblewimble-...

Grin developers said in response:

> The Grin team has consistently acknowledged that Grin’s privacy is far from perfect. While transaction linkability is a limitation that we’re looking to mitigate as part of our goal of ever-improving privacy, it does not ‘break’ Mimblewimble nor is it anywhere close to being so fundamental as to render it or Grin’s privacy features useless.

Hiding addresses and amounts is certainly better than Bitcoin, but the transaction graph privacy offered by Grin is significantly weaker than Monero. It's not the same.

I was comparing MWCS (Mimblewimble + CoinSwap) with Monero. Quoting from https://forum.grin.mw/t/mimblewimble-coinswap-proposal

We present a coin shuffling proposal with the following properties:

Users submit self-spends throughout the day. No interaction needed for shuffling.

Shuffling is performed at the end of the day by a set of mixnodes that cannot steal any coins.

Invalid self-spends are automatically filtered out. No need to abort or restart the shuffling.

As long as at least one mixnode is honest, then no one learns the input output links.

The size of the shuffle is limited only by blocksize and could easily be over a thousand.

Each shuffle only grows the chainsize by a small constant (~100 byte per mixnode), thanks to MW cut-through.

Widespread use of the protocol would leave the transaction graph mostly obscured.

The cryptocurrencies that "fix" this problem vary in the cryptographic tricks they use, but it all boils down to drafting everyone to act as fences as a condition of partaking in the system at all.

It's a technical solution to a social problem. It won't work. You can always move value in, but out is another matter. Trading your Monero (or whatever) for legal-economy assets or currency may be criminalized any day.

> it all boils down to drafting everyone to act as fences as a condition of partaking in the system at all

Indeed. Monero uses ring signatures: every transaction is signed by 11 users and it's impossible to know which signature was responsible for the transfer.



> You can always move value in, but out is another matter.

The ideal outcome is we start using Monero for everything. There should be no need to ever move value out.

> The ideal outcome is we start using Monero for everything.

which would never happen as many economic actors (including gov'ts) will ask to be paid in dollars.

Isn't that the definition of fungibility? Every user of currency is implicitly a "fence" for every other user.

No. Oil is fungible too - any barrel of a given grade is treated the same any other - but that doesn't mean oil buyers and sellers are fences for each other.

What you're thinking of is the "current" aspect of currency. That when I take payment for a bagel in my shop, I don't need to worry that the money used to pay me was stolen, I still get to keep it.

But this is a social, legal concept, not a technological one. Calling it a currency won't make it current. Fungibility doesn't make anything current either (if I was stupid enough to take payment for a bagel with a barrel of oil, I WOULD have to return it if it turned out it was stolen. I should have known there was something fishy!). No amount of cryptographic cleverness can force society to treat it as current.

I'm pretty sure cash falls into the "stolen goods" category, and you don't get to keep them even if you didn't know they were stolen. You'd have to give the bagel cash back just as much as the barrel of oil.

(Well, in my jurisdiction. Source: family member is a lawyer)

Traditionally, you wouldn't have to, though - that's why they called it "currency", because it is "current".

I believe it still works that way for bagel-level money in most parts of the world. If it's higher amounts, I'm not sure - you certainly have a lot of due diligence obligations, and if you didn't do them you certainly lose it (and you will be in trouble, too).

The roots of the word currency do not stem from your sense of "current", by which you seems to mean something like "immediate".

It primarily comes from the Latin currens which means to run, or flow.

It's monetary sense comes from that, as money can be thought of as flowing throughout the economic system. The temporal sense of "current" comes into play only as denoting something like "the present day medium of exchange" not "immediate". Bank notes and checks for example are both forms of currency but are not immediate.

The immediacy of cash-- separate from its status as a currency-- does not confer it special rights. To use something less trivial than a bagel, think of a car. If the dealership is notified that it received stolen cash for a car, it now knows that it is in possession of stolen money. It cannot legally keep money it knows was stolen. The exchange it entered into with the thief was itself not a legal transaction. The cash goes back to the rightful owner, the dealership gets to fight it out with their insurance company to get its own money back.

Cash has serial numbers printed on it.

You’d think Americans would better adopt those stupid stupid $1 coins (wow I hated getting 17 of those and a transit token for my $20 bill).

You actually can be compelled to forfeit money paid to you if it is found to be stolen (in the US, anyway).

No, that's a consequence of fungibility in the context of some privacy uses, not its definition. The definition of fungible items is that you can mix them without altering their properties.

Fungible items can be used as a commodity, for instance: if two people buy cereals, they may use the same silo to spare on warehousing costs.

Fungibility is always true within a limited context, though. Examples of failed fungibility include Amazon comingling genuine products with fakes, or, to draw from the previous example, cereals from different areas will likely have different gluten or humidity rates, and while producers from an area may share a silo, the buyer may keep the same cereal from different geographic areas separated. Another example is electricity, with power being fungible in terms of who puts it in, but absolutely not when it comes to when power is provided.

> Amazon comingling genuine products with fakes

That's a pretty good example of introducing artificial fungibility "to spare on warehousing costs". It goes without saying that this also leads to risk for customers; there's no way of knowing if an order for some given SKU will be fulfilled by a genuine product or a fake. It's nonetheless true that you can arbitrarily mix orders without changing their fulfillment properties, so a kind of fungibility is indeed present.

Can't help but feel like this is a puff piece for Monero. It's just how quickly it jumped into beating the drum for Monero.

Agreed, a simple disclosure "I own Monero" is needed. The lack of this* hurt the credibility. On the about page the author says they run two Monero nodes.

That said, the article is pretty much a list of links so not as much credibility is needed.

*this: edit - this being a disclosure that they do or don't own Monero

Disclosure: I own crypto but not Monero

> On the about page the author says they run two Monero nodes.

Running a node is not the same as mining. You are not rewarded financially, and you don‘t need to hold Monero to run a node. Nodes just maintain the ledger and transaction pool.

Running a node supports the network through decentralization and participation in consensus.

It seems a reasonable enough leap to think that someone who runs a Monero node owns Monero. And even if they don't, that possibility is enough reason for a disclosure statement, either that they do or don't own Monero. Like the parent poster said, mentioning Monero in the intro of the article stands out.

They list a Monero donation address on the About page ("I’ll happily take any Monero you’d like to throw my way"). It's a reasonable presumption that they do hold Monero, at least intermittently when they receive donations.

This isn't how disclosure legally works re the About page. It needs to be on the same page, displayed prominently.

To be fair, Monero is a fungible privacy coin and a valid answer to all of those concerns.

I’m constantly surprised Monero’s market cap isn’t higher. It works better for all the use cases of crypto that genuinely add value, yet has a small fraction of the value of many coins that are used for nothing at all.

Cryptocurrency has this nasty conflict of interest built in: the early adopters and their investors are rich on paper but ALL of that value goes away if people switch to something else. You can still find Bitcoin holders lying about it being private or uncensorable because they stand to lose a fortune if everyone switches to Monero.

I think this combination of looking like tech but being a financial instrument makes it hard to talk about on tech forums because we don’t have anything with close to that level of conflict built-in. If you were a PHP developer who switched to Python, the value of your past experience wouldn’t drop to zero (often it goes up); if your Rails app was bought by a Node shop it wouldn’t be seen as worthless and they’d probably keep it running for many years. The closest comparison I can think of for weak fiat currency like Bitcoin would be Flash after Adobe threw in the towel and everyone knew they’d need to migrate, and even there the value had a higher floor because you had working code and a path to HTML5.

Good question. Monero is essentially everything bitcoin was supposed to be. Private, anonymous, more decentralized, you can actually mine it using general purpose computers, it's actually usable as a currency due to low fees and fast transactions. I've actually gotten paid for code in XMR, it's awesome.

It's not even a good investment since it doesn't increase in value as fast as bitcoin but gets slaughtered whenever the market goes down. Would be nice if it stabilized in the $200 range.

I bought into monero hoping it would be the next big thing. Fungibility/no public ledger made it seem like it had way more utility, but it turned out 1) virtually nobody buys crypto in order to spend it, and 2) its only real world use was on the dark web.

So you bought it as a speculative investment?

Yes. The same as almost everyone buying crypto. But hoping that it would become a usable currency.

That's two incompatible things though...

Only incompatible at the same time, but that's not what OP is saying. OP is saying that he hopes it turns from something that is speculative and not a widely-accepted currency, into something that is a widely-accepted currency and not speculative.

The old having one's cake and eating it too.

I get the optimism there, but I just can't see how the incentives possibly give way to each other there. Just have to ask kindly that those manipulating the platforms for profit stop?

Because it actually works, Coinbase never added it. Regulatory pressure.

Why should it be? Dollar genuinely adds value for most of human population and yet a single dollar "token" costs 1 dollar. If anything, the flat price of a token I would consider a very small but anyway a sign of maturity and usefulness, as opposed to speculation tokens. (stabletokens excluded of course)

The fed can only manage to get the value of the dollar down by massively increasing the money supply. Monero money supply can only increase by 1% a year. So you’d think the value would go up quickly if crypto has expanding utility

Monero isn't designed to be deflationary. This makes it better for real world use but worse for speculation.

I agree, but it just confirms what we already know: fundamentals have no importance in the cryptocurrency world, it's all about hype and speculation.

Now if they had a cute dog mascot maybe you could get Elon Musk to tweet about it...

All of this is new to me. So there are almost two Bitcoins, clean BTC and tainted BTC. If merchants can check if the history of a coin is clean or tainted they could refuse the sale or ask a higher price to hedge the risk of not being able to use the coin. Is there any service like that? Is that double prices dynamic already happening?

Mining creates clean BTC, anything else risks tainting them. I expect that the ratio between prices in tainted / clean BTC will grow if the set of tainted coins increases compared to clean ones.

> I expect that the ratio between prices in tainted / clean BTC will grow if the set of tainted coins increases compared to clean ones.

I don't. I expect the absurdity will become more clear and make the whole attempt to flag them irrelevant.

for example, after a national or municipal government seizes bitcoin under some semblance of due process or even an actual criminal charge and reauctions them, we are supposed to pretend those bitcoins are magically clean? do all the exchange softwares update to know that? they still have the transaction history from the event that flagged them to begin with. the answer is easier when it involves a government you respect like when the US Marshalls auction off a drug kingpin's seized bitcoin. but what about a government you don't respect? welp a sovereign nation seized it so they're clean now. If so, some random jurisdiction with some level of sovereignty can just become the bitcoin washer as a service, if not then exchanges are acting too arbitrarily and are going to lose business for no legal reason. Exchanges flag bitcoin to stay within an imagined impending compliance burden of being able to prove they don't accept dirty money. If they flag bitcoin with the clearest outcome of having been seized by the state and reintegrated into the economy, then they have made a hopeless error. People with ambiguously acquired bitcoin already have a dozen ways of getting it into bank accounts and cash, and will have even more in the future. So it's just the merchants and exchanges that have to make sure they are attracting business. For those reasons I don't see a separate exchange rate forming, its an average of fungibility that leads to the same result.

Which means that if you really want to clean dirty BTC, you need to simply use it to pay for miners, then mine clean BTC.

how would that work if it is unspendable

Unspendable with who?

Seems if you can't go to exchanges, going to private corps or individuals who don't follow the ban lists would likely work, makes it their problem.

Of course, scale matters. Buying a couple of rigs off random sellers willing to take BTC should be trivial, but if you need a warehouse full of them...

> who don't follow the ban lists would likely work, makes it their problem.

which is how you launder money today! And dirty money is certainly worth less than clean money.

Of course it is, I said nothing different.

I was responding to the question of "how would it work?", not "is it worth 100% of the same 'clean' funds?".

Different circumstances and market conditions will make the discount variable.

Hop into a lightning channel and then back out in a different address. That should theoretically work to break these heuristic models right?

Exchanges are using software that assigns a threshold to each address' inputs or funds. You can easily trick the threshold.

Even better: never leave The lightning network and you’ll never really have these issues

Largely, no. While the full privacy implications of lightning network use are extremely complicated and still being researched (and the best practices updated with that information), it absolutely is not as simple as open/close channel, done.

what if the output of lightning came from mixed coins?

What if every coin is mixed, eventually? You think exchanges will just shutdown their bitcoin trades and throw away their likely biggest revenue stream?

Exchanges are already prejudiced against "unhosted" wallets. I think they'll eventually stop accepting deposits from any source other than other well known exchanges.

I've moved "unhosted" coins into at least 5 different exchanges at this point with zero issues.

What if a ransomware group starts to airdrop a few Satoshis to everyone?

those can be excluded easily

Output of a lightning channel is almost certainly more likely to contain mixed coins. The UTXO model is hopelessly outdated.

I strongly disagree, UTXO model will be necessary to scale smart contract platforms in the future as the account model will never hold up with the necessarily expensive sync operations it performs.

UTXO model, or a derivative will win out when it comes to distributed blockchains that can scale way beyond current distributed blockchains capacity.

Well, this argument falls whenever you try to use Bitcoin P2P (user to user shouldn't care where the coins come from) or with P2P exchanges like Bisq or Local Bitcoin.

Now that's a different universe than what OPs lives (just by the fact Bitcoin goes up and down in fiat value would be enough to make it "non-fungible" by that logic), but I can assure you many of us exists.

And I'm not even mentioning how Lightning Network fixes this as well, making coins very hard to impossible to track.

Got an article on how Lightning fixes this?

This article is alarming to me as a normie user. I'm curious about going off the big exchanges and using my coins. What if I receive crypto through OpenSea that Coinbase deems soiled?

Although I don't like it, I could see private verification service popping up for P2P. "We make sure the coins are good before the transaction goes through".

Makes me wonder how much of a "walled garden" Bitcoin is. Sure, hold it on exchanges all you want, but don't try to use it or we lock your account.

It is no different than depositing to an exchange that doesn't do this and then withdrawing. Or some other service with a centralized wallet.

That being said, those outputs will simply become someone else's problem later on, in limbo created by the uncertainty on whether them being held by an exchange clears their past history or not.

That would stop being true for P2P if exchanges started blocking tainted coins, though. If that happened at scale, then P2P users would have to start validating themselves before accepting them, which is a real privacy nightmare. Of course, eventually exchanges will start blacklisting anyone with a mixer in their history, too.

I think it basically still holds - I wouldn't want the bitcoins from someone I suspect got them from crime, knowing they could be traced forward and cause problems for me.

For the sake of consistency, would you say the same thing about paper/fiat currency?

If I sell my couch for paper money to a someone that got that money through a crime or in violation of a sanction, I don't realistically have to worry that someone could try and claw back that money from me by tracking the payment.

Paper money has serial numbers, but likely nobody record them during the criminal transactions. Even if they KNOW which serial numbers are involved in a crime (maybe they robbed the mint), there's no database that tells them I have that note now and no infrastructure to catch someone from spending it.

(Of course perhaps the money is clawed back because there's text messages on the criminal's phones about buying the couch. But that's another story)

At least in the US, paper money is exempt from nemo dat but crypto isn't. https://en.wikipedia.org/wiki/Nemo_dat_quod_non_habet

I’m not the person you’re responding to but yes, if the transaction history of tainted cash was publicly available and easily traceable, I’d be vary of receiving it.

I'll do you one better. Send a few tainted sats to a non-empty address of a person you don't like, and hurray, his coins are now tainted, giving him endless headache.

Something similar has been done trying to deanonymize wallet owners. It's called a "dusting attack". In theory you can protect yourself by manually choosing which outputs to spend when you're building a transaction.

Would you please explain in a bit more details? What's the reason for sending tainted satoshis to non-empty address? Bitcoins on that address are already on a public ledger, so if I understand it correctly, you can just watch where the coins go later, no need to "dust" over them.

Tainted coins (stolen from hacks or whatever) can be tracked forever on a public ledger. If you send some of them to a known address of your adversary, tracking software with start tracking those coins as well, especially if he'll manage to spend coins from your input together with his existing coins. So, he'll have problems down the road.

But you can just “taint” coins that are already on that known address, since you already know that the address belongs to the adversary.

If I understand correctly, “dusting” is only useful for empty addresses, when you want to track who owns them, because if they remain empty forever, you have no means to know.

Tainting is not for tracking, but for making the adversary's funds marked as 'problematic'.

Ah, so it’s like sending a satoshi known to be involved in trading drugs, to make adversary’s account linked to illegal activity?

Nowadays most wallets will let you choose which UTXOs to spend so you can simply choose not to spend those.

That is a major pain/inconvenience, and also who knows what setting the antitainting mechanics will look like in the future, can very well make all your money compromised in the future.

This aversion to "mixing" is interesting.

When my pile of $20 bills with serial numbers on them gets converted into $100 bills with other serial numbers, and my $100 came from some place that collected $20s from other people, is this not exactly the same mixing?

I feel like there are people in all governments who are thinking all day every day "Yes, and we are working on this insane hole in our control as hard as we can and the day is coming close when we can finally outlaw cash."

I think it comes down to scale & other means of controlling illegal activity. They don’t need to ban changing $20 bills if they’re fairly comfortable that e.g. banks are going to ask questions if you show up with a suitcase full of them.

Scale also matters because it’s hard to ramp up businesses: the mafia can’t claim that their restaurant is doing $100M/year in sales so there are going to be more people involved (i.e. chances for the police to find an in) and they can focus on businesses which do tons of anonymous transactions.

I imagine it is very hard to launder, say, $320 M (https://www.cnbc.com/2022/02/02/320-million-stolen-from-worm...) in cash. Google says that a $20 bill weighs about 1 gram, so 320 M / 20 = 16,000 kg or ~3.5k lbs. About the weight of a car.

> I feel like there are people in all governments who are thinking all day every day "Yes, and we are working on this insane hole in our control as hard as we can and the day is coming close when we can finally outlaw cash."

From what I can tell, this is what "Central Bank Digital Currencies" are all about.

Monero is too good at evading government surveillance. It will never be allowed to reach critical mass of usage to survive as the premier cryptocurrency.

It will continue to have a role and prosper next to Bitcoin though. We need both. One to decouple from government control, and the other to evade surveillance.

It’s a well-known secret that you can change your Bitcoin to monero, then the Monero back to Bitcoin to “wash” your Bitcoin. Also, with enough time, all the Bitcoins would be dirty.

P.S. don’t bother responding if you are coming from the privilege of never having lived under a terrible government.

> P.S. don’t bother responding if you are coming from the privilege of never having lived under a terrible government.

Please don't tell me whether or not to respond. If you want to point out that the question has much more salience for those who have to deal with terrible governments then I think that's a very important point to make and I appreciate you pointing it out. But I come to Hacker News to hear from everyone with insights -- NOT just the subset who happen to live under terrible governments.

To be fair with OP, it's very frustrating to read US-centric responses when you're talking about issues that are not present there. Comments like "it's against the law" or "that's not how the energy industry works" or "software engineers are overpaid" might seem innocent enough, but are really frustrating for those readers who understand that the fact we all speak English online doesn't mean we are all from USA.

Exactly. Relevant to this discussion, if you are living in a Euro/USD country where everyone will happily accept your currency and you can indirectly affect monetary policy then why would you care? Of course, cryptocurrency would seem useless to you.

It’s not the same everywhere though!

If you want a free society you have to live like you're in one.

Closing debate on any topic is not a free society.

I know of no country where the average citizen can affect the monetary policy of their currency.

Otherwise we wouldn't have had two full years of central bank-fueled upwards wealth redistribution almost everywhere in the world.

In abstract theory, in the US - you get to elect the president who nominates folks at the central bank and congress (again, elected) confirms them.

I agree with you in reality though. The average person have 0 input in the monetary policy in America or Europe.

You forgot one step (which further highlights the absurdity of this system): US citizens elect "presidential electors" who then elect the president.

> It will never be allowed to reach critical mass of usage to survive as the premier cryptocurrency.

Monero is getting to the point where it will not need permission.

It will soon be added to the decentralized exchange Thorchain. On top of that, the Haveno project is making great progress and will be a Monero version of Bisq.

Thorchain will be swaps that don’t require specific orders, much higher liquidity. Haveno is the traditional platform where someone puts out an order and someone buys that exact amount.

Oh and I almost forgot about regular atomic swaps which also exist today.

>Monero is getting to the point where it will not need permission.

If you're interested in actually using your currency for anything in the real world other than swapping it for other cryptocurrency you'll always need permission.

If I want to go to the supermarket and pay with Monero that will require that legislators deem Monero a legitimate currency.


I've been paid for work in Monero before. It's not a far stretch.

As long as governments begin to accept Bitcoin, it becomes trivial to accept altcoins because they're often easily exchanged for Bitcoin.

> As long as governments begin to accept Bitcoin

Governments of small countries, maybe... but Bitcoin is already banned in China.

There are talks about a ban in Russia (Putin seems to be satisfied with taxing mining more harshly, though):


It's not a case that it was first China, and now Russia (which is in the top 3 for mining).

In the top 3 for mining there's also Kazakhstan, and their recent crisis was also caused by energy prices, so I can see them tolerating bitcoin only in the short term.

That leaves the US, but that country is too corrupt... And it has too many bitcoin billionaires to allow the value of bitcoin to tank. But no one knows how long this will all last.

Russia and China have a long history of banning/blocking freedom-preserving technology.

Bitcoin continues to thrive despite their bans.


A huge portion of many countries' economic activity happens outside the reach of their governments. This is the present reality, not some anarchist dream.

In this context, people are free to use the currency they prefer.

Which really says the USD needs to modernize to keep its popularity.

A US controlled internet currency is going to do better than any of the cryptos

> If I want to go to the supermarket and pay with Monero that will require that legislators deem Monero a legitimate currency.

A lot of people use giftcards. That's what people do with bitcoin too.

> https://xkcd.com/538/

Completely irrelevant to this conversation.

Actually it's relevant as a reminder of the importance of privacy coins, for they are the only way to avoid wrench attacks.

You can still get wrench attacked for your Monero in the same exact way.

It's just a risk of self-custody of keys and it's a good reason for the industry to push forward better key management solutions (multi-sig + shamir secret sharing, etc)

Can you not be wrenched into giving away your privacy coins?

You're still a single point of failure, aren't you? Apply wrench until you've given up all the privacy coins you have access to

Privacy coins give you plausible deniability. Attackers don't know what you own, because the balances are private.

Muggers on the street don’t know what’s in your wallet either. But they still want whatever is in there.

Until wallets gets smarter and safer, and these smart/safe features are so mainstream that even muggers understand it, this will always be a risk

So you give them dust contained in your decoy wallet.

The problem with cryptos with public balances is that attackers can know your net worth in advance, and thus know whether you're a valuable target, and exactly how much they can ask of you. And this is the reason why privacy technology likely won't be outlawed: high networth individuals use them constantly.

> The problem with cryptos with public balances is that attackers can know your net worth in advance, and thus know whether you're a valuable target, and exactly how much they can ask of you.

Not really... a mugger can read people well enough to know that they have more than $100. More than $1000, etc. A random person older than 30 can likely give you a lot more than $2000 even.

So this goes back to wallets needing to be smarter all around. I expect there to be companies/services that spring up specifically around this need.

However, one thing that I predict in the next 5 years is that people will simply stop having crypto wallets on their phones. They will either not have mobile access to their savings accounts at all or they will use something like a SatsCard that only has like $100 on it https://getsatscard.com/

Random attacks on the street are a problem, but the "wrench attack" trope relates more to targeted attacks against known victims, which are becoming increasingly common.

In many countries, kidnapping and torturing someone for $2000 is not worth the risk for anyone. But for amounts 6 figure and up, it makes good risk-adjusted sense to many people.

Given how few people have a proper security setup, cryptocurrencies with KYC'd accounts and public balances are lists of juicy extortion targets.

> It will soon be added to the decentralized exchange Thorchain.

I've heard about XHV and Monero being added to Thorchain a year ago, described as coming soon. Somehow it feels more like marketing than a real thing.

El Salvador and China have shown us that Bitcoin is not sufficient to evade government control.

Also, exfiltrating value via crypto is not sufficient for most people in oppressive countries. The overwhelming majority need to be able to spend the crypto locally as cash, which isn't possible in any oppressive country except El Salvador.

China is a perfect example. A Chinese citizen only needs a VPN and USB drive to exit the highly-controlled digital yuan and put his savings in Bitcoin. When he needs to get to a local currency or USD, a P2P exchange like Bisq would do it.

The other person at Bisq would simply wash his bitcoins through monero - and that would be that.

Not only its good for Chinese citizens, it is very good for western democracies to funnel money to opposition figures in hostile countries (or plain old spies). In a world where the digital Yuan reigns supreme (where everything is monitored), would the US want to pay a Chinese spy in paper USD, washed bitcoins, or digital yuan?

I've appreciated your arguments so far, but how does "only needing a VPN" qualify as easy?

I live outside China and I am baffled about how you get a VPN that you trust. A VPN is a third-party who shields you and that you trust.

Everyone on HN recommends Mullvad because of their track record. Do you know that Mullvad is not compromised?

If you lived in China, how would you find a VPN that you trust?

I didn’t live in China, but lived in a Middle Eastern county where the vanilla internet is monitored.

The locals know what to use. Also, you don’t need a non-monitored VPN. Just one that’s not monitored by your own government.

How does exiting the highly-controlled digital yuan work?

I have x amount of savings of Yuan. I keep 6 month expenses in Yuan and the rest in Bitcoin.

When I need to make an unapproved transaction (donating to a Muslim charity if you are a Yighur for example). I go through the hassle of using Bitcoin, either directly or after changing to USD by P2P exchange.

Can you be more concrete? Here's what I'm imagining you're saying: first you take a month's paycheck out of the bank in yuan, in cash; then you walk down the street to a jeweler's shop that will exchange your yuan in cash for US$100 bills; then you send a WeChat message to a guy who sells Bitcoin, and the next day you take a taxi with your US$100 bills to a cafe, where he transfers you the Bitcoin and you give him the US$100 bills. Is that what you mean?

I'm wondering if somebody who spends all of their highly-controlled digital yuan in cash every month, and not on anything detectable, will draw suspicion.

This doesn't explain anything.

Who's buying yuan from you in exchange for Bitcoin?

Who's selling you yuan in exchange for Bitcoin?

Given that yuan is tightly controlled... How is Bitcoin hiding anything in this process?

Crypto is de facto banned in China and yet I see an incredible amount of chinese even those working for state owned corporations trading crypto. Even openly with their profile pics on Twitter. China is sometimes too ridiculous for me to understand.

largely due to the coverage of the press many people think China has superpowers when it comes to law enforcement, but that's obviously not the case. 1.4 billion people are hard to manage

It's the same way everywhere really. Technically Elon Musk is supposed to have his twitter activity supervised as per agreement with regulators. I don't think that's happening but somehow nobody cares

China doesn't need to 100% enforce the law to effectively make something illegal. Even if they catch and prosecute 1%, their justice system is dangerous enough that most people won't take the risk.

For crypto as currency, this is effectively a death sentence. If most people are afraid to hold or trade it, you can't use it locally.

It would only be useful to people hoping to exfiltrate value and then leave the country, which is not a majority of people.

Well tell that to the state employees openly trading crypto as mentioned earlier.

just because a few people, in positions of privilege or high risk takers, do it, doesn't mean the majority is capable or willing.

Maybe not majority but a very high % of people in China would do anything to make money. And it's not just a few people in positions of privilege. It's your regular people working in state corps.

> It will never be allowed to reach critical mass of usage to survive as the premier cryptocurrency.

Why? How are they going to keep it down?

I will keep talking about it and trying to use it. Actually managed to get paid with it once. Ironic that the one coin that's actually usable as currency remains obscure.

Did you manage to convert that pay to fiat?

Yes. Deposited it on Binance, left some XMR in the savings account, exchanged XMR/USD/BRL and withdrew to my bank.

If crypto currencies ever get large enough to be a bother they can just turn off any networked machine that supports crypto. They control the entire internet at the physical level. Until crypto currencies come with their own physical cables and machines, and the army needed to protect it from sabotage/alteration, then it’s going to need at least implicit permission from various governments.

This isn’t shadowrun, the digital realm isn’t one entirely separate from reality

Well, that's the general problem with the centralized internet we enjoy today. Telecommunications service providers have always been in bed with governments. I wonder if we'll eventually move towards a decentralized mesh network.

Another possible solution is to somehow get influential people to buy into these systems. That way, they won't want to stop it even if they could.

> I wonder if we'll eventually move towards a decentralized mesh network

What would they do? We still use address systems based on groups owned by the governments. I’m not even protesting that fact. I’m just amazed that a large group of people think they can have a direct dependency on someone else’s property, and pretend that they are completely independent.

Ah, you must not live in the US then.

> Also, with enough time, all the Bitcoins would be dirty.

This is a misconception. Coins are only associated with the last identified node. So for example if I sent tainted BTC to Coinbase, sure Coinbase would investigate my account obviously. But the coins can be used from then on as "clean" Coinbase coins, until they hit the next identified node by blockchain analysis companies.

If Coinbase accepts the deposit. If they refuse it then the hot potato is back in your hands.

Ironically, not necessarily.

If you sent funds to Coinbase's provided address and they wanted to refuse/refund it for some reason, your new owned output would likely be marked as clean and from Coinbase.

This may vary across circumstances of course. And they may decide to refuse to issue a refund.

> P.S. don’t bother responding if you are coming from the privilege of never having lived under a terrible government.

At first the argument was that BTC is transparent which means it's better than the banks. Now it's transparency that is the problem. And now we can't freely debate it on a forum like HN.

Money laundering for "good" is still money laundering, and that's what your advocating. And money laundering enables all the "bad" things like bribery, human trafficking, arms sales, drugs, and then nation-state sponsored terrorism.

E.g. I keep asking myself, would organizations like NAMBLA like this technology?

It would, I think, be a shame for all the "good" you're hoping to create instead ends up causing far more harm for the people you hope to free with it.

You can debate it, I just have nothing to say to you.

If you can’t see the problem with governments controlling and monitoring transactions and being able to confiscate private property, then cryptocurrency is not for you. It’s simple - you don’t have to use it and you can call your legislators to ban it. Luckily, it’s permissionless, so no one cares.

> You can debate it, I just have nothing to say to you.

So you can't see the harm in money laundering support human trafficking? Because that's real tyranny. Not by governments, but by criminals who can project power to bribe government officials to look the other way with anonymous transfers.

Debate is what happens in a free society. If you can't debate it, you can't promote it in a free society.

That’s pretty much how authoritarian governments work. Surely you can’t have free internet because terrorists use it to communicate, surely we can’t have elections because criminals bribe the simple people to vote for them, surely you can’t trust outside media because it’s controlled by the evil Jews. You don’t want money that’s can’t be controlled by us, because criminals will use it.

Trust us. We know what’s good for you. The world is bad, and only us can fix it. /sarcasm

> Trust us. We know what’s good for you. The world is bad, and only us can fix it. /sarcasm

Ironically, that is exactly what you're saying.

Not at all. I said in an earlier response, no one cares if you hate or want to ban crypto, it’s permissionsless.

It have been you taking the weird authoritarian take of “we must ban a tech because some bad people may use it”. Which is literally true in every technology ever invented.

> It have been you taking the weird authoritarian take of “we must ban a tech because some bad people may use it”. Which is literally true in every technology ever invented.

If you're calling me an authoritarian for espousing views on why a particular technology that allows easy money laundering is bad, then I guess by a variation of Godwin's law, I win by default.

If it’s on the internet, it’s up to the permission of whoever owns the hardware which happens to be all these governments.

I feel like the crypto arena is conflating the fact that they are small enough to not be worth actually stopping with the idea that they can never be stopped.

The only way to shut down the Bitcoin network is to shut down the internet all over the world at once and even then - there is ham radio and satellites.

Remember, you can say it’s useless (for you.) and harmful. That’s all fair. But, it’s a verifiable, indisputable fact that there are Bitcoin nodes operating in China despite the government ban[0]. You can’t ban Bitcoin, which why the free market deems it valuable.

Smart governments know this and move to tax it heavily(India), or move it to work within the state-regulated banks (Russia). But, no you can’t shut the network down without shutting everyone else internet.

0. https://bitnodes.io/

> The only way to shut down the Bitcoin network is to shut down the internet all over the world at once and even then - there is ham radio and satellites.

That implies bitcoin, and I am making an assumption that all cryptocurrencies are in the same boat, is worth as much as the rest of the internet.

If crypto markets start threatening fiat currencies, I will be heavily surprised if ISPs choose to protect crypto markets instead of shutting them down when the government threatens their ability to do business.

Crypto is only dangerous to fiat in crypto bros minds right now. They 100% can shut down crypto once it stops being a novelty

Bitcoin without any way to exchange it to some other currency makes it worthless.

Ergo, a government would just need to go after the exchanges. Nobody wants BTC, they want something more stable.

So you've got one side of the transaction hidden, but how are you hiding the things you buy from the government?

For those interested in mixers, I'm just starting this episode of the Zero Knowledge podcast myself:

Mixers with Tornado.cash


Allowed by who? The main problem I see right now are social propaganda attacks and successful attempts at sabotaging the evolution of its research and technology.

> P.S. don’t bother responding if you are coming from the privilege of never having lived under a terrible government.

I lived under an even worse government than you, and find this attitude offensive.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact