Didn’t we learn anything?

Yesterday, I posted a small message on Twitter that got quite a bit of attention. Despite what happened more than one year ago to MtGox, most Bitcoin exchanges are still running in a way where they hold customer funds and coins. I’m not saying it is simple or cheap to make things different, but I’m surprised nothing happened at all.

Well, not exactly nothing. Decentralized exchanges are starting to appear but still have a long way to go…

Decentralized exchanges

Creating a decentralized exchange is a good idea, except for the fact that you are not able anymore to perform checks to avoid stolen property (funds or coins) to be used (this problem also exists on services like LocalBitcoins or Gyft).

You can of course have a trusted third party handle the AML checks (for example Coinffeine currently works with Okpay according to their FAQ) but this is not exactly decentralized anymore and might not be enough if the third party is not aware of the nature of the transaction. You could be using multiple third parties, but doing so will increase risks - and even as things are right now, I wouldn’t be surprised seeing people using Coinffeine to get Bitcoins out of stolen Okpay accounts in transactions that will subsequently be investigated by law enforcement, and maybe reversed at a loss for the seller.

Bitcoin has an inherent financial nature that makes operating an exchange that much more complex. Usually AML procedures can help dealing with most issues, but won’t work in a decentralized context as things are today.

Based on my own experience the best option for a decentralized exchange would be to allow exchange only between existing crypto-currencies (”alt coins”), which would create a lot of new possibilities in terms of value for said coins while potentially helping offload the Bitcoin blockchain.

Current exchanges

Currently, most if not all crypto-currency exchanges hold all funds on behalf of their customers, and will perform balance settlement for each trade themselves.

While it is easier (and cheaper) to do so, there are other ways of operating as an exchange that would limit the need for the exchange to hold coins and funds, thru limiting risks and liabilities. It would even be possible for an exchange to operate without holding anything, should the appropriate structures exist.

The structures in question would be kind of settlement third parties, for both Bitcoin and fiat currencies.

One entity would be specialized in handling of coins. It would focus mostly on security, and could also offer processing for other things than exchanges (I’m thinking about Lightning, for example). Existing wallet services are probably in a good position to start working on this kind of solutions.

The other would be specialized in handling of fiat currencies. This would mean complying with the appropriate financial service regulations and we could easily have multiple such entities covering different parts of the world as regulations differ.

After each executed trade, the financial entity would move funds to escrow, then the coin entity would process the transaction, which once cleared would trigger the release of funds to the seller.

This might even open new possibilities:

  • The crypto-currency entity could, instead of holding bitcoins, track liabilities and have their members provide proof of holding by signing messages from their addresses - or by running a wallet software where the customer-side holds the private keys. Once a trade is executed, the customer would be requested as part of settlement to sign the outgoing transaction. Of course the user might decide to refuse, but then it would just mean the settlement failed for a specific trade and funds escrow returned to buyer. The exchange could refuse to work with this seller in the future.
  • This would also open the door for more competition in the exchanges market by lowering the hurdle of standing there. AML would be typically handled by the financial entity, so an exchange could focus solely on providing the best technology possible without having to setup a 24/7 security response team and spend millions in financial institution registration. There is still a need for lawyers and to make sure the exchange would be legally able to work without any kind of registration (or what needs to be done). Please remember that this blog does not provide any kind of legal advice.
  • We might see new kinds of business appear we didn’t think of yet.


As Bitcoin gets bigger, the need for more solid solutions increases.

I know how difficult it can be for an existing exchange to switch to a new process in terms of settlement of trades, however the current situation is nothing but another disaster waiting to happen (and that’s the last thing anyone wants).

There are various available solutions, so I am a bit surprised no exchange has moved in that direction yet. Securing customers funds has a huge cost, and so much can be gained by providing this kind of services to the whole community.