Category Archives: Blockchain

$600 Million Loss Shines a Light on DeFi Security

On August 10, 2021, Chinese cross-chain DeFi platform, Poly Network, was apparently hit with the exploit of a smart contract vulnerability in its “EthCrossChainManager” contract impacting three separate chains, including two leading DeFi blockchains – Ethereum and Binance Smart Chain, and numerous cryptocurrencies.   This latest exploit is part of a major trend in security incidents involving DeFi platforms.

Poly Network developers quickly asked for help on Telegram to block transfer of the stolen assets:   “We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses.”  

In another August 10, 2021 post on Telegram, Poly Network also posted:  “If you are experiencing any difficulty due to the hack that just happened theres [sic] a compensation plan , connect your wallet and get your refund in minutes , our dev only lose but this did not affect any of our users.”  

It is not clear how this protocol platform would make all users whole.  

As a start, the ESL Poly Network team also posted the following open letter asking for the return of the stolen assets:

Not surprisingly, this plea was immediately derided:  “Imagine successfully stealing over $600m and have the people you stole from think there’s a chance you might be willing to return it with what amounts to a passive-aggressive post-it note on the fridge.”  

Notwithstanding the obvious desperation found in its letter, the Poly Network team may be on to something given this was apparently never really a “hack” – it was likely yet another person who exploited a vulnerability in a deployed smart contract.  As of August 11, 2021, $119 million in Binance pegged BUSD was returned by the hacker’s associated address to those 947,598 owners impacted by the exploit.  BUSD is a stablecoin used to trade crypto assets on the Binance chain.  And, another $134 million was also soon thereafter returned to other impacted owners.  According to Chainalysis, at total of $261 million in cryptocurrencies have been returned to date.

A review of the micro transactions found on Etherscan and BscScan indicates that the “hacker” has been testing literally thousands of ways to move the stolen assets.  In other words, the exploiter does not know what to do with the stolen booty.  A few posts back that up – including one where the “hacker” is allegedly asking for someone to instruct on how to circumvent miner scrutiny.

The “hacker” purportedly also posted:  “WHAT IF I MAKE A NEW TOKEN AND LET THE DAO DECIDE WHERE THE TOKENS GO.”  

As things continued going downhill, the claimed sole perpetrator of the exploit – again claiming such identity solely by virtue of using the perpetrator’s wallet address, allegedly came out as an innocent interloper:

Information posted in the form of a Q&A on an ETH transaction Private Note section goes into further detail:

It’s looking like these posts are all from the same exploiter.  A spreadsheet tracking the exploit – including related communications, can be found on Google docs.  Even if these posts are not genuine, chances are still high the exploit was performed by one or more persons who decided to offload some coin and ultimately decided to give back – as apparently already done to the tune of $261 million, whatever could not safely be absconded with using his/her/their current knowledge.  There were certainly many out there willing to provide the necessary crypto laundering assistance, but apparently the advice was not taken – the clearest signal this was committed by an “ethical” hacker.

Poly Network is at its essence an interoperability protocol used by and integrated with many DeFi projects so this exploit will have direct ripple effects well beyond the Poly Network.  The more indirect impact of this exploit is the slight chance it might be replicated elsewhere by others having the necessary domain knowledge to move stolen assets.  

The best way for investors to minimize the likelihood such failings will not impact them in the future is to seek out and only use DeFi platforms that rely on a holistic “security by design” architecture – something not easily found in a decentralized world. Not surprisingly, in a recent survey nearly 75% of institutional investors and wealth managers state that the security of virtual currencies is a “significant” hurdle stopping many individuals from entering the crypto asset space – let alone the more exotic DeFi domain where software vulnerabilities can still cause the exfiltration of $600 million in digital assets.  Beaches will always have little appeal to swimmers when there are known sharks in the water.

UPDATE: August 12, 2021

Except for $33 million in Tether stablecoins previously frozen by Tether, the entire amount taken was apparently returned. Reuters is reporting that this was done in return for an after-the-fact $500,000 “bug bounty”.

The DeFi End Game

A skilled chess player will tell you the best way to study chess at a high level is to first study endgames and truly learn the power of each piece.  Memorizing book openings generally comes last.  If one wants to learn about the insurance industry, first take a job in the claims department.  In a similar way, students of disruptive technologies benefit from first learning their “end game”.  

Blockchain is one disruptive technology that still has not fully discovered its business sea legs.  The purported proxy for blockchain – Bitcoin, recently hit all-time highs so naturally on January 3, 2021 a forecaster placed a ten-year target of $1 million on this speculative asset.   Every good bubble requires inflating and the very speculative Bitcoin bubble currently being massively inflated by hedge fund money is no different.   

Bitcoin’s bubble ascension does not mean, however, the seismic blockchain and distributed ledger technology (DLT) shifts taking place over the past five years in the financial industry have been illusory or should be ignored.  As previously recognized, “acceptance of blockchain technology by the financial industry will be indelible proof those mistakes of 1995 made by retail sales and marketing companies will not be repeated by the financial industry.” 

Over the past several years, financial titans have reluctantly come out swinging in favor of convertible virtual currency (CVC) transactions.  For example, most US PayPal customers now have the ability to buy, sell and hold four different cryptocurrencies – BTC, ETH, LTC, and BCH, and use them as a funding source with the company’s 26 million merchants.  Presently, PayPal’s maximum dollar amount for weekly CVC purchases is $20,000 but even that relatively high consumer amount will likely change upwards as Paypal moves up the financial transaction food chain – with Paypal’s Venmo next in line.

The largest bank in the United States – J.P. Morgan Chase, launched its JPM Coin in 2019, and in October 2020 set up an entirely new business, Onyx, as an umbrella for its blockchain and CVC initiatives – including JPM Coin.  According to Jamie Dimon, Chairman and CEO of J.P. Morgan:  “Onyx is at the forefront of a major shift in the financial services industry. This new business unit reflects J.P. Morgan’s commitment to innovation as we continue to build cutting-edge technology that delivers a better, faster and more inclusive financial system.” On December 10, 2020, J.P. Morgan announced it completed a live, blockchain-based intraday repo transaction using JPM Coin.  And, Visa has filed a patent application for what may seem perfunctory, namely recording digital currencies on a blockchain.

Apart from these blockchain-based efforts, there is a whole category of blockchain initiatives that will forever fundamentally alter the broader financial sector – to the likely chagrin of PayPal, J.P. Morgan, and Visa. The banner name for these new blockchain and DLT initiatives is “DeFi”, or decentralized finance.

In December 2019, the entire Total Value Locked (TVL) in the DeFi market was worth less than $700 million, by the end of December 2020 it grew to $14 billion, and as of January 5, 2021 the total TVL in DeFi was at over $19 billion and growing – representing a staggering growth trajectory.  The TVL in the DeFi market represents all DeFi projects but is largely driven by the lending platform MakerDAO – a decentralized credit platform supporting Dai, a stablecoin pegged to the US dollar.  Decentralized exchanges (DEXes) such as Uniswap largely make up the remaining bulk of projects.  DEXes enforce trading rules and execute trades without charging the high fees normally associated with alternative investment trades.   

A commitment of $19 billion to DeFi initiatives may seem miniscule compared to, for example, the over $6 trillion in foreign exchange trades conducted each day.   On the other hand, each DeFi transaction potentially empowers individuals while at the same time weakening the grip over the monetary system currently held by central banks and finance intermediaries – a true game changer by any measure.

Generally relying on the public Ethereum blockchain platform, most DeFi projects deploy smart contracts to automate what previously required human intervention – obviating the need for central authorities such as banks or intermediaries.  DeFi Pulse nicely showcases the benefits of DeFi by describing it as “money Legos” and giving the following example:

Compound is a money market or, in other words, a lending service on Ethereum. When you supply DAI to Compound, you receive cDAI tokens which represent both your DAI in Compound and any interest you’ve earned from lending. Since cDAI is a token, you can send, receive, or even use cDAI in other smart contracts. Money Legos in action: ETH into MakerDAO to mint DAI tokens, DAI being supplied to Compound, cDAI tokens can be used in other DApps.  For example, you can swap ETH for cDAI on a DEX and instantly start earning interest for just holding cDAI. And because you choose how you interact with smart contracts on the blockchain, you can use a DEX aggregator like DEX.AG to compare and trade at the best prices across all the popular DEXes, all within seconds.

In 2021, crowdfunding will help fund some of the DeFi startups looking to eventually disintermediate the more traditional financial firms these startups would otherwise approach for financing.   As of November 2020, online platforms can raise up to $5 million in seed capital in a State-preempted manner – with previous platforms raising hundreds of millions of dollars using the prior SEC Regulation Crowdfunding cap of $1.07 million.  Even though a typical crowdfunding online platform itself breaks away from traditional centralized banking platforms its success is not relevant for purposes of the DeFi initiatives potentially opened up by Regulation Crowdfunding.  What may be more relevant are the new ideas coming to market without the latent influence of legacy financing.  

Before widespread adoption of any DeFi product is even feasible, however, regulatory scrutiny will be needed to protect consumers onboarding these new DeFi applications.   Given that a CVC wallet is the exit ramp for many DeFi initiatives, it is no surprise that has been an area of regulatory interest.  For example, the US Treasury’s Financial Crimes Enforcement Network (‘‘FinCEN’’) recently proposed a rule that would require banks and money service businesses to file a report with FinCEN containing information related to a customer, their CVC transaction, and counterparty (including name and physical address) “if a counterparty to the transaction is using an unhosted or otherwise covered wallet and the transaction is greater than $10,000.” FinCEN is issuing regulations on transactions using digital currency wallets because the growth of individual CVC transactions will continue unabated.  

While providing a suggested Token Safe Harbor Proposal, SEC Commissioner Hester M. Peirce offered an excellent analysis of the “regulatory Catch 22” faced by decentralized networks looking to comport with SEC regulatory law. In addition to Commissioner Peirce’s forward thinking, the SEC also recently set free its FinHub as a separate office to assist blockchain and DLT innovators.  

Despite these technology-forward initiatives, the SEC continues placing an exclamation point on its regulatory reach. For example, the SEC last month shook the Ripple world by claiming in a lawsuit Ripple’s XRP token –  used by financial institutions around the globe, was an unregistered security.  It also ended the year by filing a Cease and Desist Order against ShipChain on similar grounds. These sort of efforts convey US regulators still corralling the blockchain stallion – albeit primarily through the Howey door. Disruptive DeFi initiatives should remain undeterred.

More urgent concerns for the DeFi community are coding bugs, double-spend exploits, traditional hacks, and any number of faulty implemented software functions caused when smart contracts fail to undergo adequate audits.  Despite only losing $50 million in 2020, malicious actors will certainly begin seeing a larger target over DeFi’s head as its growth continues.  Moreover, given most DeFi projects run on Ethereum, there are future threats not even widely discussed – such as those potentially arising from miners who map out transactions on a blockchain for a fee and who are no longer satisfied with just receiving their fees.

All of these potential risks – whether regulatory, technological, malicious, or competitive, however, remain dwarfed by the potential upside found in a successful, widely-adopted DeFi application or protocol.  One likely key to success is to replicate what companies such as PayPal chose to do – take a widely used existing tool and deploy into it a profitable new way that allows for flexibility with actual autonomy and consumer self-determination.  DeFi will ultimately go nowhere if it only brings into the fold insiders stuck in Moore’s early adopter phase.  

Moreover, no open-source project can ascend until a large enough market believes the tradeoffs between ease of use, financial benefits, and utility ring strongly in its favor.  For example, despite having a strong web server market position, a Linux desktop will never really threaten Microsoft’s foothold until the relevant commercial and consumer markets believe a Linux desktop truly meets all of their needs. 

Similarly, DeFi will never gain a foothold reaching above the “PayPalJPMVisa” mountain peak until at least one DeFi application checks all the relevant boxes for a sizable enough market.  It may be a decade before a DeFi project reaches that vantage point – with the classic Amazon vs. Sears endgame likely being studied along the way. 

Is 2020 The Year Big Business goes all in on Blockchain and DLT?

In December 2017, it was recognized that in “the same way that the World Wide Web was never defined solely by Pets.com, the benefits of blockchain technology should never be defined solely by the latest price of Bitcoin.”  Now that the mid-2018 crypto bloodbath is well in everyone’s rearview window, it is clear that blockchain and DLT technologies have firmly taken corporate root and may actually someday bear some real fruit. 

No one can deny 2019 has seen great strides in the implementation and corporate adoption of enterprise DLT solutions as well as proactive growth in the regulatory oversight of blockchain technologies:

As exemplified by current projects emanating from the likes of J.P. Morgan and Fidelity Digital Assets, financial institutions will continue in 2020 taking calculated risks deploying blockchain and DLT technologies. 

Even though it may still may be another year or two before any consumer products hatched from these new technologies ever reach mass markets, 2020 may eventually be known as the year blockchain and DLT went mainstream in corporate America. 

Chinese President Xi Jinping lavishes praise on blockchain Technology

On October 24, 2019, Chinese President Xi Jinping was reported to lavish praise on the promise of blockchain technology arguing that it is imperative for China to accelerate its development. According to a local Chinese news agency, he said: “We must take the blockchain as an important breakthrough for independent innovation of core technologies, clarify the main direction, increase investment, focus on a number of key core technologies, and accelerate the development of blockchain technology and industrial innovation.” He also emphasized “the role of blockchain in promoting data sharing.”

A day earlier Facebook’s Mark Zuckerberg was grilled by politicians on his Libra project and he tried his best to argue if Libra failed China would simply launch its own competitive initiative. Ohio Congressman Anthony Gonzalez did not buy Zuckerberg’s argument: “What I don’t think is the right frame is, ‘If Mark Zuckerberg and Facebook don’t do it, Xi Jinping will do it.’ This isn’t Mark Zuckerberg versus Xi Jinping. I think that’s totally different. Framing that way, in my opinion, is somewhat misleading to me.”

Despite the obvious self-serving nature of his China references and likely disdain for China given Facebook has been banned in China for over a decade, Zuckerberg is correct in recognizing a potential long-term threat from China. Tied to its clear lead in 5G – by way of Huawei, achievements in AI computing, and long-ago implemented digital payment ecosystem, China is developing a real-time tracking system for all of its citizens – with the potential of exporting such capabilities to other countries and even deploying them outside of China to non-citizens. Setting up its own national digital currency may actually be beside the point.

Indeed, blockchain technology may not even be needed by President Xi Jinping to create a permanent record of all citizen interactions. China may possibly use blockchain technology or distributed ledger technology for grandiose tracking plans, or it may ultimately not bother given possible security and scalability challenges with such nascent technologies.

Whatever the direction ultimately taken by China, the takeaway from President Xi Jinping’s recent comments is clear – China will invest nationally in new technologies such as blockchain whereas the United States will largely stay on the sidelines and rely on private companies to innovate and deploy new technologies – which is actually Zuckerberg’s argument for allowing Libra to proceed.

Senate Banking Committee Focuses on Libra Privacy Issues

On July 16, 2019, a Senate Panel lobbed missives across the Libra bow when questioning David Marcus, the head of Facebook’s Calibra subsidiary.   As suggested by the title of the hearing – “Examining Facebook’s Proposed Digital Currency and Data Privacy Considerations”, today’s hearing was really all about Facebook and not about digital currencies or blockchain technologies in any broader context.

Using a tone that permeated for much of the hearing, Sen. John Kennedy ignored Facebook’s participation in a Swiss Association that purportedly leaves Facebook with little control over Libra and instead mocked: “Facebook wants to control the monetary supply. What could possibly go wrong?” Sen. Sherrod Brown (D-OH) reinforced this lack of trust when he said that Facebook was dangerous because it did not “respect the power of the technologies they are playing with, like a toddler who has gotten his hands on a book of matches, Facebook has burned down the house over and over, and called every arson a ‘learning experience.'”

Sen. Brian Schatz summed up the mood nicely when he recognized: “You’re making an argument for cryptocurrencies generally. The question is not, ‘Should the U.S. lead in this?’ Why in the world, of all companies, given the last couple of years, should [Facebook] do this?” 

On a more substantive side, the hearing was driven by a concern for privacy rights. As reported in The Wall Street Journal,  Mr. Marcus suggested that Facebook would not monetize users’ data related to Libra because no financial or account data from the Libra network would be shared with Facebook:  “We’ve heard loud and clear from people, they don’t want those two types of data streams connected.”

Even though it did not garner much public analysis, Chairman Crapo’s Statement provides an important privacy perspective that may also set the table for future legislative action: “Individuals are the rightful owners of their data. They should be granted a certain set of privacy rights, and the ability to protect those rights through informed consent, including full disclosure of the data that is being gathered and how it is being used.”

And, despite all of his protestations to the contrary, in his own prepared testimony, Mr. Marcus actually provides a rough roadmap detailing how the financial and transactional data obtained by Calibra could directly bolster Facebook’s data surveillance revenue.

Specifically, Mr. Marcus states: “The Calibra wallet will let users send Libra to almost anyone with a smartphone, similar to how they might send a text message, and at low-to-no cost.  We expect that the Calibra wallet will ultimately be one of many services, and one of many digital wallets, available to consumers on the Libra network.   We do not expect Calibra to make money at the outset, and Calibra customers’ account and financial information will not be shared with Facebook, Inc., and as a result cannot be used for ad targeting. Our first goal is to create utility and adoption, enabling people around the world— especially the unbanked and underbanked—to take part in the financial ecosystem.  But we expect that the Calibra wallet will be immediately beneficial to Facebook more broadly because it will allow many of the 90 million small- and medium-sized businesses that use the Facebook platform to transact more directly with Facebook’s many users, which we hope will result in consumers and businesses using Facebook more. That increased usage is likely to yield greater advertising revenue for Facebook.

To suggest that the mere ancillary use of Facebook’s platforms by Calibra users will alone cause an increase in advertising revenue makes little sense.  The only way Calibra will yield greater “advertising revenue” to Facebook is directly related to the well-understood increase in value user data would have after alignment takes place between transaction data and the other data obtained from Facebook’s platforms and services.  Indeed, advertisers have long recognized that personalization data is not nearly as useful as relevance data.

A long-term goal of Facebook’s Libra project, namely combining user data with associated financial and transactional data, should not be considered well-hidden. Mr. Marcus’ written testimony all but confirms Facebook will eventually harvest transactional and KYC data:  “Calibra will not share customers’ account information or financial data with Facebook unless people agree to permit such sharing.”  Indeed, Sen. Pat Toomey specifically asked Mr. Marcus whether Facebook intended to seek user consent to monetize Calibra-derived financial data and Mr. Marcus incredibly responded: “I can’t think of any reason right now for us to do this.” Really?

Facebook likely only has to ask and it will get whatever user permissions necessary to satisfy existing regulatory and statutory requirements.  Depending on the ultimate success of Amazon’s recent $10 offer for tracking data, Facebook may not even need to give much in return for such consent. In other words, once this particular genie is let out of the bottle there will likely be no turning back and any unencumbered launch of Libra might very well be the death knell for data privacy as we know it.

UPDATE: July 18, 2019

House Financial Services Committee Hearing of July 17, 2019

One major difference between the Senate hearing conducted on July 16, 2019 and the House Financial Services Committee hearing of July 17, 2019 was the sort of testimony provided by industry experts.  Even though the Senate smartly sought testimony from Wall Street and blockchain industry expert Caitlin Long, unlike with the House, there were no one educating the Senate on Calibra’s privacy issues.

For example, MIT Professor Gary Gensler’s prepared House testimony lays out a number of questions regarding privacy that Facebook should answer at some point:  “We know that many of the most intrusive privacy practices of concern to privacy regulators have actually been subject to some form of consumer consent. So, it will be essential to conduct a more thorough analysis of what uses of Libra data should be allowed and which uses should be prohibited. How would such restrictions be monitored and enforced? What are the limited exceptions and might Calibra broadly seek customer consent in the form of standard user agreements? It would be likely that Calibra would want to commercialize this data. At a minimum, without sharing the raw transaction data from customers’ Calibra Wallets, it would still likely analyze such data to earn money either through advertisements or by offering targeted services to wallet holders.”  

As well, in the prepared written testimony of Robert Weissman, President of Public Citizen, there is a long discussion explaining why Facebook is a “Corporate Surveillance Leviathan” that cannot be trusted with the proposed Calibra wallet.

The House Hearing also raised the issue of whether Facebook would be able to pick and choose users of the Calibra wallet – potentially forcing persons to conform their behavior to Facebook standards. In one highlight of the House Hearing, Congressman Sean Duffy waved a twenty-dollar bill in the air while making the point that anyone, including persons who say horrible things, can use a twenty-dollar bill but: “Who can use Calibra?”  In response, Mr. Marcus pointed out anyone who could satisfy Calibra KYC requirements – which then begged the loaded follow-up question from Congressman Duffy:  “Could Milo Yiannopoulos and Louis Farrakhan use Calibra [given they are both banned from Facebook]?”  In response, Mr. Marcus said that an applicable policy hasn’t yet been written but that it was “an important question that [Facebook] needed to be thoughtful about.”  

Given Facebook’s poor track record – indeed, former Facebook executives readily acknowledge Facebook holds too much market power and should not be trusted going forward, these and other “important questions” must be answered as soon as possible.

Will Libra Coin Kill Off Privacy For Good?

In January 2018, Facebook publicly announced it was going to take a deep dive into cryptocurrencies.   That same month, Facebook removed all ads from its platform that promote “initial coin offerings or cryptocurrency”.   Facebook’s policy was “intentionally broad” and banned “all ads related to cryptocurrencies — not just those directly trying to sell cryptocurrencies or cryptographic tokens.”  One example of a banned ad was provided by Facebook:  “Click here to learn more about our no-risk cryptocurrency that enables payments to anyone in the world”. 

In other words, Facebook’s “Libra Coin” – described as a “low-volatility cryptocurrency” for global payments in the sort of White Paper written for every ICO ever launched, began percolating at the very exact time Facebook banned ads about ICOs and cryptocurrency.  

Facebook’s crypto advertising ban and duopolistic reach pretty much sums up why potential users should be careful before jumping on the Libra bandwagon.  In what can only be considered ironic, the “Libra Coin” is not even a true cryptocurrency or even built on a blockchain – it is apparently the token for a permissioned payment network that is partially decentralized while requiring the disclosure of sensitive authentication data as well as use of the Calibra wallet owned and operated by Facebook itself.  Most importantly, as a node on the network Facebook will also have access to all consumer transaction data flowing on the network.  Like icing on a global cake, by being part owner of a de facto bank, Facebook will also get to share in any float interest.

Those premier venture firms and companies who have anted up to align with Facebook’s project may believe in the collective end game but to align now with Facebook simply because of its tremendous reach will likely be a mistake for them as well as the consuming public.

UPDATE: October 13, 2019

On October 4, 2019, PayPal withdrew its participation in the Libra Association. And, on October 11, 2019, Visa, Mastercard, eBay, and Stripe joined with Paypal in also withdrawing their participation in the Libra Association. Some have suggested these major payment industry defections spell the death knell for Facebook’s Libra project. In response, Facebook publicly stated the defections were “liberating” and understands why these companies chose not to continue taking the regulatory pressure. Given the significant regulatory hurdles that stand in the way of Libra’s successful launch, Facebook’s proposed privacy-killing “new global currency” will thankfully never see the light of day in its current form.

Is Facebook Dead Man Walking?

Whether Facebook survives as a social media platform may eventually hinge on a metric that has not been widely reported – which is ironic given what has recently been reported is hardly good news.   

On April 24, 2019, Facebook, Inc. estimated that it would incur a loss in the range of $3.0 billion to $5.0 billion as a result of privacy violations investigated by the Federal Trade Commission – which does not even take into account other pending privacy investigations including a report released on April 25, 2019 by Canadian privacy regulators.  Also, paying the FTC up to $5 billion will not save the company from the onslaught savvy class action lawyers will unleash the day after the FTC settles.  

Almost comically, on April 29, 2019, Facebook, Inc. announced what it likely thought was a successful PR coup, namely the funding of privacy research shepherded by two partner organizations, Social Science One and the Social Science Research Council.  Not surprisingly, there was no mention that Facebook would be provided specific recommendations from these organizations let alone have such recommendations eventually adopted by the company.  

Facebook’s privacy regulatory threats are not limited to those found in North America – Germany is attacking the core of Facebook, Inc.’s advertising business model and there are several potentially ruinous GDPR complaints that were filed against it the day that privacy regime became effective.   As previously stated with regards GDPR:  “Facebook will soon be in uncharted and unpredictable privacy waters where disclaimers and popup consent forms may not easily tread.”  

A different sort of threat to Facebook can be found in the decentralized Internet currently being built by start-ups such as Blockstack– which recently filed a SEC Reg A+ offering for $50 million by way of a subsidiary.  Blockstack looks to leapfrog centralized platforms such as Facebook by building tools for a “decentralized computing network and app ecosystem” that includes decentralized storage allowing for porting of app data across social media platforms as well as self-sovereign user IDs that would allow for single user identities and passwords across every online application.  

More than likely, however, the most damaging threat to Facebook in the near term is the platform’s continued drop in customer engagement.  As recognized by Lou Kerner:  “On April 24th, 2019, Facebook reported Q1 ’19 earning, and once again, Wall street applauded, sending the shares up 8%, adding another $45 billion in value. While some saw triumph, and others saw further reason to break Facebook up, all I saw was continued decline in the only metric that matters, engagement.”  

Kerner’s graphic on the steady decline of daily and monthly active Facebook users is ominous:

Notwithstanding its many privacy transgressions and current regulatory/litigation challenges as well as the future advent of a decentralized Internet, what likely will be the most direct cause of Facebook’s downfall as a platform stems from the simple fact users have been steadily moving away from using it.

Apparently, users have taken the advice of WhatsApp co-founder Brian Acton and have chosen to “delete Facebook.”  Even though Facebook, Inc.’s present cash reserve and its other popular applications would likely allow the company to continue as a viable entity for many years even without its eponymous platform, those present users who spend hours each day on Facebook – and have no desire to ever abandon it, might just not be enough to sustain the Facebook platform in the long term.  

Simply put, with shrinking levels of engagement the Facebook platform may eventually go from a MySpace to Vine.

SEC Issues First No-Action Letter for an ICO

The SEC on April 3, 2019 issued a No-Action Letter to an ICO offeror – demonstrating that its Chairman’s prior promise to devote sufficient SEC resources toward better understanding initial coin offerings has been kept. In the April 2, 2019 no-action request to the SEC, TurnKey Jet proposed, “to offer and sell blockchain-based digital assets in the form of “tokenized” jet cards.”  TurnKey plans to be the program manager for a membership program based on this token platform.  The tokens would be pegged at the US dollar “throughout the life of the Program”.  Apparently, the sole purpose in issuing tokens is to avoid financial transaction costs to the extent a credit card is used to book jet travel.  

Even though there is certainly value in eliminating the middleman in high-cost transactions – card brands, Venmo, and Paypal take note, this is not the sort of blockchain-implemented ecosystem envisioned by the early ICO issuers.  Nevertheless, this sort of use case provides a readily apparent benefit to its participants and is exactly what the blockchain/DLT community needs to move forward.  As previously argued, it is certainly not the case that all ICOs are securities so this no-action move by the SEC should be welcome by all. 

In a related positive move from the SEC, on April 3, 2019 the SEC released its Statement on “Framework for ‘Investment Contract’ Analysis of Digital Assets”.  Doing an excellent job of parsing the existing statutory interpretation of what constitutes a security, i.e., the now famous Howey test, the SEC’s FinHub Framework is a must-read for those looking to issue a digital asset.  

Notwithstanding some criticism of the SEC Framework, this release is a natural progression that should not be discounted.  More importantly, by launching this Framework the same day of its No-Action Letter, the SEC has sent a clear message that blockchain ecosystems remain open for business and the SEC will not hurl unnecessary impediments to the implementation of those use cases that actually comply with regulatory law.  

JPM Coin

On Valentine’s Day 2019, J.P. Morgan gave a kiss to the blockchain/DLT community by announcing its JPM Coin– a branded stablecoin pegged to the dollar that will be used by its large institutional clients to settle payment transactions.  Upon settlement, each coin would be burned and traded for a dollar.  The ultimate benefits in the JPM Coin ecosystem will be found in the transaction speed and very low cost of execution.  This is a noteworthy move given that there are obvious short term negatives to J.P. Morgan in that the launch of such an ecosystem might initially cut into some custodial profits.

Perhaps driven by the fact no bank could ever really control Bitcoin, J.P. Morgan’s CEO previously said that Bitcoin was a fraud.  It is likely no coincidence that this launch only took place after Bitcoin cratered by nearly 80% of its value.  Moreover, this announced future use of a “digital coin” is very much something J.P. Morgan could exert some control over – hence its name, and would not even initially be made available to J.P. Morgan’s retail clients.  It is assumed that would change over time after deployment and this coin’s usage matures – retail clients may eventually be able to use JPM Coins for mobile payment transactions or in lieu of a time-consuming wire transfer.

Even though there was an unexpected major hiccup in 2018, as previously pointed out, “acceptance of blockchain technology by the financial industry will be indelible proof those mistakes of 1995 made by retail sales and marketing companies will not be repeated by the financial industry.” In other words, by jumping on board feet first to the adoption of a digital coin issued on its own Quorum permissioned blockchain, J.P. Morgan is taking a major step towards having the financial industry continue to lead the DLT movement until the technology catches up to other innovative use cases in other industries.  

Gilder’s Life after Google

Even though one online reviewer called it “[a] random walk through Silicon Valley without any goal, valuable information, conclusions or anything other than what would fit a gossip magazine”, Gilder’s book provides a grand thesis with very deliberate underpinnings.  There are certainly many other books and articles out there that better inform regarding blockchain.  Nevertheless, Gilder explains exactly why blockchain will in the distant future help cause Google to lose its digital stranglehold.  For that, his book largely stands alone.

Gilder has had close access to the elite tech digerati for decades. There is no denying he knows what and who he is talking about. The writing style, however, will not be everyone’s cup of tea.  For example, applying a straw man style, he often builds up only to take down later in the book. This can easily be frustrating.  Also, an imagined meeting with Satoshi Nakamoto – the pseudonymous founder of Bitcoin, can either be considered a highlight of the book or downright hokey based on one’s literary taste.

To Gilder, Google’s downfall largely rests on its giving away free products without fully understanding how this zero-sum system neglects the value and impact of consumer time on Google’s $30 billion dollar Siren Servers – a Jaron Lanier term used to convey the eventual death spiral of a company blinded by its 75,000 server farm.  Gilder reminds:  “Without prices, all that is left to confine consumption is the scarcity of time”.

Interestingly, Jaron Lanier as well as Peter Thiel feature predominately in this book as the existential fodder for much of Gilder’s musings. The true sparkle, however, remains pure Gilder – including his view that Google’s fall is precipitated on the behemoth’s not fully understanding true wealth can only be a product of knowledge and memories.  As Gilder suggests, “wealth is not a thing or a random sequence. It is inextricably rooted in hard won knowledge over extended time.” How he eventually connects the many dots found in the book is worth the read despite the haphazard approach.  And, despite valid style criticisms, given so few are walking down this exact path, Gilder’s trailblazing can only be lauded.

Using pokes and outright direct digs on failed exercises of socialism and a “World Saving” Artificial Intelligence fealty pursued by Elon Musk, Gilder’s libertarian bent expresses a slightly brighter vision where creativity and humanity win out.  He is on to something – just ask Tim Berners-Lee about his startup, Inrupt to get additional perspective on Google.  And, the decentralized web ecosystems exemplified by Blockstack and Hashgraph are certainly aimed at tearing down the current global ecosystems founded by the Tech Lords of Stanford. Ultimately, in futurist Gilder’s vision, individuals win when they can more easily trust and be secure in their interactions.

Those seeking an actual name for the specific Google killer app will be disappointed. Gilder does not reveal which business vision will launch the “killer app” required to actually break the status quo.  Readers are provided with an abstract roadmap lacking in specific directions because no specific killer app has been publicly announced yet and will likely not be released for several years.