Tag: opinion

Facebook, Ready To Become A Global Bank?

What advantage do social media giants have to offering financial services?

A large user base. Facebook is set to provide electronic payment services using their own digital currency called the Libra coin. This story was huge when it first came out because of the hype around it as a cryptocurrency that would compete against Bitcoin and Ethereum. Perhaps that is not quite correct. The Libra coin is being offered as a token that provides ways for users on Facebook’s platform to make payments to each other. The tokens are provided with the Calibra wallet and a network validates transactions via a group known as the Libra Association.

Facebook’s cryptocurrency is not using an actual blockchain, but more a digital ledger. While it also uses cryptography to secure transactions and make them immutable and provide transparency, the set number of validators on the network make it more permissioned and centralized than a public blockchain. That is counter to the ideology behind cryptocurrency which are supposed to be permissionless and decentralized. Facebook will not be the sole validator on the network though, that is because it will be the duty of the Libra Association.

The Libra token is also not exactly going to be a competitor against Bitcoin. Libra’s value will not be based on market speculation or demand, but will be pegged to fiat currency. It is not exactly the type of digital asset to acquire as a store of value, unless the purpose of the token changes. Otherwise it is just like another version of an electronic payment system that is already quite common. Pegging it into fiat removes the volatility that is typical of cryptocurrency. No matter how many Libra coins you have, its value will remain the same as the amount of fiat you exchanged it for. The use of the Libra token for payments is to provide easier ways to pay with less friction and for accountability purposes.

The list of Libra alliance members is what is impressive. The idea that Facebook was able to unite companies like PayPal, Uber, Lyft, Visa and Mastercard gives the notion that this must really be on to something. That is because it has such huge potential, it has already attracted scrutiny from mainstream finance and regulators. However, it is not exactly a good thing because rather than approve it, critics want to either stop the whole thing from happening or regulate it with the full extent of the law.

What we have to realize is that Facebook has over 2+ billion users. The impact such undertaking has can influence people’s lives. That means that billions of users will be able to use Facebook to not only make payments, but as an on ramp to trading cryptocurrency as well. That can be good news for Bitcoin and Ethereum holders. Rather than compete, it can foster cryptocurrency growth. Facebook wants to reach out to the greater part of the population that is unbanked. Now that is a significantly large proportion of the world’s population. With more people having access to the Internet through their smartphones (4G technology), the impact this can have is really huge.

For regulators, the concern is Facebook’s reputation. Since the data privacy issues and Facebook’s appearance before the Senate, why would anyone trust Facebook? Other concerns include whether Facebook will censor those on their platform from using Libra. The overall power that Facebook will have in this field makes it hard for anyone else to compete against because of how large the user base is. Facebook is an ecosystem that includes Instagram, WhatsApp and Messenger. It will become so easy and convenient to use these apps to make payments, it is a great business plan.

For banks the biggest concern here is Facebook as a competitor. Libra coins can be bought using the Libra Association’s payment processors. It does not require banks, and this raises more scrutiny. Does this mean “Facebook will become their own bank?”, because they can very well do that. If people and businesses can start taking out loans from the Facebook, that will disrupt the banking industry. The amount of fiat reserves that Facebook and their Libra Association will hold from selling the coins will be held as not for profit. However, they can use the funds to continue to develop the Libra ecosystem and it will still benefit the members of the alliance and Facebook. Despite being not for profit, they still make money from accrued interest and the amount of money is huge. This is actually from a second token called the Libra Investment Token, and this is the financial reward for members of the Libra Association. Just like any cryptocurrency, there is an incentivized reward system for those who participate in its consensus.

Without further regulatory clarity and the amount of requirements, Facebook will have a mountain to climb until they get Libra to the public. Since the Libra Association has registered in Switzerland, they will also need to meet compliance with the authorities there. In the US, it will have to meet both federal and then state regulation before it can be approved. Other countries like China, may have a conflict of interest with Libra and may not ever see its use there.

What Libra coin can also provide is an on-ramp to on-board more people to an electronic payment system. Depending on how you look at it, the system can also be a gateway to cryptocurrency. Thus it will not directly compete with cryptocurrency like Bitcoin, but can actually make it easier for people to buy them. This is because Libra can be listed on digital exchanges where they have a pairing to other cryptocurrency. While Libra can be used for payments, they can also be traded for other cryptocurrency on digital exchanges.

A global bank will have plenty of power, but also require more responsibility. Facebook has already violated trust among its users by selling their data to third party. There are now also issues with privacy after Facebook admitted that it listens in to conversations in order to improve the service. Will consumers also be comfortable knowing that all their transactions are tracked on digital ledger that is controlled by a sort of oligarchy i.e. The Libra Association. The problem is that there is so much lack of transparency, users would not have been aware of what is happening. The Libra Association claims they will move to a more permissionless and decentralized system by moving to the PoS (Proof-of-State) consensus. They also want to guarantee that there is transparency and immutability like in any other blockchain. Libra may be good for users in general, but earning trust is the issue. Whether or not Facebook is up to the task remains to be seen.

The Bitcoin Binance Hack And The Lessons Learned

At the time of this writing it is the start of blockchain week In New York City. One of the hot topics that will be discussed has to do with the most recent Binance hack that led to $40.7 Million of stolen Bitcoin (worth 7,000 BTC at the time of the incident). This is actually not the first time Binance has been hacked, they have a track record. Despite their concern for cybersecurity, it seems their system is not really that secure. This is not to say that Binance does not take cybersecurity seriously, because they do. They implement a 2FA type of authentication which requires using either an authenticator that generates a random code or the code is sent via an SMS text message to a smartphone. It is pretty secure after the fact, yet it was foiled time and time again. At this point the best that Binance can do is to track the stolen BTC and get the cooperation of other digital exchanges to freeze the funds. We actually know which address moved the coins (The transaction was traced from this link).

Fortunately, Binance has what it calls a SAFU (Secure Asset Fund for Users) which is a way of providing an insurance to users on the exchange in case of emergency. Changpeng Zhao or CZ, Binance CEO, has guaranteed that those who lost Bitcoin from the hack will be compensated for their losses. That is good to know, but will this be the end of these type of hacks? It has already happened before, so there is likelihood that it can happen again. That is unless Binance will add new security measures that tighten their systems even more. Then that gives hackers a new problem to deal with.

Now here is what is concerning. In an official statement made by Binance regarding the hack:

“The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed. Once executed, the withdrawal triggered various alarms in our system. We stopped all withdrawals immediately after that.

The fact that it “passed our existing security checks” is a cause for concern that is what they are working to improve. According to this Coindesk article, Binance is going to do a revamp of their security system. They will certainly look into improving their API for 2FA as well as their withdrawal validation process. If a hacker can easily hack a user’s API key or 2FA credentials, you don’t really have a secure system. It was probably not an easy feat for the hackers, so now Binance should make it even more difficult to decrease the likelihood of any successful breach.

Phishing attacks are one of the exploits hackers use to get information from users. Once they trick a user to giving them that information, the hackers then use it to access the exchange. That is really all you need to do to get past Binance’s security check. Binance implements withdrawal limits for unverified users but for those who are verified, the hacker can wipe out their entire balance on the exchange.

Other ways a Binance user account was compromised can be from spyware, keyloggers or remote viewing software like VNC. Having an antivirus and cyberbsecurity software installed on a computer can help detect these malware. Another way to foil these attacks is to not keep funds stored on an exchange. Using a cold storage (not connected to the Internet) on a hardware wallet provides more security. In fact, some smartphones like the HTC Exodus and Samsung Galaxy S10 provide hardware wallet support for cryptocurrency now. For the strictest security, keep your digital assets safe in cold storage and not on hot wallets or custodial services like digital exchanges.

According to CZ:

“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers.”

That’s right. Binance is definitely going to need more help in cybersecurity to fix this problem. Remember, it is not the blockchain that got hacked, it is Binance’s system. Binance also announced support for hardware devices with 2FA, a more secure way to connect to Binance. A system like that would require hackers to have possession of the actual hardware device. Think of this as a sort of physical key, that only gives access to the user who owns it.

The risk of a more digital world is computer hacking. Binance has been successfully hacked in the past. A user lost 2 BTC when a hacker used the credentials from their hacked e-mail address. Another hack occurred in July 2018, which was a “potential” hack that led to the theft of $45 Million of Syscoin and dumping of BTC. It was not Binance’s direct fault, but more on the Syscoin wallet. Regardless, it was a system anomaly that Binance admins detected. Binance immediately shutdown and then reset their API keys. That’s exactly what they did with the most recent hack. It seems that the answer to the problem is just shutting down and resetting everything. However, that does not solve the problem apparently.

Due to this large loss of BTC, someone from the BTC development community reached out to CZ. A suggestion was made to reorg the BTC blockchain and give back the stolen funds to their respective owners. Now the reaction to this was not good at all and thankfully, CZ decided not to do this. That would require Binance to use a “51% attack” to gain majority hashing power on the Bitcoin network to overturn transactions. The problem with this is an ethics issue because it would require Binance to get a consensus among miners and nodes on the network to support this plan. It goes against the main ideology of the blockchain, which is about decentralization and immutability. When you get a collusion of miners to provide Binance with majority hashing power, it centralizes the network to benefit one organization. This may also lead to inconsistencies on the blockchain if several bad actors try to mine on their own chain to gain control of the network. The idea that a consortium of miners with hashing power can overturn a trnsaction goes against immutability on the blockchain. It would be a terrible idea to do this.

The result of a reorg may lead to more factions in the Bitcoin community. There might even be a fork and this is not going to be good for the price of BTC as a store of value. It may even ruin the market leading to turmoil and massive sell offs as users collect their money. There needs to be a clear direction for BTC and a reorg is probably not in everyone’s best interest since it really only benefits Binance and the hacked accounts. This is not a consensus of the network’s interests.

The good thing is that the hack did not affect BTC prices. FUD didn’t lead to any massive dump or sell off, proving that there is confidence in the market. Taking care of the real problem, which is cybersecurity, is what needs to addressed. Binance vows to increase their security which is the most important feature right now for any digital exchange. Users need their funds to be safe from hackers, so this is going to be the responsibility of digital exchanges.