Bitcoin exchanges are more centralised than traditional exchanges. We can do so much better than this.

What The Traditional Financial System Can Teach Us about The MtGox Disaster

Imagine you were an equity trader and used a Stock Exchange to trade between equities and cash and back.  What would happen if they unexpectedly filed for bankruptcy? How much money would you stand to lose? The answer is zero.    You would lose nothing.  Your equities would be safe at your custodian bank and your cash would be wherever you left it.

However, if you were a Bitcoin trader and your Bitcoin exchange went bankrupt, you could have lost everything – as users of Mt.Gox discovered to their cost last week.

How can this be?  Isn’t Bitcoin supposed to be the ultimate decentralized financial system?  Well, yes… the Bitcoin network is decentralized but many of the major players are not.  And, worse, exchanges like Mt.Gox acted as more than just exchanges: they are also the Bitcoin custodian, clearing house and bank.

The diagram below shows the problem.  From the time a buyer deposits cash or a seller deposits Bitcoins, they are utterly dependent on the solvency of that exchange until they withdraw their funds at some later date.  You have counterparty exposure to the exchange for all this time.


Buyers and Sellers have Counterparty exposure to the exchange for an extended period of time

That’s not how it works in the equity world. I wrote about the mechanics in my article on how equities move around the securities settlement system.

The key point of that article is that your shares and cash never go anywhere near the exchange.

Instead, a custodian bank looks after your equities in a segregated account and they usually also hold your cash.  And a Clearing House will step into the middle of the trade to protect you from non-performance by your counterparty. So you don’t even need to worry about the other party going bust. Things would have to be really bad before you stood to lose any money.

For example, when Lehman Brothers defaulted on US$9 trillion notional of Interest Rate Swap derivatives, LCH.Clearnet (a clearing house) resolved the situation with no loss to anybody else at all:

In September 2008, we successfully managed Lehman Brothers’ US$9 trillion interest rate swap default,  comprising over 66,000 trades, by implementing SwapClear’s unique default management process.   

Less than a week after default, market risk had been reduced by 90% by comprehensive hedging and, within  three weeks, the default was fully resolved well within the margin held and at no loss to other market participants.

The diagram below shows what the risk situation looks like when trading equities: at no time are you exposed to the exchange’s solvency and that your risk exposure is with respect to well-capitalised, hopefully well-run clearing houses and custodian banks rather than the exchange itself.


Users of equity exchanges have no exposure to the exchange

Note that you can choose your custodian and you could, by choosing your exchange, also choose your clearing house….   The equity world is more decentralized than the Bitcoin world!

Can We Do Better?

It’s tempting to conclude that Bitcoin exchanges should move to this model.  But I think we can do better.  Perhaps it is possible to leapfrog a stage of evolution. Here’s what I have in mind:

The Bitcoin “multi-signature” feature allows you to “encumber” funds so that they can only be spent with the agreement of more than one party.   So here’s what you could do if you’re a seller of Bitcoins…

Just before you want to sell some coins through an exchange, send them to a new 2-of-3 address that can be spent by any two of the following three entities:

1)   You

2)   The exchange’s “Clearing House”

3)   An “arbiter” that you and the clearing house both trust

Your coins are now encumbered.  They’re locked up until the trade is done and the outcome agreed.

The “clearing house” would be a new concept in the Bitcoin world but it could be quite simple:  it just needs to be an entity that takes temporary custody of the buyer’s fiat payment and, once received, facilitates the transfer of the Bitcoins, before releasing the fiat payment to the seller.    Note that this still means somebody has to be trusted with the fiat funds but it’s not obvious how you would ever escape from that requirement.  And one could imagine, in the future, that a real Bank might step up to perform this function.

Under this model, when you execute a trade, the exchange informs the clearing house and they then manage the processes necessary to settle the trade.

First, the clearing house can request fiat payment from the buyer (if they don’t already have the funds). When the clearing house confirms to you that they have received payment from the buyer, they sign and submit a 2-of-3 transaction to you for co-signature that will release the encumbered Bitcoins to the buyer.

The clearing house will have populated the buyer’s address and signed their part of the transaction.  So if you agree, you co-sign and publish it into the Bitcoin network.  The recipient gets their Bitcoins, the clearing house waits for confirmation and then releases the cash to you.

At no point does the clearing house or exchange have the ability to steal or lose your coins.  And the 2-of-3 address prevents you from running away with the coins. You all need to co-operate.

In the event of a dispute, you can turn to the third-party “arbiter”, who controls the third key, which they can use to co-sign a transaction with whichever party they decide for.  Notice how there could be competition amongst arbiters – you just need an entity that both you and the clearing house trust.

So provided the arbiter is not in collusion with the clearing house (not a given, of course), we have a way of resolving the transaction even in the event of dispute.

Now this is not perfect and it still has points of centralisation… but it’s a big step forward from where we are today.  And notice how it’s simpler than the equity world: there is no need for a dedicated Bitcoin “custodian” service here – the multi-sig feature allows us to do without.  We just need the clearing houses entities, which could be spun out from the existing exchanges as separate legal entities, and a network of arbiters – the one new function.

From a risk perspective, you end up with the diagram below:


Using Multi-Sig transactions as a step towards lower risk (and greater decentralization) for Bitcoin exchanges

 I don’t claim this as an original idea but I think it does have the virtue of being implementable fairly easily (easy for me to say, of course…)


30 thoughts on “Bitcoin exchanges are more centralised than traditional exchanges. We can do so much better than this.

  1. This scheme looks lovely in practise, but I am not convinced it is implementable in practise except for as a niche platform. Bitcoin exchanges work off the block chain so that they can process transfers very quickly without bitcoins being held up in bitcoin transactions. A lot of bitcoin traders don’t want the risk that they won’t be able to make further trades if the market price changes rapidly.

    Also the bitcoin network can only currently process 7 transactions per second which is about 3, 2-of-3 multi-signature transactions per second. This would limit trading to only about one bitcoin trade per second across the whole network. Clearly during periods of high volume, there will be significant problems with transactions backing up on the network.

  2. Telepathic: There are ways to do off-blockchain transactions in a trustless manner, for example using micropayment channels . You’re not necessarily limited to one trade per blockchain-tx.

  3. As the seller, I would never sign the transaction until after I’d gotten the cash. What’s to stop the clearing house from taking my fiat once I’d signed over the BTC to the seller?

    I’m not completely “protected” at that point – it’s the one point in the transaction in which I have nothing. I’ve just signed the BTC over to seller, which makes 2 of 3. The BTC are now his. The clearinghouse has my cash (supposedly temporarily, as it waits for confirmation), and I have nothing, until they decide to release it to me. Which they could (theoretically) choose not to do.

  4. Isn’t this exactly what Mastercoin and Etherium are trying to build? A system of decentralised contracts and exchanges that solve the “blockchain bloat” challenge. If it’s not already online, I highly recommend checking out the video from the recent Etherium meetup. Some bright minds are already trying to solve this challenge… What interests me is how a bank might secure their role in future by legitimising the good parts of a blockchain ecosystem.

    Rather than the current narrow, AML driven view…

  5. @Nathan – very true. Under my model, the clearing house could indeed run away with your coins. Whilst not perfect, this is 1) no worse than the current situation with equity exchanges and 2) better than what we have today in the Bitcoin world.

    So I agree… not perfect. But definitely better

    @Simon – completely agree. Some of the ideas coming out of ethereum, in particular, are mindblowing.

  6. This feature, and indeed the avoidance of an “exchange” altogether is now being worked on for Nxt.
    Within Nxt it isn’t needed to use an exchange.

    For instance, we now have a multisignature cross chain gateway in testing phase that uses the Nxt Asset Exchange feature. You can find the descriptions here: and here:

    It’s not vapourware but actual working code. It’s currently in alpha, but works.

    In theory there is no need at all to go through exchanges anymore, nor is it needed to put trust where you don’t want to.

  7. +1 for Damelon.
    The decentralised asset exchange of Nxt will open so much doors, and it will be launched soon…

  8. Pingback: Bitcoin is stonger than before – Bitwyre – Blog
  9. Reblogged this on Eric's Top Reviews and commented:
    This topic is one of the most talked about events since 2009. The questions and the answers are still being pondered by all walks of life. Will it be the wave of the future?

  10. Great article! glad to see people giving decentralized exchanges some serious thought.

    Can this idea be reduced even further to just need an arbiter, but no signature from a clearing house?

    Happy path:
    1) Bitcoins locked in 2 of 3 (p2sh) address signed by seller, buyer and arbiter.
    2) buyer transfers cash directly to sellers account via bank transfer
    3) seller receives cash and signs 2 of 3 transaction to release bitcoins.

    A) Arbiter signs in place of buyer to refund bitcoins to seller if buyer fails to provide proof of bank transfer.
    B) Arbiter signs in place of seller when buyer provides proof of transfer, but seller does not sign to release bitcoins.

    In both cases, the arbiter would only need the institutions sending and receiving the cash to provide a legally binding receipt that proves the fiat was sent and received. The transfer would also have to be legally guaranteed to be non-reversible. This is where a clearing house might be required; different countries have different frameworks for reversing bank transfers. Clearing houses already exist in our fiat banking system, what doesn’t exist are standard protocols that an arbiter could use to reliably verify when fiat has been irrevocably transferred.

    Maybe I’m just restating what RGB already wrote, but I think it’s different. In my slightly modified version, exchanges that follow the “happy path” require no 3rd party to ever sign the final bitcoin transaction.

    Settlement using this system can be fast and inexpensive if the the fiat transfer verification can be automated and the bitcoin transactions processed off the block chain using pre-established micro-payment channels.

  11. @Brian – thanks for the comment. You still need to trust *somebody* on the fiat leg under your model, though, don’t you? i.e. somebody has to be the issuer of the coloured coin / Nxt asset, etc that represents the fiat — and so you always have counterpart exposure to them. Now, one could imagine a world where the issuer is a bank or, better, the *central bank* for that currency but, until then, the best you can achieve with respect to decentralisation is cultivating a network of competing fiat issuers, right? Or am I missing something?

  12. HI @Paul – the issue I struggle with is how to achieve decentralisation *and* some degree of anonymity. In my model, the BTC seller and buyer deposit their BTC/fiat *in advance* of doing any trade. The trade could be a long time in the future but each party knows *at the time they do the trade* that the other side is good for the BTC/fiat. The problem them is simply making sure the actual settlement (exchange of assets) takes place.

    The problem I see is that if you don’t encumber the assets in advance then what’s to stop somebody agreeing to a trade and then failing to deliver? How do you know who they are? Who do you sue? You’re immediately back into the regular legal world and nothing in the cryptocurrency technology stack can help you.

    Or am I missing something important here?

  13. Failing to deliver is always problem but now instead of trusted exchange you have N-trusted exchangers and anyone of them can be a thief. You just moved from one point of failure to N. There is no silver bullet and never will be since blockchain deals only with one currency (metadata don’t enforce anything). By using clearing houses you have 3 trusted parties hence 3 times bigger risk. In old world of banking nobody is really responsible for failures. What you described is system where everyone will still be in business with party that is not trustworthy instead of forcing them to go bankrupt.

    Only partial solution is to have wallet for each user for each crypto-currency (which will be costly for CPU and disk) and move funds out before and in after trade. And giving user the option of downloading the wallet (with password). That could lead to significantly higher fees, longer time of unavailability of funds after trade (confirmation time) and spamming with transactions (at least meta can be used to pair it with another transaction in different blockchain).
    Note that I have never used word fiat since enforcing fiat is impossible.

    TL;DR you are using old world mechanics on something that is totally different.

  14. @Richard – thanks for responding. The blockchain technology has struggled to resolve the issue of trust, the issue compounded in the public eye by a thorough lack of regulatory guidance regarding cryptocurrencies. Efficient markets and free flow of information determine which issuers retain trust in the form of reputation in any market. You can try out the Nxt Asset Exchange yourself (Beta, testNXT only) today at and read my review and comparison to another exchange at

    By purchasing shares or coins or fiat of any type, the buyer may hold varying levels or layers of counter-party risk. For instance, gold stored in a bank deposit box may no longer actually belong to the supposed “owner” of the gold in the case of bank failure, robbery or government seizure. The gold itself has no counter-party risk, but due to the method of storage (layer of counter-party risk) the gold “owner” changed. A similar situation exists in the development of cryptocurrency asset exchanges. Bitcoin itself has no counter-party risk if you and only you hold the private key, but if you traded at Mt. Gox Exchange you didn’t have the private key once you sent your Bitcoin to Gox.

    The Nxt community has already had two successful Phase 1 NXT denominated IPOs. The remaining IPO phases will be completed on the decentralized Nxt Asset Exchange operating on the decentralized by design core Nxt network. Always hold your private keys with locally signed transactions to minimize your cryptocurrency counter-party risk.

  15. Pingback: A decentralized securities trading and settlement system is being built hidden in plain sight | Richard Gendal Brown
  16. @Paul, @gendal: The idea Paul described is used at Bitsquare (
    It uses also a security deposit to avoid risks that the btc buyer does not fulfill his obligations. The arbitration system is itself decentralized (everybody can become an arbitrator, a security deposit is the protection against collusion)
    Here is a graphical overview:
    Bitsquare is under development, but the basic functionality works already. A alpha release will follow soon.

  17. Pingback: Bitcoin Users Need To Stop Trusting Exchange Wallets - Bitcoin Channel

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s