The Wildest Year in Bitcoin
Most people, when considering whether to get involved with Bitcoin, look to the ebbs and flows in its price. This way of thinking is misguided.
The value of Bitcoin is not in its price at any given moment, but in the collective work of the thousands of people who maintain it. These are often highly intelligent people, more than capable of getting cushy jobs in San Francisco or Wall Street, who instead choose to spend their time working on a strange, emerging technology. It is by virtue of this intellectual capital that Bitcoin has a price at all.
The following is for those who want to understand Bitcoin better — what makes it work, and how its many moving parts come together. It’s a case study in what makes Bitcoin worth anything. More specifically, it’s the story of a controversial software upgrade proposal called “SegWit2x,” which some people believed would save the network, and others believed would destroy it.
NB: This piece is adapted from a mini-series I wrote for the “Malicious Life” podcast. It features an interview I conducted with Andreas Antonopolous, the full version of which can be found here.
PART I: MONEY PROBLEMS
THE SCENE: 2017
Blockchain is the fastest-growing technology in mankind’s history.
Think about it. Artificial intelligence dates back to the ‘50s, and Siri isn’t as smart as it seems. Virtual reality can be traced to the ‘60s or ‘70s, depending on how you look at it. The first IoT machine was devised in ’82. But the first blockchain: the Bitcoin network? 2009.
Bitcoin’s super fast growth is a direct result of the community supporting it. The most revered are those weird and crazy early adopters who believed in it back when the rest of us either didn’t know what it was, or figured it was just some fad. Today, it’s the diversity of interests represented on the platform that pushes the needle forward. Individual investors, startups, corporations, miners, and developers all use Bitcoin in different ways, for different reasons. Because any network upgrade has to be agreed upon by the majority of the community, technical and philosophical debates about exactly how things should be never stop. It’s highly productive.
This is the internet, though. In some of those same online forums where rich technical discussions occur, things can also get nasty and personal. Highly intelligent people regress towards pettiness and childish name-calling. And it’s not trivial, either — people have real money on the line, oftentimes a lot of it.
These two sides of Bitcoin’s immense growth — the rapid technological achievement, and the dangerous infighting — came to a head in 2017, a year Bitcoin hodlers will never forget.
The setting was ripe, as the price of Bitcoin began to rise faster than it ever had before. In January, one Bitcoin was worth about $1,000. By June, $3,000. By the end of the year, $3,000 would seem tiny.
Bitcoin was hot, and the wider public began to take notice. What was it? How did it work? And how could I become a millionaire off it too? Social media flared, news channels picked up the story, word spread around the world.
Everybody was winning. Money, attention, success poured out of every seam. It appeared that a golden age had dawned.
But just under the surface, the Bitcoin network was teetering on the verge of collapse. The widespread popularity that early advocates had been waiting for had finally come, and with it came a high cost. Technical problems that were mere nuisances when the community was small now became glaring and potentially lethal. Debates among tight communities of knowledgeable users and developers ballooned into full-on internet wars. Factions hardened. Heroes became enemies of the people.
In this article, I’ll be recounting the story of a 2017 network upgrade proposal called “SegWit2x.” SegWit2x, more than anything, epitomized what made 2017 the wildest year in Bitcoin. Depending on whom you ask, it was either the upgrade that could finally save Bitcoin, or a attack that would ultimately destroy it.
BLOCK SIZE
At a time when a dozen Bitcoin could buy you a new car, the network supporting it was quite literally splitting at the seams.
Bitcoin works on a decentralized system in which every transaction — every transfer from one wallet to another — needs to be processed and confirmed by the network. In the early days, when only a few people took part in the network, transactions were processed very quickly — in a matter of seconds or minutes. Fees, which are an optional feature of the network, were essentially non-existent.
Over time, as Bitcoin got more popular, and as more transactions were initiated, a bottleneck formed. Processing time grew from seconds and minutes to hours and days. As a consequence, more users were incentivized to pay higher fees in order to have their transactions processed with a higher priority. By June 2017, the average fee users were paying in association with their transactions was five dollars. Now, five dollars isn’t a ton of money, but it does put a certain restriction on what kinds of transactions Bitcoin can be viable for. If you want to pay somebody $1,000 in Bitcoin, an extra five won’t do much harm. But what about all the people who envisioned the future of money — a decentralized currency that could be used even just to purchase a cup of coffee in the morning? You can’t pay for coffee with Bitcoin if the coffee costs $3.50, and the payment costs another $5.
This glut severely limited Bitcoin’s viability as a practical means of payment. Gavin Andresen, one of Bitcoin’s most significant developers and the founder of the Bitcoin Foundation, warned in May 2015 that:
If the number of transactions waiting gets large enough, the end result will be an over-saturated network, busy doing nothing productive. I don’t think that is likely — it is more likely people just stop using Bitcoin because transaction confirmation becomes increasingly unreliable.
What was preventing the system from simply processing more transactions, and thereby lowering fees? Ultimately, it all boiled down to a single parameter: the size of a Bitcoin block.
A block is simply a file that holds the data about transactions on the Bitcoin network. It follows, then, that the size of a block is the limiting factor on how many transactions it can hold. By design, the Bitcoin network can only process one block every ten minutes (the reasons for which are interesting, but beyond the scope of this article). This means that the number of transactions that can be approved every ten minutes, also known as the “throughput” of the system, is limited to the number of transactions each block holds.
In 2017, a single block’s size was limited to 1 MB. This works out to a throughput of about 4 transactions per second. Even if you’re not familiar with Bitcoin at all, you can probably tell that this isn’t a lot. Visa and Mastercard process thousands of transactions every second.
When the Bitcoin community consisted of a few developers, internet libertarians, and criminals, this wasn’t so much of a problem. But as investments started doubling, quadrupling, and multiplying in obscene orders of magnitude, the business sector took note. As the 2010s went on, it became more and more profitable to be in Bitcoin. So whereas in the early 2010s transaction throughput was an issue largely debated by engineers on a technical level, by the mid-2010s, it became very important to different kinds of people with more varied interests.
But we still haven’t answered the question: if limiting the size of the blocks hurts the network’s throughput, why limit the size of blocks at all? To many in the community, it’s just a given — the block size is one megabyte, and that’s just how it is. But this limit wasn’t actually part of the original Bitcoin white paper, and Satoshi Nakamoto — the creator of the network — didn’t come up with the idea. In fact, at first, he was opposed to it.
It was one of his closest colleagues, Hal Finney, who devised the block size limit. Another early developer who went by the name “Cryddit” recalled how it happened.
The 1 MB limit existed to prevent a scenario where a hacker could overload the blockchain by pushing an uncontrollable number of transactions all at once. It also served useful to have a certain level of scarcity in block capacity. If people added information to the blockchain that wasn’t necessary — for personal, political, or whatever reasons they might have — it would make the blockchain, simply, a bigger file than it needed to be. Fewer people would be able to participate in the maintenance of the network, as simply storing all that information would run their hard drives dry. Fewer people maintaining the ledger would lead to greater centralization of the network, which poses both financial and security problems.
So the block size limit was a proactive security measure. But not everybody was on board and, through the early-to-mid 2010s, as more and more transactions began taking place on the network, more and more people began to question this arbitrary parameter.
Luckily, in 2015, one of Bitcoin’s Core developers came to a breakthrough: a way to increase throughput, while still retaining the 1 MB limit.
SEGWIT
Pieter Wuille is as much of a software engineer as a software engineer can get. He writes code obsessively. He even looks like an engineer — a short guy, messy hair and a beard, glasses, with the kind of pale skin you develop by typing in dark rooms all day and night. In a community where everybody shouts at one another, and people who don’t actually know much pretend they do (e.g. this author), Pieter is hardly ever seen or heard in public, and when it comes to Bitcoin, he basically does know everything there is to know. As a result, he’s taken on a kind of cult status. In 2018, the website CoinDesk labeled him “the Zen Master.” The Chuck Norris-style website ‘PieterWuillefacts.com’ summed it up best.
Pieter is best known for his proposal called “Segregated Witness,” or SegWit for short.
SegWit dealt with the “signature” field of a Bitcoin transaction. Every transaction includes a signature, along with a sender, a receiver, and an amount. The signature is created when the sender’s private key and transaction data are combined using a cryptographic algorithm. In effect, it allows the network to verify that the sender is eligible to send the coins they’re sending. SegWit proposed moving the signature data outside of the 1 MB block, into a separate, extended structure. This would allow the 1 MB block to hold two to three times as many transactions as it could before. Throughput would go up, fees down.
And that’s only half the story. By restructuring the block, SegWit also managed to cure a years-long vulnerability in the Bitcoin protocol called “transaction malleability.” I’ll use an analogy to explain.
This author is 6-foot-1. You could also say I’m 73 inches tall, or 1.85 meters. You understand that all of these values are equivalent, even though they’re expressed differently. In cryptography, both a value and how it’s expressed matter. ‘0’ is different from ‘000’.
For years, it was possible to change the cryptographic ID of a Bitcoin transaction, while the transaction was still processing, as long as you didn’t change the value underneath. This wasn’t a very common exploit, but it did discourage developers from deploying third-party services — software built on top of the blockchain itself. Like building a house on a shaky foundation, you wouldn’t want to deploy a third-party service atop a blockchain so easily manipulated.
So SegWit was a two-for-one deal, which made it popular with Bitcoin investors. Still, it didn’t quite catch on with those who felt that simply raising the block size was a better solution. Instead, with SegWit brewing, some of these so-called “big blockers” got together to propose a different network upgrade. Theirs would turn out to be much, much more controversial.
PART II: THE AGREEMENT
THE NEW YORK AGREEMENT
Jeff Garzik has a knack for getting in early on big software projects.
Out of college, he joined the team that developed CNN’s very first website. He then moved on to Red Hat, where he helped develop the Linux kernel. Kernel is the basis for Android’s operating software, so if you own an Android today, there’s a little Jeff Garzik in there.
In 2010 Jeff came upon an online blog about Bitcoin. It wouldn’t take long before he made his mark on the technology. On August 8th, 2010, he wrote in the legendary “bitcointalk” forum where early adopters, pioneers, and Nakamoto himself used to debate and discuss all things Bitcoin. The post didn’t read as anything particularly alarming. It was quite short, in fact.
The “value out” in this block #74638 is quite strange.
He copied the code for the upcoming block.
"out" : [
{
"value" : 92233720368.54277039,
"scriptPubKey" : "OP_DUP OP_HASH160 0xB7A73EB128D7EA3D388DB12418302A1CBAD5E890 OP_EQUALVERIFY OP_CHECKSIG"
},
{
"value" : 92233720368.54277039,
"scriptPubKey" : "OP_DUP OP_HASH160 0x151275508C66F89DEC2C5F43B6F9CBE0B5C4722C OP_EQUALVERIFY OP_CHECKSIG"
}
]The block contained two “value out” fields, which corresponded with how much Bitcoin the receiver of the transaction would get. In total, it added up to over 184 billion.
I don’t need to tell you that’s a lot. For context, though, it’s worth mentioning no more than 21 million Bitcoin will ever exist, according to the protocol. In this single transaction, then, one person was going to receive approximately…well let’s see…if you subtract 21 million from 184 billion…
184,000,000,000
-21,000,000
______________
…okay, drag the one…and…
Got it!
183,979,000,000
According to the math, one person was going to receive approximately 184 billion more Bitcoin than will ever exist.
This wasn’t just a “quite strange” transaction, as Jeff Garzik put it. It was a cyber attack.
Almost as soon as Jeff raised the issue, Satoshi Nakamoto and his colleagues got to patching the Bitcoin software client. Within three hours they’d come up with a solution, and within five they’d deployed it. By the end of the day, Bitcoin had been saved from complete collapse.
Jeff Garzik became renowned for having discovered the value overflow bug, and went on to become one of the network’s most important and revered core software developers for the next four years.
But as Harvey Dent once said: you either die a hero, or you live long enough to see yourself become the villain. In 2017, as the Bitcoin community began to fracture, Jeff Garzik chose a side. He did so by putting his name behind the proposal called “SegWit2x.”
SEGWIT2X
SegWit2x (originally SegWit2Mb) was deceptively simple. Here, I can describe it in one sentence: adopt SegWit, then double the block size from 1 megabyte to 2. Get it? SegWit-2x. SegWit, and double the block size. Easy.
It was first introduced in a document commonly referred to as the “New York Agreement,” signed by a number of the most powerful people and businesses in Bitcoin. The man at the heart of it all — the Thomas Jefferson of the proposal — was Barry Silbert. It’s not uncommon to refer to it, actually, as “Barry Silbert’s New York Agreement.”
Barry’s a good guy to have on your team. One of the few most powerful investors in cryptocurrencies, he was an early investor in companies like Coinbase and Ripple, which went on to become household names in the Bitcoin space. In 2015 he founded the Digital Currency Group, one of the most important VC groups in the sector. All this makes him sound like a big, scary guy but, up close, it’s kind of hard to not like Barry. He’s got short, messy hair, and one of those pudgy baby faces you just want to squeeze. And he’s always smiley — even if you watch him talk about, you know, market trends and investment figures on CNBC, he does it with a little smirk.
In May 2017, Barry had a lot to boast about. Miners — the people who run high-powered computers responsible for maintaining the network — liked his plan a lot. Just over 80% of the total computing power on the Bitcoin network openly signaled support for his New York Agreement. Nearly 60 Bitcoin companies in over 20 countries were behind it, too, including many of the most influential people in Bitcoin: Mike Belshe — CEO of the wallet company BitGo and a principal author of HTTP/2.0 — Jihan Wu — the 31-year-old billionaire CEO of Bitmain, the biggest company in mining equipment — and Jeff Garzik. Jeff, for his part, didn’t just support the proposal: he was actively developing its software implementation, ‘BTC1.’
With all this positivity, it’s hard to believe that, to its detractors, the New York Agreement represented everything wrong with what Bitcoin was turning into. Why?
CENTRALIZATION
As we’ve seen, doubling the size of the blocks has its benefits with regards to higher throughput and lower fees. But it also has its downsides. Consider the issue of “full nodes” versus “light nodes.”
Bitcoin users are encouraged to keep a copy of the entire blockchain on their computers. These “full” nodes act as watchful eyes against malicious actors who might try tampering with the blockchain for profit. If every Bitcoin user ran a full node it’d be great for the security of the system. Many users don’t, however, because it requires that their computer maintains a copy of the entire history of Bitcoin since 2009. That’s a ton of data — as of this writing, around 280 gigabytes in total. It’s much easier to run a “light node,” which contains much less data, doesn’t provide as much security to the network, but doesn’t require as much from your computer.
What would happen if, due to the larger block size, the Bitcoin network were to process many more transactions per ten minutes than it already does? More data would need to be stored at a faster rate. 280 gigabytes becomes 300, 500 gigabytes before you know it. As we’ve mentioned, most people simply can’t afford to keep that kind of data sitting around on their hard drives. When only the already richest and most powerful users on the network are left to maintain it, their power grows even further. You no longer have decentralization.
That would be bad news, especially for those weird and crazy people who believed in Bitcoin not just as a money-making investment, but as the future of money itself. These folks wanted their platform to grow, but not if it came at the expense of the democratic spirit with which they created it. The whole point of blockchain and cryptocurrencies was to remove the need for centralized power; to delegate that power back to the greater public. The majority of people who supported Barry Silbert’s New York Agreement weren’t the early adopters, or the wider community. They were moneyed interests — businesses, and miners who earn in proportion to the activity on the network.
To some detractors, SegWit2x was more than just a picture of centralization and money-grabbing. They believed there was something disingenuous about the picture Barry was painting. Even if over 50 businesses were behind the plan, plenty of others didn’t take a position, or publicly came out against it. Even if the New York Agreement had all the businesses in Bitcoin on its side (which it didn’t), and all the miners (which it didn’t), that still didn’t include two important demographics.
Firstly there was the majority of the community— ordinary people who have some money invested in the system. Where did they stand on all this? Well, they weren’t asked. The New York Agreement was signed by a bunch of corporate interest groups before it was even exposed to the wider public. It was only an “agreement” among the wealthy few.
Secondly, SegWit2x didn’t account for the single most important group of people in the entire network: the elite group of Bitcoin Core developers that maintains the software, like Pieter Wuille. These are the guys who work tirelessly, full-time, on making sure that Bitcoin is functional and secure for the rest of us. The geniuses without whom the system would fall apart. They know more about how Bitcoin works — and how it can work, and how it should work — than anyone else. What did they think about SegWit2x? Not a single one of them liked it. Pieter Wuille, for example — the guy responsible for the “SegWit” part of “SegWit2x” — came out against it. That should say something.
And the 2x supporters probably knew that their proposal wasn’t as popular as they were making it out to be. How can we tell? Well, usually when a fundamental change is proposed to the Bitcoin software, it takes the form of a Bitcoin Improvement Proposal, or “BIP.” BIPs are vetted by the wider community, to ensure they aren’t malicious, buggy or unpopular. Once the community accepts the BIP, the Core team implements it into the Core software, and nodes on the network download the update. It’s a standard, agreed-upon system that’s worked for years.
SegWit2x could have been proposed, in the beginning, as a BIP. Then, the community could signal how they felt about it. Instead, even before the community knew what it was, it was presented as an “agreement.” But who actually “agreed” to it?
Thus, to oversimplify things, we’re left with two teams. On one side, the so-called “small blockers”: users and Core developers. On the other side, “big blockers”: businesses and miners. The block size doubling would occur in November 2017, meaning that if anybody wanted to stop SegWit2x, they had about five months to try.
POLITICAL POISON
And let’s be clear: this wasn’t an ordinary conflict among respectfully disagreeing parties. The SegWit2x debate quickly devolved into a chaotic mess, where any sympathy for the wrong side could get you in major trouble.
People really, really cared about SegWit2x, and even the slightest inference risks offending those on either side of the debate. Plenty of what I’ve already written thus far would, to the right ears, seem extremely politically charged.
So here’s the thing: you know now what The New York Agreement is. You know why some people had a problem with how it was presented to the public. But none of what you’ve heard really explains the sheer loathing felt on both sides of the SegWit2x debate. By the end of this story people will be called very bad names, there will be public shaming campaigns, and sterling reputations will be forever tarnished.
Why was SegWit2x this poisonous? Maybe because, according to some, it was not an improvement proposal at all, but an attack meant to take over the entire network.
PART III: THE DEBATE
A CASE STUDY
There is, perhaps, no better encapsulation of why Bitcoin struggles as a payment system than what occurred when two famous Bitcoin proselytizers got on stage together for a debate last year.
MODERATOR: These gentlemen need no introduction. I would imagine if you don’t know who they are, then who are you, basically?
We’re at the AIBC Summit in Malta. On stage are three people: a moderator, Tone Vays — a well-known speaker and proponent for Bitcoin in its original form — and Roger Ver.
Now, it’s worth taking a moment to talk about Roger Ver. He’s not the type of guy whose name you mention quickly, then move on.
Roger may be the world’s most well-known missionary for Bitcoin. After investing in early 2011, he began spreading the word all around the world — on YouTube, in news articles, wherever. For his work promoting Bitcoin to the world, he’s even earned the nickname “Bitcoin Jesus.”
He’s kind of the perfect guy for the job: enthusiastic, brash, always smiling. He’s good-looking, too — dark brown hair, a jawline I’d pay at least a couple Bitcoin to get for myself. If you’re CNBC and you need somebody for a video, or a header image for an article, you want Roger up there.
But he’s a wildcard. In 2005, Roger moved to Japan after serving 10 months in prison for selling large quantities of firecrackers on eBay without a license. He’s the kind of aggressive libertarian who — and this is real — renounces his U.S. citizenship and becomes a citizen in the tax haven of St. Kitts and Nevis. For a while after he did that, he was barred from returning to the country.
In 2013, as the Mt. Gox Bitcoin exchange went dark, realizing they’d lost millions upon millions in other people’s money, Roger got in front of a camera and told the world, in 50 seconds, that the rumors about Mt. Gox being bankrupt were not true. He made his argument while reading from a script, slightly off-center, with all the conviction of a terrorist hostage. Of course, Mt. Gox was dead broke. Why, then, did Roger even do the video? He didn’t have to put his reputation on the line.
Honestly, I don’t know. He’s an odd guy.
So this is who we’re dealing with here. At the AIBC Summit in Malta, he gets on stage for what will be the third of a set of three popular debates with Tone Vays. Roger, by this time, has completely ditched Bitcoin in favor of an altcoin called “Bitcoin Cash,” or BCH, with a much larger block size. He’s arguing that Bitcoin — BTC — with its block size limitations, is not workable as a payment system.
ROGER: I’d like to explain exactly why I’m such a big fan of Bitcoin Cash. So, yesterday, I got to give a talk here. And on every single person’s table out there we had the private key on a golden ticket, where you could scan it with any wallet that can important private key, and claim your Bitcoin Cash right from the wallet.
We gave five dollars to every single person that was in the room yesterday, worth of Bitcoin Cash, and that was only possible because the fees were were low. If we tried to do that exact same thing with the BTC version of Bitcoin today it would be impossible, because to move the five dollars from the private key on the piece of paper into your phone, it would cost three dollars. And then you would have two dollars left on your phone. But to send the two dollars from your phone to the next person it would cost three dollars, which you wouldn’t have.
Tone Vays, a blockchain consultant and former Wall Street analyst, provides the rebuttal.
TONE: Very simple rebuttal: so for the last at least nine months or more I used Bitcoin pretty much every day, I have not paid more than one dollar fee for a Bitcoin transaction over the last nine months. So I have no idea where the three dollar average is coming from.
MODERATOR: Are you calling him a liar?
Keep in mind, we’re only two minutes into the debate at this point.
TONE: I have no idea where it’s coming from, but I have not paid over a dollar for a fee in about a year.
ROGER: Pull out your wallet right now and send me some BTC, and let’s see what the fee calculation is.
In front of hundreds of onlookers, Tone takes out his phone.
TONE: My wallet allows me…my wallet allows me to set any fee I like. I can send Roger right now five dollars, with a five cent fee, and it will go through with a five cent fee.
ROGER: Sure, please do, and I’ll post it all online later and we can see that it gets stuck in the mempool for days or potentially weeks. It’s not going through with a five cent fee.
Roger and Tone are both smiling, but it’s obvious that they’re different kinds of smiles. As Tone initiates a small Bitcoin transaction to Roger’s account, he’s rocking, slightly, in his chair. His foot begins tapping. He’s looking down at his phone. Roger’s leaned over, looking over his sparring partner like prey. With the kind of confidence that made him into Roger Ver, the Bitcoin Jesus.
MODERATOR: Why is there such a difference in opinion here, isn’t it obvious which one’s gonna win out of you two?
ROGER: I think the difference-…
TONE: Well, we already know which one won. Roger hasn’t-…
ROGER: So can I watch and see the fee? Can look over your shoulder? Is that okay?
TONE: Sure.
Roger leans in…
TONE: I will send you five-…
ROGER: So he’s sending me five dollars, thank you.
Both men perk up — something’s clearly gone wrong.
TONE: I’ll say it, I’ll say it: on this particular wallet the default fee is one dollar, 33 cents. The default fee. I go click a button it says change fee. It’s set to standard. I can just click a button and set it to low. That drops my fee the 27 cents. That’s the low version…
ROGER: Still too high!
TONE: I can make it lower than that because I can choose my own fee, depends how much time you want to spend since we’re limited on time. But right now I’m sending you…I’ll just use the 27, I can lower it to five cents if you like.
ROGER: Lower it to five cents and we’ll see how many days it’s stuck in the mempool.
The energy in the room has shifted. Audience members supporting Bitcoin are tensing up. The Bitcoin Cash people are loving it.
The two men continue arguing like children. It’s great entertainment.
TONE: Seven cents.
ROGER: Seven to one Satoshi per byte like all Bitcoin Cash transactions are.
TONE: No one uses Bitcoin Cash, that’s why it’s so cheap to send it!
*Audience laughter*
ROGER: So that’s an absolute lie, and anyone can go and see the number of transactions happening on the network.
TONE: Let’s go ahead and lower it to one Satoshi per byte.
MODERATOR: Alright, get on with it, we’ve only got a few minutes.
ROGER: Lower it to one Satoshi per byte and I’ll bet-…
TONE: One cent fee. There it goes.
It may not have been so obvious to the audience at the time, but on camera, you can see Roger’s face shift when Tone says nobody uses Bitcoin Cash. He was smiling, playing around before. But that sly comment, and the laughter it received from the audience, changes something in him. His demeanor shifts. You can sense he’s geared up.
Roger looks Tone straight in the eyes, like nobody else is in the room.
ROGER: So here you go, Tone. If that gets included in a block today I’ll donate $10,000 to the charity of your choice.
Tone averts his gaze. The conversation moves on as the two men go back and forth and the moderator, mostly forgotten already, leans in his chair, legs crossed, with an air of “well I guess I’m not needed here.” He’s not, really.
After five minutes, the bet comes back around. Roger’s teed it up. It’s at the exact right moment in the argument when he smiles, wryly, like a supervillain, raising an eyebrow, and excitedly reaches for his phone. As soon as Tone sees the shift in Roger’s body language, that nervous smile creeps back onto his face.
ROGER: So, actually, I have news about that. I was checking my wallet here and it looks like, because the fee was so low, it looks like the network didn’t even detect the transaction. And it’s not…it looks like it didn’t even get relayed by the node, so it hasn’t even arrived in my wallet yet.
Tone looks down at his phone.
TONE: Whoa, whoa, whoa…I see the transaction…
The moderator throws up his hands.
ROGER: So it says priority 23,836 out of 24,355 transactions. So that means that if every single transaction on the Bitcoin network were to completely stop right now, and every single block is only clearing the backlog of transactions on the Bitcoin network right now, it’s going to take about ten blocks, so about an hour and a half before his transaction gets included in a block. If every single-…
TONE: Don’t I have a day to get the $10,000?
ROGER: You do, and it’s not gonna make it, because on the network people are making transactions every single time so-…
TONE: Right! People are using the network! You should not be paying one cent fee when so many people are using the network.
ROGER: Or you could just switch to Bitcoin Cash and pay a tenth of a penny per transaction.
TONE: But no one uses it, who am I gonna send it to?
ROGER: Pull out your wallet right now.
TONE: I don’t have a Bitcoin Cash wallet. I’m a Bitcoiner.
ROGER: I guess he likes wasting his money.
EARLY UPGRADE PROPOSALS
It didn’t have to get to this point.
In the early days, almost as soon as the 1 MB block size limit was conceived, so were discussions on how to raise it. Gavin Andresen, arguably the second most powerful developer in Bitcoin’s history, and Mike Hearn, another early developer who worked alongside the founder of the platform, Satoshi Nakamoto, each proposed ideas for how to upgrade that limit in the future.
Jeff Garzik, the most famous developer behind SegWit2x, proposed all the way back in October, 2010 — just one month after the limit was implemented in the first place — that it be raised to 7 MB. Satoshi himself addressed how such a change might be enacted in the future, writing:
It can be phased in [. . .] It can start being in versions way ahead, so by the time it reaches that block number and goes into effect, the older versions that don’t have it are already obsolete. When we’re near the cutoff block number, I can put an alert to old versions to make sure they know they have to upgrade.
In other words: we’ll jump off that bridge when we get there. I’ll handle it.
And he would have handled it, probably quite well. Whenever the limit needed to be adjusted, he would’ve joined up with his Core team, come up with a solution that worked, and signaled that all the users adopt their new patch. Done and dusted.
Then fate turned. The following year, Satoshi was gone. The last we heard from the famous, mysterious inventor of Bitcoin came in an email chain with Mike Hearn. They were discussing some technical matters when Mike changed the subject.
I had a few other things on my mind (as always). One is, are you planning on rejoining the community at some point (eg for code reviews), or is your plan to permanently step back from the limelight?
Satoshi replied, April 23rd, 2011.
I’ve moved on to other things. It’s in good hands with Gavin and everyone.
The creator of the network, the one and only person everybody listened to, was gone. Now it was up to the rest of us to get along on our own.
PRO 2X: LOW THROUGHPUT HURTS EVERYONE
To understand where the argument for SegWit2x begins, we have to admit that Bitcoin, in its modern state, is problematic as a payment system. Throughput with a 1 MB limit frequently leaves pools of unconfirmed transactions in a state of limbo, where getting out of that limbo is unnecessarily expensive.
It honestly can be confusing for 2x supporters to conceive of why users wouldn’t be the first to get behind a block size increase. Users are the ones, after all, who have to pay transaction fees. Low throughput hurts everyone on the network, in one way or another.
Economies tend to thrive when people are out spending money. Lots of startups formed around Bitcoin during the mid-decade, with the prospect that one day this system might support a popular, worldwide currency. But if the network couldn’t scale to accommodate even those using it in 2017, it was light years away from being considered alongside established payment systems like PayPal and Visa. Even SegWit, innovative as it was, only created a few MB of actual transaction storage per block.
To this way of thinking, SegWit is a tasty whipped cream topping atop a turd sandwich.
NO 2X: LIGHTNING NETWORK
There are, however, ways to increase Bitcoin’s transaction capacity — significantly — without doing anything to the block size.
We’ve already covered how SegWit, in addition to effectively increasing the block size, fixes signature malleability. Before SegWit, the cryptographic signatures associated with transactions were vulnerable to tampering. This never became such a problem for the blockchain itself, but it was prohibitive for second layer protocols — programs built on top of the blockchain, to add to its functionality. The reason is simple: you can’t build a second layer on top of a vulnerable first layer.
With SegWit, however, all the best ideas for second layer protocols were finally freed. One, in particular, was seen by many as the thing to finally make Bitcoin scalable. It’s called the Lightning Network.
The Lightning Network, like Bitcoin, is a decentralized network. It uses what are called smart contracts — basically, immutable software scripts — to enable instant payments. The key insight of the Lightning Network is that it uses the Bitcoin ledger not as the means of making transactions, but, rather, as the means of settling transactions.
Say you want to pay for your morning coffees with Bitcoin. You’ll have difficulty if there’s a five dollar fee every time, and the payment takes ten minutes to confirm. The Lightning Network allows you to avoid these issues by taking your payments off the blockchain.
You begin by funding a secure payment channel between yourself and the coffee shop — using, for example, 0.02 Bitcoin. Over the next month, you use your 0.02 Bitcoin to buy coffee every day. Those 30 coffees together cost 0.01 Bitcoin — half of the total you had available. After that much coffee, you get sick of the place, so you close the contract with a final transaction which states that you now own only 0.01 of the Bitcoin you put in, and the coffee shop owns the other 0.01.
See what just happened? You made 30 payments over a month, but the ledger only recorded two events: your initial contribution of 0.02, and the final allotments of 0.01 to each party. In other words, the public Bitcoin ledger was used only to settle your transactions, not carry them out. Lightning Network is much better at carrying them out, after all, since it allows transfers to occur instantly and without fees.
The Lightning Network has several other features that make it highly scalable, like severe fraud protection, and an advanced routing mechanism which allows users to pay other users without having to open a direct channel, simply by routing payments through other users in the network. In the end, it’s simple: Lightning allows for thousands of payments, instantly, with no fees, backed by the security of the Bitcoin blockchain, while taking up very little of its storage capacity.
You can see the appeal. Users, Core developers, and businesses alike were excited at the prospect of SegWit, if for no other reason than that it would finally let loose The Lightning Network.
But not everybody was thrilled about Lightning. Miners didn’t like the idea, for reasons you don’t have to rack your brain to guess — more transactions occurring off-chain means less income for them. And some members of the big block community were suspicious of what appeared to be a cozy relationship between Lightning’s founders and Blockstream, the company behind many of the Core developers.
NO 2X: VULNERABLE CODE
Any argument about the viability of Lightning Network must also take into account that SegWit2x relied on an unproven alternative to Bitcoin’s core software. ‘BTC1’ was the name of the software implementation which, when activated by a node on the network, would run Bitcoin according to the SegWit2x rules.
The author of BTC1 was quite a capable developer: Jeff Garzik. The problem was that, with support from few members of the Core development team, the BTC1 client was not being subjected to the same rigorous code review that occurs for typical Bitcoin network upgrades. This made it much more likely to not work as intended, or contain serious security vulnerabilities.
For many in the Bitcoin community, this was not just a theoretical possibility.
‘Bitcoin Unlimited’ was one of the earlier scaling solutions to make it onto the network. It was released in December 2015, with a simple idea: to allow miners and users to dictate their own block size preferences. With the Unlimited client, users could signal what block size preferences they preferred, and miners could configure the size of blocks they wanted to mine. The market decided from there.
Whether you like the concept of it or not, in March of 2017, it became clear why alternative Bitcoin clients can pose risk to users. It began with a Reddit post describing a remote crash vulnerability in Unlimited software. Nearly all nodes running Unlimited were exposed. Quote:
To be explicitly clear, just by making a request on the peer-to-peer network, this could be used to crash any XTHIN node with this bug. Any business could have been shut down mid-transaction, an exchange in the middle of a high volume trading period, a miner in the course of operating could be attacked in this manner. The network could have in total been brought down. Major businesses could have been brought grinding to a halt.
Another Reddit user chimed in with a snippet of particularly heinous code.
else if (inv.type == MSG_THINBLOCK)
{
//irrelevant
} else {
assert(0);
}And here, ladies and gentlemen, you have C++ code that is implicitly trusting user/network input data.
Are you going to trust these people with your money?
Just hours later, somebody turned this potential hack into a reality. With simple and explicit directions, they took down around two-thirds of all Bitcoin Unlimited nodes that day.
A quick patch was released later in the evening. By the following day, most of the downed BU nodes were back up.
Whoever hacked Bitcoin Unlimited may have been trying to prove a point, or maybe they were just bored. Either way, Unlimited users got off easy. The vulnerability had been sitting there for over a year. The day it was exploited it was patched, and everything returned to normal.
You just don’t hear stories like this about Bitcoin. That’s not to say there aren’t Bitcoin-related hacks — for example, the bankrupting of Mt. Gox. But the Core software itself has tended to avoid any significant exploits. That’s in large part because the Core development team methodically, rigorously tests all the (open-source) code they deploy to the network. Just because some of the world’s most talented developers are picking apart every update doesn’t guarantee impenetrable software, but it does ensure a level of security that most hackers can’t touch.
SegWit2x’s BTC1 client, meanwhile, was not subject to such scrutiny. It was developed privately, among select developers, with little help from the Core team. Its prospects weren’t good. And who wanted to roll the dice on an alternative software client, anyway, just two months after the Unlimited hack?
NO 2X: HARD FORK
There were a whole host of other technical and philosophical issues small blockers had with the SegWit2x plan (and a whole lot of technical and philosophical reasons big blockers had to support it anyway). The single biggest concern of all, though, was that it would initiate a contentious hard fork.
Broadly speaking, a blockchain protocol can be changed in one of two ways: via a soft fork, or a hard fork. The difference is simple but the consequences are drastic. Soft forks are backward-compatible, meaning that non-upgraded nodes can still participate in the network, so long as they don’t break the new protocol rules. Think about it like an operating system update — any program which worked on, say, Windows 10.1 should still work on Windows 10.2.
Hard forks are backward-incompatible, meaning that non-upgraded nodes will not be able to participate. Blocks that were previously valid will no longer be. Think about it like changing operating systems — a program designed for Windows will not work on macOS.
There are reasons for initiating a soft fork, and reasons to initiate a hard fork, but doing the latter is far more serious and, hopefully, rare. When a Bitcoin user in 2011 initiated two transactions worth 92 billion Bitcoin each, the network had to hard fork. Two, incompatible versions of the blockchain were created: one with the value overflow transaction, and one without. Everyone on the network upgraded to the version of the blockchain which made that transaction, and all transactions like it, invalid.
That was easy, though, because everybody agreed on what to do. Nobody had an incentive to keep the hacked version of the blockchain alive. A contentious hard fork is one where parties to the network don’t agree with one another. In such a case, you still get two versions of the blockchain, but now there are coalitions that support either side. A race begins, with each blockchain vying to outpace the other by having a longer chain and more mining power behind it. From here, one of two scenarios can occur: either one version of the blockchain — the old or the new one — will prevail over the other because it is more popular, or both will be popular enough to survive, and two, independent blockchains will have been formed.
Contentious hard forks tend to be bad for everyone. There’s competition rather than cooperation, and the uncertainty puts everyone’s assets at risk.
SegWit was created in order to avoid a contentious hard fork. Evidence to the point: it required 95% miner support to activate. What’s more, SegWit actually does increase the block from 1 MB to 4 (appeasing big blockers), only in such a way that doesn’t require the network to hard fork (appeasing the community). The transaction data — who’s sending to whom and how much — remains in the 1 MB base block, while the signature data which verifies the sender’s eligibility to make such a transaction is appended to an extended block. Crucially, miners who haven’t upgraded to SegWit can continue mining under the old paradigm if they wish. It’s an upgrade for those who want it.
Really, then, SegWit wasn’t a rejection of a block size increase, it was a rejection of hard forking as a means of getting that done. A workaround, accomplishing what both sides were after: raising the effective capacity of the block, without actually raising its 1 MB limit.
MOTIVES
Why wasn’t this enough for the SegWit2x supporters? Transaction throughput was about to quadruple. Now it needed to double again, three months later? Via a hard fork that would fracture the community in half? Questions like these made some No 2x supporters question the motives of SegWit2x supporters. If they were honestly trying to help, they would have collaborated with the user community rather than alienate them. They wouldn’t stake Bitcoin’s future on a contentious hard fork.
Maybe SegWit2x wasn’t meant to be an “agreement” at all. Maybe it was a blatant, open-faced power grab.
Hard forks can be good for that, after all. They’re a way of imposing will over a blockchain, whether you like it or not. In a hard fork, there is no compromise — there are two blockchains, and they have to fight it out to survive.
The signatories of the New York Agreement would have preferred the user community to get behind their proposal, but it wasn’t necessary to accomplish their goals. Where SegWit required consensus from miners and users, SegWit2x only required it of miners. Therefore, with 80% of the mining community behind the plan, they could initiate a hard fork with little user and developer support. Then, once their forked blockchain split off, they’d have all the miners stacked on their side. The legacy chain would be starved of computing power, slowing the network to a crawl and introducing the threat of an attack.
It was for these reasons that many Bitcoin users came to wonder: was SegWit2x the “compromise” its founders intended for it to be? Or was it something else entirely?
PART IV: POWER PLAYS
REPLAY PROTECTION
Crypto enthusiasts will remember the DAO hack — when an investment pool running on the Ethereum blockchain was compromised. In that instance, the community forked their blockchain in two: Ethereum, with the stolen funds returned to its original owners, and Ethereum Classic, without the change.
When hard forks cause splits like this, users end up with two copies of their coins — one for each chain. Why? Because the two chains only split off at a specific point in the blockchain. They each share the entire history of the chain up until that point, so however much you owned to that point exists, for you, under both paradigms.
One unintended consequence of the Ethereum hard fork was that it failed to implement a key feature that protects users during hard forks: “replay protection.”
Let’s say you owned one Ether before the split, and now you have one coin in both Ethereum and Ethereum Classic. You decide to send a friend 0.5 Ether from your account on the old chain, as a bonus for being such a great friend.
But it turns out they’re actually a very bad friend! They take advantage of the hard fork by copying the transaction data associated with your payment on the old chain, and uploading it to the new ledger. Now you’ve paid them twice.
How’d such a simple hack work so effectively? Because your friend took advantage of what’s the same on both blockchains, and what’s different.
What’s the same? Your private key is the same on both chains, and all of your transactions (before the DAO hack block) are part of both ledgers.
For these reasons, a transaction of 0.5 Ether sent from your key to your friend’s key would generate the same transaction data, whether it’s on one chain or the other.
What’s different about the two chains? Only one thing: their transaction histories. The new chain can’t see what’s happening in the old one, and vice versa. Thus, your friend is able to generate a transaction that checks out on the new chain, even though they simply copy-pasted it from the old one.
The number one rule in blockchain is that you shouldn’t be able to spend the same money twice. Without replay protection in a hard fork, you can.
Unlike almost all Bitcoin upgrade proposals before it, the developers behind SegWit2x did not build standard replay protection into their design. Instead, they toyed with the idea of an “opt-in” model. Thus, the threat of replay attacks loomed for users on both sides of the scaling debate.
51%
Theories abound that SegWit2x was nothing less than an attack meant to destroy Bitcoin Core. It was a power grab. It was a mass transfer of wealth to those with the means to affect change, from those without. It was a cyber attack. Indeed, some community members were suggesting that SegWit2x was, in effect, the first major instance of the worst kind of scenario any cryptocurrency holder could fear: a 51% attack.
A 51% attack occurs when one person or group controls more than half of the computational power on the blockchain. Because decisions in a decentralized network are determined by consensus, a single entity with over half of the voting power can effectively get away with whatever they want — stealing, preventing transactions, rewriting rules, and so on.
SegWit2x was backed by a coalition representing 80% of the mining power on the network, in opposition to the majority of the community. It wasn’t an attack on its own, of course, but it did introduce the possibility of a 51% takeover. In an op-ed for CoinTelegraph, David Dinkins (not the mayor) outlined what he called a “probable outcome.”
If there are indeed two Bitcoins, one backed by the developers and the other backed by the miners, mass confusion and chaos are likely to ensue, as would-be investors won’t know which Bitcoin is the “real” Bitcoin. In order to solve this potentially devastating problem, it’s likely that the majority chain will attack and destroy the minority chain.
The way that would work is simple: since 2x will have 85 percent of the miners, a small portion of miners can begin mining the legacy chain. At some point, they will launch a 51 percent attack against the minority chain, causing double-spends, Blockchain reorgs, and generally making the legacy network unusable.
Nobody knew what the 2x miners would do in such a scenario. But, frankly, if they could destroy the competing currency, forcing everybody to adopt theirs, why wouldn’t they?
In an op-ed for CoinDesk, Edan Yago, CEO of the Bitcoin startup Epiphyte, put it succinctly.
“The 51% attack has remained a hypothetical bogeyman. Until now.”
PURPOSEFUL SLOWDOWNS
This isn’t to say miners are all bad or exclusively self-interested — far from it. Nonetheless, investors had reason to worry about how they might exert their power. In a Medium article, Sam Wouters — a blockchain public speaker — laid out a pretty good reason why.
Remember when we established that Bitcoin’s growing popularity was causing the scaling issues, which had been debated for years prior, to flare up in a way they never had before? More people were buying, so the price went up, so more people bought, and over time the transactions over the network caused major backlogs and slowdowns.
When a backlog occurs, transactions get stuck in what’s called the “mempool” — a purgatory where those transactions must live until a miner finally includes them in a block. Using the website blockchain.info, Wouters posted a graph of the size of the mempool from May, 2016 to July, 2017.
An interesting pattern emerged. Throughout the month of April, unconfirmed transactions fluctuated between 75,000 and nearly zero. Then, beginning in May, the numbers began to shoot up: 100,000, 150,000. By May 20th, the peak, there were nearly 200,000 transactions stuck in the mempool. A week later, after a month of sustained chaos, that number dropped like a stone. By June, it was back to 75,000. By July, nearly zero.
What caused that May spike? Well, I don’t want to say it. I’ll use the author’s own words.
A group of people desperately wanted to push their ideas to increase scalability. The moment a scaling solution [SegWit2x] was agreed upon behind closed doors towards the end of May, the attacks suddenly ended.
[. . .]
While some people were hopeful or deceptive about these spikes in unconfirmed transactions being organic growth, further analysis clearly shows it was spam.
To push people into increasing the blocksize, the attackers made it expensive to send bitcoin transactions for weeks in a row, by using up as much transaction space as possible through all kinds of constructions.
What I’ve told you thus far is that Bitcoin’s popularity is what caused a giant backlog and high fees in 2017. That story made sense, so you believed it.
But if this interpretation of the data is correct (it’s certainly disputed), then maybe the narrative around Bitcoin’s scaling problems is flawed. Maybe the network in 2017 was, in large part, fine. Maybe the scaling problem became a scaling crisis through deliberate subversion of the network, by those with financial incentives, intended to trick the community into believing that a solution like the one they favored — SegWit2x — was necessary to solve the very problem they exacerbated.
This is getting ugly.
PART V: DOGFIGHT
SUMMARY SO FAR
Who controls Bitcoin?
The person or persons who called themselves “Satoshi Nakamoto” devised Bitcoin in 2008 expressly so that no single entity could control it. It was because Satoshi did such a good job that, by the middle of the next decade, the Bitcoin community was engulfed in endless warring over how to handle the network’s 1 MB block size limit. Without a clear consensus for one proposal or another, not much changed.
Then, in May 2017, a group of business leaders got together and made a bet — a bet that they, together, could determine the future of the network.
Andreas Antonopoulos is one of the most widely recognized voices in Bitcoin. He spoke with me as part of the Malicious Life podcast, to try and make sense of what SegWit2x was, and was not. (He’ll be quoted throughout the remainder of this piece as ‘AA,’ in enlarged text.)
AA: I think it was a misguided attempt for compromise at a time when the debate had shifted from which is the most technically efficient way of addressing scaling, to a secondary debate. A meta debate, if you like, which was who should have the power to make this decision?
The original sin of SegWit2x had nothing to do with technology. A group of wealthy business leaders had got together in a swanky New York hotel, wrote up their idea for how to upgrade the network, and didn’t bother asking the rest of the community what they thought. Not great optics.
To understand how actual Bitcoin users felt about this so-called “New York Compromise,” just imagine how angry you’d be if, say, your government did business like this. Imagine a world where legislation is written by rich people, to serve their own financial interests, while you, the actual voter, are hardly even considered. That’d be crazy, right?! We’d never let that happen…
AA: It was tone deaf to the level of power struggle that was going on.
I don’t think anybody who was doing SegWit2x, although I might be wrong, was trying to do some grand conspiracy to do something bad to the network. I think they were looking out for their own self interest and they wanted to make their business model succeed. They just walked straight into that one. In fact, I was invited at the time to sign on to that and I said, “You’re playing with fire, I want nothing to do with this. I am not wading into this controversy. This is not about a technical decision anymore.”
Barry Silbert, the leader of the project, marketed SegWit2x as a compromise. In reality, he’d walked up to a garbage fire and said: “You know what might fix this? Some gasoline.”
It became clear pretty early on that SegWit2x was not popular among users, and was universally loathed by Core developers, the people who know most about how Bitcoin software works. Yet SegWit2x supporters, who still believed in what they were doing, remained steadfast. They continued to push their plan, insisting that it would be activated later in the year.
And here’s where a “compromise” becomes a “bet.” The bet was about who gets to control Bitcoin. Barry Silbert, Jeff Garzik, and the leaders behind SegWit2x wagered, consciously or not, that if enough of the financial firepower on the network agreed on their proposal, the rest of the community would follow. If the rest of the community didn’t follow…well, the plan might work anyway.
AA: Once it became a power struggle, it became very, very personal and it became acrimonious and people ascribed ulterior motives and agendas, and then nefarious agendas, and then complete conspiracy theories to explain the motivations of other people who could not see what was plainly obvious. [. . .] and at that point, surprisingly, and very interestingly, a user revolt was fomented.
UASF
Shortly after SegWit2x was proposed, a coalition of users got together and made their own bet: a bet that they controlled the network, not the big businesses and miners. Their proposal, to prove the point, was a “User Activated Soft Fork,” or “UASF.”
UASF centered around no new technologies, but an existing one: the original SegWit.
Remember SegWit? It’s easy to forget amidst all the drama that the proposal, first published back in Winter 2015, still wasn’t implemented into the Core protocol by Spring 2017. Why, though? It was highly popular with users, and it effectively multiplied the capacity of the blockchain, which is what miners and businesses had been asking for all along.
But trying to appeal to both sides is, ultimately, what was taking so long. SegWit2x didn’t require broad community support, so long as it had sufficient miner support. SegWit took extra care to be the consensus choice of the whole community, requiring not only broad user support, but also a full 95% miner support.
Those miners were…less than enthusiastic about it. Most miners were “big blockers.” They wanted the 1 MB limit to be raised, and SegWit didn’t do that. SegWit was better than nothing, maybe, but they favored other proposals that focused on increasing the block size. As a result, from November 15th, 2016 — the first day they could signal support by upgrading to SegWit-compatible software — to Spring, 2017 — the point in the story where we are now — only 30% of miners were signaling support for SegWit.
Users were not happy. Not only did they like SegWit, but many of them argued that it wasn’t miners’ role to be voting on such protocol upgrades in the first place. Perhaps the Core development team was trying too hard to appease them.
This is where UASF comes in. Users who didn’t like the growing power that miners seemed to have decided to weaponize their own power, through Bitcoin Improvement Proposal 148 — a protocol upgrade with aggressive intent. Beginning August 1st, users running nodes that enforced BIP 148 would automatically reject any new Bitcoin blocks which didn’t signal support for SegWit. So if you’re a miner, and you successfully mine a new block — the same way you always have — but you don’t outwardly signal support for SegWit, your block will nonetheless be rejected, and all the mining rewards with it lost.
AA: So SegWit effectively became the linchpin of the debate and opposition to SegWit became a mechanism for signaling something deeper about who should be making the decision.
We said that SegWit2x was an exercise in power. A majority of users didn’t like the idea, so if it succeeded, it would demonstrate that miners and big businesses control the network.
UASF was a radical proposal in the opposite direction. Miners and businesses overwhelmingly opposed it. If it succeeded, therefore, it would prove that users were the ones really in charge.
BIP 91
This was the setting in the hot summer of 2017 — miners mobilizing behind SegWit2x, users threatening the UASF, and a few developers caught in the middle.
No developer was more in the middle than James Hilliard. Hilliard found himself caught in between UASF and SegWit2x not because he was associated with either movement, but because he was associated with neither.
In his day job, James worked as a technician for mining equipment, which might suggest that he favored SegWit2x, the side miners supported. However, in his off-hours, James spent time studying the science of blockchain forking. And when you study forks, there’s only one conclusion you can come to: it’s really, really hard to do right.
It’s something that looks simple on the surface, but when you actually start looking at it, it’s really complicated. There are just so many things that could go wrong.
Those in the software community will understand James’ sentiment. Computer programs, typically, don’t come out perfect the first time. We do our best to test and debug but, usually, there’s a lifetime of patching that occurs even after the release of a product.
Because Bitcoin is money, the cost of error is extremely high. And because there’s no central authority looking after it, protocol vulnerabilities are a nightmare. I mean, for God’s sake, we’re 12,000 words into a story about a simple software upgrade! When Apple upgrades OSX, it doesn’t take this long to understand what happened.
SegWit was genius in its design, yet required months of open development and testing and re-jiggering. SegWit2x, by contrast, was being developed by a closed group of select individuals. If you weren’t on the Slack channel, or the mailing list, you didn’t get to see the code. That’s very rare in Bitcoin, and it made developers like James Hilliard especially concerned.
The reason that these sorts of projects don’t have open development models is that when you’re pushing arguably bad ideas — say, pushing a hard fork in three months — doing that in the public is kind of difficult because when bad ideas get exposed to public criticism, they get shredded.
So what do you do if you’re a student of blockchain forks, and on one side you see a highly political user fork, and on the other side you see a faulty miner fork?
As big blockers battled small blockers over which proposal would crush the other, James proposed a solution — a compromise, formalized in the BIP 91 proposal. The insight of BIP 91 was that, despite being in direct opposition to one another, the supporters of UASF and the supporters of SegWit2x held one thing in common: they both needed SegWit to activate.
Isn’t it crazy that nobody came to this earlier? UASF was created to force SegWit adoption. SegWit2x required SegWit adoption, a few months before it would upgrade the block size. BIP 91 said: lets at least get the SegWit part done with — no fork — then we can all continue fighting later.
BIP 91 lowered the threshold of miner support necessary to activate SegWit to 80% — the percentage of miners already known to support SegWit2x. In order to work it would have to activate before August 1st, beating the timeline set out by the user-activated soft fork.
So, did 80% of miners support SegWit in time to prevent a fork of the network? Well, as I mentioned, through the Winter and Spring of 2017, miner support for SegWit hovered around 30%. With added pressure from UASF, that number rose to just under 45%.
Then BIP 91 happened. From July 17th to July 18th, support for SegWit through BIP 91 rose to 60%. On July 20th, it shot past 80%.
BIP 91 was locked in. SegWit was finally set to activate.
Soon, all around the world, Bitcoin investors would ring in activation day with “SegWit parties” — from Zurich to Bratislava, at a pub in Warsaw, and a hotel in Tampa, Florida. Berliners printed free SegWit beer mats and held a charity auction featuring, among other things, a “Bitcoin fork” (the silverware kind, get it?). In Jyväskylä, the Fins celebrated from a sauna, featuring a buffet, a DJ, and, according to the Facebook event, only 25 towels. If you were the 26th person to show up, well, you should probably bring your own.
After two long years, at least this was finally done. Enemies came together, and SegWit was going to go live. No fork required. For now, at least, the network was saved.
BCH
And so it might’ve seemed for a moment, for a fleeting second, that a community at war had finally, for once, resolved their differences.
Almost. But there’s something I haven’t told you.
August 1st, the day the user-activated soft fork was averted, turned out to be everything and more. The network did fork, and an entirely new blockchain was split off from Bitcoin.
This wasn’t the UASF, though. It was a different fork, supported by a coalition of…miners. Miners who, in doing what they were doing, were essentially ditching the SegWit2x plan in favor of their own scaling solution.
What happened here? Who betrayed SegWit2x?
PART VI: PULLING THE STRINGS
JIHAN WU
In 1986, in the sprawling Chongqing municipality of southwest China, a boy was born and given the name Wu Jihan — or, to us in the West, Jihan Wu. The short, skinny, bespectacled young Jihan would go on to graduate from Peking University in 2009, with a degree in economics and psychology. He took a job as a financial analyst at a private equity firm until, one day in May 2011, he discovered a thing called “Bitcoin.” Like Jeff Garzik, Pieter Wuille, and other pioneers before him, he immediately became enamored with Satoshi Nakamoto’s original white paper.
But it was different with Jihan. Jeff and Pieter had entered a small, but established community of largely Western libertarians interested in, thinking about, and writing about this new form of currency. There was no such community in China. The word just hadn’t spread that far. So, in late 2011, Jihan co-founded China’s first Bitcoin community forum, and, according to legend, became the first person to translate Satoshi’s white paper into Mandarin. One could argue that, in that single act, he paved the way for China to become the worldwide epicenter of Bitcoin that it is today.
After raising 100,000 yuan from family and friends to buy 900 Bitcoin, Jihan invested in the mining startup Kaomao. After Kaomao failed, in 2013, he decided to found his own mining company, alongside a colleague, Micree Zhan. Together, they founded Bitmain.
Jihan and Micree made an effective pairing and, as a result, their company was simply better than the competition. As other mining equipment companies failed or outright disappeared from the market, Bitmain ran a steady ship.
For example, very early on, Jihan had an idea called “franchise mining.” Bitcoin was still an early-stage technology in the early-to-mid-2010s, meaning that some people who wanted to try mining weren’t certain it’d be worth the cost. Jihan’s insight was to give prospective miners, essentially, an insurance plan on their purchases. For a little extra upfront, customers would be allowed the right to return all their equipment for a full refund, if they decided mining wasn’t for them.
You can credit ideas like this as the reason why, by the time he hit 30 years old, Jihan Wu became a billionaire.
Bitmain, meanwhile, became the most powerful company in Bitcoin mining. Bar none. They now run some of the largest mining pools on the network. Two of those pools — Antpool and BTC.com — have alone represented, at times, up to 30% of the network’s hash power. That’s one company, controlling around a third of the entire globe’s collective computational input. Moreover, according to Forbes, the combined effort of their mining pools represents only around 3% of Bitmain’s income. The overwhelming majority of their revenue comes from selling mining equipment — their patented silicon chips and Antminer line of mining rigs which, by recent estimates, represent around a 66% share of the market.
On a truly decentralized network, a company like Bitmain shouldn’t exist. That they’ve managed to become so powerful either makes them the most admirable company in the crypto space, or the most fearsome. That, by proxy, makes Jihan either one of the most respected CEOs in the community, or one of the scariest.
HONG KONG AGREEMENT
If there were a time in history when Jihan transformed from being respected to feared, it would be 2016.
You wouldn’t believe it, but in February 2016, business leaders, mining pools, and Core developers all came together to agree on a scaling roadmap. At a business park in Hong Kong, many of the most recognizable names in the industry got together to sketch out a plan for how to scale the network. The result was the “Hong Kong Agreement.” The Agreement laid out a plan to activate SegWit in April 2016, then introduce a hard fork proposal in July, which would alter the block size to 2 MB.
Sound familiar?
Among the signatories were Jihan Wu and Micree Zhan of Bitmain, and the CEO and CIO of BitFury, Jeff Garzik’s employers — in other words, the kinds of folks who later backed SegWit2x. But the deal was also signed by five Bitcoin Core developers, the President of Blockstream — the company co-founded by Pieter Wuille that employs several Core developers —and James Hilliard, the man who would later draft BIP 91 to avoid forking the blockchain.
This doesn’t make sense, though. How could any of SegWit2x’s most ardent opponents have agreed to essentially the same plan, just one year earlier?
Well, recall what we mentioned earlier. SegWit2x was purportedly about a block size increase, but it was never really about what it was supposed to be about.
AA: Because if the debate had been about one megabyte, then it wouldn’t have been contentious. Just like if the debate had been about the activation of a script and transaction malleability improvement, it wouldn’t have been contentious. But that’s not what the debate was about. That was the debate in the beginning, before there was disagreement and there was no way to reach consensus.
[. . .]
It became a debate more about the means rather than the ends. Rather than about how do we scale Bitcoin, it became more about which specific techniques do we use and in which sequence? Then because there wasn’t a consensus being reached on that question, then it became a power struggle because the debate shifted into who should make that decision.
The scaling debate was once about how big blocks should be. By late 2016, however, it shifted. In 2017, it was no longer really about 1 MB or 2. It was about how to make the change and, more importantly, who gets to decide how.
When small blockers and big blockers were willing to come to the table, they came up with a plan that satisfied both sides. Unlike the New York Agreement, the Hong Kong Agreement was well-thought-out, open, and collaborative. It might have worked.
But it didn’t. And here’s where things get a little hazy, because exactly which side failed in their commitments is unclear. Perhaps the most vocal opponent of the Agreement, Core developer Greg Maxwell, argued on Reddit that his colleagues had no obligation to force the block size increase, only to propose it.
All that was agreed is that the [developers] would work on proposals. Which is what they did. This is also all they could have agreed to, because they do not control the network.
Maxwell pointed out that members of the Core team had, in fact, proposed hard fork solutions. Those solutions simply didn’t gain enough traction. In a post on the BitcoinTalk forum, Maxwell was not so courteous, and accused miners of being the ones to betray the agreement.
It’s just that a couple of well meaning dip****s went to China a few months back to learn and educate about the issues and managed to let themselves get locked in a room until 3–4 am until they would personally agree to propose some hardfork after segwit. They’re now struggling to accomplish the seemingly impossible task of upholding their agreement (even though it was made under duress and even though f2pool immediately violated it) while obeying their personal convictions and without losing the respect of the technical community.
Regardless of what Core developers were responsible for, and how the mining community responded, the plan to move the network to a 2 MB hard fork soon petered out, and SegWit was all that remained.
Some at the Hong Kong meeting recalled Jihan Wu being very measured and compromising. Now, however, it seemed like those developers who agreed with him on a 2 MB roadmap had failed to follow through on their promises. In a quote to CoinDesk, a colleague described how the failure of the Hong Kong Agreement caused Jihan’s attitude to change.
Wu became more and more radical after what happened to the Hong Kong agreement. His position was if the devs weren’t holding their side of the agreement, I don’t need to run SegWit.
This was the beginning of a rivalry. Those who were once willing to come together no longer trusted one another. Factions hardened.
UAHF
In Spring 2017, Jihan and Bitmain signed onto the Hong-Kong-Agreement-adjacent New York Agreement. Then came UASF. As if Jihan didn’t have enough reason to dislike the small block community, here was a direct affront to miners. What was he to do? As co-CEO of the largest mining company in the world, he couldn’t simply stand by.
Bitmain published a blog post in response to the UASF. In it, they proposed their own scaling plan: a so-called “User Activated Hard Fork.”
Yes, I know — with so soft forks and hard forks, it’s hard to keep track. To clarify, we now have SegWit — the soft fork designed to increase the blockchain capacity. We have SegWit2x — a hard fork supported by miners who wished to increase the block size. There’s UASF — the user-activated soft fork in opposition to miners, and now UAHF — Bitmain’s user-activated hard fork in opposition to users.
While the UAHF was certainly a hard fork, it certainly wasn’t user-activated. It proposed that, should users successfully carry out the UASF (which the blog labeled a 51% attack), Bitmain and the miners in its corner would fork the network again, without the need for user consent. The blog post could’ve easily been seen as an empty threat, but for miners worried about the precedent a UASF could set, it certainly sounded like a justified plan of action.
An interest group coalesced. Leading the charge was the Chinese mining pool ViaBTC, and the man known as “Bitcoin Jesus,” Roger Ver. Behind the scenes, the influence of Bitmain was evident. Bitmain was, after all, an investor in ViaBTC. Jihan Wu had by this time developed a close working relationship with Roger Ver.
This meant that while the SegWit2x and No2x support groups were fighting it out among themselves, Bitmain — or at least Bitmain-connected entities — were plotting to circumvent both plans.
Bitmain originally called the UAHF a “contingency plan” against the UASF — a fallback, only if the big block movement behind SegWit2x failed to fight off the user revolt. But when BIP 91 effectively canceled the UASF, a hard fork happened anyway, and a new coin was created: Bitcoin Cash. And much of the initial support dedicated to the Bitcoin Cash blockchain appeared to have links to Bitmain.
So the hard fork wasn’t just a contingency plan against the UASF. Why, then, did it happen? One way to look at it is that Bitcoin Cash, with an 8 MB block size limit, was naturally appealing to big blockers. Though another theory suggests that the fork — and Bitmain’s involvement in it — was a lot more complicated and, perhaps, more nefarious than that.
PART VII: THE BIG PLAY
COVERT ASICBOOST
AA: ASICBoost is an efficiency improvement, let’s call it, that I first heard about from Sergio Lerner.
Sergio Lerner, a cryptocurrency consultant, co-created ASICBoost with Timo Hanke, a cryptology expert. They took out a patent on it in November, 2014.
AA: To my great shame, I initially ignored him because he was talking about a backdoor that makes SHA256 more efficient. If you’re in this space, you hear a lot of stuff like that all the time. It seemed like the perpetual energy machine, nut job rant and I ignored him. I had to mea culpa myself afterwards.
In Bitcoin, all miners compete to “mine” new blocks in the chain, every ten minutes. Each block presents a new, highly complex mathematical problem, and miners run high-powered computers designed to solve that problem. This paradigm is called “Proof of Work.” Whichever miner or miners gets the answer first gets the fees and extra reward associated with the block. This is how miners make money.
ASICBoost plays a trick with the Proof of Work algorithm that makes it easier for mining machines to reach the answer to those mathematical problems.
AA: This efficiency basically allows a pre-calculation of the mid-state of SHA in such a way that you can reduce the energy consumption by about 20% on the calculation of the end state of SHA.
A 20% reduction in computational cost, for a miner, is massive. As we mentioned, though, ASICBoost is a patented technology. Sergio and Timo didn’t release it for public use. Government regulation and closed software is very anti-Bitcoin in spirit so, over time, ASICBoost became taboo. As an article from Coindesk put it:
there is no rule that currently prevents use of the AsicBoost design, meaning that miners have more of an unspoken agreement to refrain from using the technique on the basis it is “bad” for the network.
Bitcoin’s Proof-of-Work algorithm scales according to the amount of computing power of the network, so as long no one used ASICBoost, it was equivalent to everybody using ASICBoost. If even one miner used ASICBoost, they’d get a competitive advantage. However, they’d be easily stopped, as evidence of ASICBoost is easily detected on the public blockchain.
In April 2017, the fiery Bitcoin developer Greg Maxwell posted to the Bitcoin developer mailing list. The subject: “A covert attack on the Bitcoin Proof-of-Work function.” According to his research, a new form of ASICBoost was being deployed to the network. Though this version of the technology was different, and much more dangerous.
While most discussion of ASICBOOST has focused on the overt method of implementing it, there also exists a covert method for using it. [. . .] The covert mechanism is not easily detected except through its interference with the protocol. [. . .] Exploitation of this vulnerability could result in payoff of as much as $100 million USD per year at the time this was written [. . .] Reverse engineering of a particular mining chip has demonstrated conclusively that ASICBOOST has been implemented in hardware.
The allegation that a mining company was using a covert version of ASICBoost would have been scandalous enough on its own. But that wasn’t even the good part.
THE CONSPIRACY
AA: The conspiracy comes in from the fact that the way SegWit was introduced as a soft fork, actually ended up changing the usable space in the Coinbase transaction in such a way that it broke the use of ASICBoost in a covert way.
Because of how SegWit restructured the transaction block, it rendered covert ASICBoost ineffective. Whichever miners were secretly using ASICBoost would, naturally, have had an under-the-table financial incentive to block the SegWit upgrade.
An incompatibility would go a long way to explain some of the more inexplicable behavior from some parties in the mining ecosystem.
Which miners wanted SegWit to fail because they were using covert ASICBoost? It wasn’t obvious from the ledger itself. But we’d be remiss to not mention that, in China, the company that holds a patent over ASICBoost is…
Well, you’ve probably guessed it by now.
AA: We now know that Bitmain and potentially other ASIC mining farms and mining producers were using this on their own mining farms primarily. And eventually, they started giving it out as part of the equipment and were using this to gain a significant advantage over the competitors, which at the time resulted in a big enough edge that they were able to generate literally billions of dollars in profit. This was a lot of money on the table.
[. . .]
I don’t think it’s far fetched to think that when you have an organization that has for years perhaps at that point, made the sustainable 20% advantage in a marketplace that is cutthroat competitive and where there are billions of dollars on the table, would take that into very serious consideration. The conspiracy really isn’t in whether this was to their advantage or not, or whether they would make decisions based on their own profit motive. The conspiracy is whether those incentives that were invisible to everyone else and affected their decision were hidden on purpose so as to not tip their hand on ASICBoost.
The gravity of Maxwell’s discovery was clear, and news rung throughout the community. One Reddit user with an interesting screen name wrote:
Essentially this whole BU thing or Block size debate looks like a cloak and dagger move to keep bitmain ahead of their competitors and make them and their customers rich including Roger Ver who famously told us everything on MTGOX was fine a short time before the whole exchange shut down and took every ones money.
Other Redditors chimed in.
>Sunlight is the best disinfectant
>>Sunlight?? This is a damn supernova. It all makes sense now… the empty blocks, the strong opinions against SegWit, etc. this is it, finally the truth comes out, finally we know the reasons for all the bizarre behaviour, all the lies.”
Empty blocks were yet further evidence of the odd behavior Maxwell uncovered. It turned out that some miners were producing new blocks that contained no transactions whatsoever, meaning they wouldn’t be profiting from fees off any transactions. What was the point of spending time and electricity mining blocks for no fees? The new findings indicated that mining empty blocks made a lot of sense if the miner was using covert ASICBoost.
Even with this evidence, there was no definitive proof that Bitmain or Bitmain-related entities were the ones gaming the system. Both Jihan and his company have consistently denied the allegations. But as Samson Mow — former COO of the mining firm BTCC — said shortly after Maxwell’s publishing:
This is not something that you’re going to get solid proof for, but there’s smoking guns all around.
We still don’t know when Bitmain might have begun using covert ASICBoost. What’s important is that, as soon as they did (if they did), they had a direct incentive to block SegWit at all costs. That’s important, because I told you that SegWit2x had 80% miner support. I told you that, at its peak, it had nearly 95% miner support. But what does “support” really mean? It means miners were outwardly signaling their intent to back the plan.
What if, behind the scenes, the company controlling 20–30% of the mining power on the network had a billion-dollar financial interest in secretly destroying SegWit, and any other proposals that relied on it, in order to maintain their competitive advantage in the market? That might cause some, as Greg Maxwell put it, “inexplicable behavior.” Inexplicable like professing support for SegWit2x, then forking off a new blockchain that would undermine it.
THE FORK
And so, on August 1st, 2017, the scenario everyone worked so hard to avoid was happening anyway. There were now two, competing blockchains. Then, as it goes in the world of blockchain, a hash race began. The old Bitcoin and the new Bitcoin Cash competed for computing power, battling to mine more blocks than the other. The prize for winning — being the more popular chain — was simple: the right to call your chain the “better” Bitcoin, and a higher stock price. The price for losing — being the less popular chain — was not so simple. At best, the losing chain would become an “altcoin” — an alternative, but not the real Bitcoin. At worst, without enough popular support behind it, the losing chain would not survive at all, leaving only the winner standing.
The old chain may have been favorite, but the new chain had Bitmain behind it. A significant portion of mining power presumed to support SegWit2x on the old chain was now fighting against it by mining on the new one. It was no small effort, either — for a brief period, the hash power on the old Bitcoin was nearly cut in half.
For hours, the two chains raced to mine new blocks. Soon, as the dust settled, it was clear: the old Bitcoin had much more support. The new Bitcoin Cash would survive, stabilizing at a price of about $240. In fact, it didn’t just survive — it cemented a place as one of the most popular altcoins on the market.
A healthy, relatively popular Bitcoin alternative with 8 MB blocks was quite appealing to big blockers. So SegWit2x no longer seemed quite as necessary as it once had. Plenty of miners once behind the 2x plan were attracted away by the new chain with the 8 MB blocks. SegWit2x, once professed to be the agreed-upon solution by nearly all Bitcoin miners, now looked more tenuous than ever.
As Summer turned to Fall, with the November deadline for the SegWit2x hard fork looming, more and more people began to question the viability of the plan. Blockchain scholars wrote of the financial destruction that a hard fork could cause. Wallet providers warned customers of the possible complications that would occur with a split. Jeff Garzik, the most outspoken proponent of the project, was in fact revealed to be planning an ICO for his own, separate cryptocurrency called “Metronome.”
And the user community ratcheted up the pressure. Bitcoin.org — the website originally co-founded by Satoshi Nakamoto — posted a blacklist of every company known to support the plan. Individual supporters were ostracized on social media. #No2x trended around the world, with users, Core developers, startup founders, and other notable people like Nick Szabo — who some believe to be the real Satoshi Nakamoto — posting the hashtag on their Twitter profiles. To ensure their legacy chain succeeded in case of a hard fork, more users began registering full network nodes — the kinds that act as a security check against the power of miners. In just one month’s time, the number of full nodes registered on the network jumped from 95,000 to 127,000.
And so the dominoes began to fall. Businesses, one by one, publicly reneged their support for the plan. Mining pools pulled back, including Slush and F2Pool, representing on their own 13% of the hash power on the network. Before long, nearly 25% of the network was in open opposition to SegWit2x. The plan, which once sported 95% support from miners, now fell below the 80% threshold needed to activate.
On November 8th, 2017 — just around the time that SegWit2x was scheduled to go into effect — a letter was published to its mailing list. After seven and a half months, SegWit2x was dead. The letter was signed by six influential figures in Bitcoin: Mike Belshe, Wences Casares, Jeff Garzik, Peter Smith, Erik
Voorhees…
…and Jihan Wu.
CONCLUSION
AA: To me, consensus is an emergent phenomenon that comes from the interplay of various participants in the system. The participants are the developers who write the software, but can’t force anyone to run that software and who can write down the consensus rules, but those consensus rules are meaningless if no one’s running that software. Then it’s the miners who effectively use those consensus rules to adjudicate and sequence transactions and secure the network.
Those are the two primary players, the most obvious ones, but then none of this all matters unless you take into consideration the economic activity of the network. Because if you’re building software that nobody uses, or if you’re mining blocks that have no economic value, it’s all meaningless. It’s moot. The economic interest constituencies are primarily the users who choose which wallets, which chain to run on and by extension choose the consensus rules they’re participating in. Some of them run nodes and become node operators, in which case they explicitly choose the consensus rules and can even run blockades, as we saw with user activated soft forks. Then the other two big economic interests, which are effectively users but on a different scale, are the exchanges that are not only price makers or price discovery mechanism and market makers, but they’re also the on ramps, off ramps.
[. . .]
and merchants who run all of the eCommerce, retail and business to business transaction processing on behalf of users, if users need bigger scale.
[. . .]
These five constituencies each have power only if they agree with the other four. Anytime any one of them tries to step ahead of that agreement, they lose badly. That’s how consensus keeps everyone in line. And during this entire debate, what we saw is each and every one of these constituencies trying to step up and say “it’s our decision,” and then face plant shortly thereafter when their bravado roar of “we have the power” landed on deaf ears.
2017 was the year when Satoshi Nakamoto’s utopian idea of a truly decentralized network was put to the test. Coordinated, powerful interest groups warred over controversial network upgrades, each side trying to supplant the other’s power. If any one of them succeeded, decentralization failed.
But none of them did. And this, ultimately, is why blockchain has become the fastest-growing technology in mankind’s history — because you can throw hundreds of millions of dollars at it, or thousands of people arguing and screaming at one another, and yet, the system stays upright. It is highly resilient against the things that make the rest of the world suck.
AA: You can even look at all of this arguing and drama and consider the fact that several multi-hundred-millionaires attempted to hijack the system and failed. Look at that and say: in the end, this is a system in which the participant who has almost nothing, and the participant who has multi-hundred-million are playing on a level playing field that unless changed by overwhelming consensus, maintains the status quo and gives you predictable neutral rules that work for everyone. That is the beauty of this system. No other system of commerce, no other industry is such that a billionaire can’t walk in and change the rules to suit them. In Bitcoin, as proven in 2017, you can’t. That’s really the amazing thing about the decentralization of power and that’s what makes this system tick.
We asked the question: who controls Bitcoin? Is it the users? The miners? The biggest company on the network?
Now you have the answer: no one controls Bitcoin. And that’s exactly how it’s supposed to be.
