The weaknesses of ‘fiat standard’ backed cryptocurrencies
While developing a tokenized fiat solution to help minimize the operational inefficiencies of money transfer services between municipalities and rural areas, there does exist potential attack vectors that a more mature solution will need to defend against. By identifying these structural weaknesses that may manifest themselves within earlier iterations of a proof-of-concept and minimal viable product, our team can better prepare an adaptive development strategy to sustainably and reliably deploy a later stage product. Potential attack vectors to a tokenized fiat system include the following:
- Double Spending Attack: Issue of double spending attacks
- Unbacked Currency Attack: Issue of unbacked cryptocurrency attacks (ex: how does destroying legal tender, which back the cryptocurrency, affect the system)
- Unrecognized Currency Economic Sanction: Future policy concerns (governance, transparency — what happens when the crypto-cash crosses the border and another country will not recognize it?)
- Rural Bank Economic Arbitrage: how central banks can control liquidity constraints of rural banks if they are not adequately included in the governance consortium
- Central Bank Ledger Collusion: Central bank collusion due to the lack of systematic transparency
We will dive into each concern in more detail to determine how the attack could be carried out and the level of difficulty a malicious actor would need to overcome to effectively utilize such methods. The proposal includes a following section “Attack Vector Recommendations” that outlines suggested actions that can take place (within policy or within the development of the solution) to help defend (or minimize the probability of) these attacks.
Double Spending Attack
A ‘double spend’ is an attack where the given set of coins is spent in more than one transaction 1. There are a couple main ways to perform a double spend within a (currently) Proof-of-Work (PoW) blockchain network like Ethereum or Bitcoin:
- Send two conflicting transactions in rapid succession into the network
- Pre-mine one transaction into a block and spend the same coins before releasing the block to invalidate that transaction. This is called a Finney attack
- Own 51+% of the total computing power/stake of the network to reverse any transaction you feel like, as well as have total control of which transactions appear in blocks. This is called a 51% attack
To prevent damages from the first attack — wait for one confirmation to appear on a given transaction 1. To prevent damage from the second attack — wait for 6 confirmations to appear on a transaction, or less if the transaction is small (but still require at least 1) 1. Damage from the third attack can cripple the entire network, so don’t worry about it — your business most likely won’t be the main target (it’s unlikely to happen without a huge financial expenditure) 1.
Of course, how do these attacks, and their proposed solutions, map to a tokenized fiat system? In fact, such a system lends itself to two types of double spending attacks.
- Unbacked Currency: The first category concerns itself with how the overlying digital currency is backed and where that supporting fiat amount is located
- Transactional: The second more closely relates to the aforementioned example, where the network is relying upon a Proof-of-Stake and or Proof-of-Work system
Of course, double spending attacks within systems like Ethereum and Bitcoin or extremely expensive and highly improbable. The first category, comparatively, has a much higher probability of occurring, so let’s discuss the details of this type of attack in more depth.
Unbacked Currency Attacks
The following delves into unbacked currency attacks via the destruction of legal tender and system of fractional reserve banking (loans).
Destruction of Legal Tender
Transacting an asset backed token assumes that the underlying asset exists somewhere in the real world. If the underlying asset were to be comprised by being damaged or destroyed, the overlying token should accurately reflect a depreciation in value. If such a depreciatory event does not take place, and the overlying token continues to be transacted with the assumption that the underlying asset hasn’t been compromised, the system begins to spend capital that no longer exists (because it is not backed). For example, the latter would be akin to consumers transacting gold backed IOUs in the late 1800s. If the banks did not accurately maintain their gold reserves, or 80% of the gold was stolen, the IOUs would immediately become worthless. The concerns of double spending arise when the underlying asset is being spent in a different transaction as the overlying token. One transaction is cash-based, meaning that there will be no record of the exchange on-chain, while the other transaction is on-chain and misrepresenting an exchange of value as ‘backed.’
Loans, by nature, embody the double spending attack because they artificially create capital that can be spent in different transactions simultaneously. When leveraging the mechanism of a deposit receipt to back crypto-cash, the natural accountability framework put in place is that every digital representation expressed as a ‘token’ has a unique backing by the underlying asset of fiat currency. Once the token has no backing, it becomes useless. We come to see that tokenizing fiat, although it has operational benefits to the traditional function of banking (i.e to process payments and secure funds, and to to act as a clearing system). In the crypto-economy, loans currently require the amount of capital being lent to be completely sent (albeit with smart contractual conditions) to the lendee until the full amount is repaid (plus interest). If loaned capital is tokenized in a crypto-cash system, unpaid obligations would equivocate to the ‘minting’ of capital, which, en masse, could cause hyperinflation over time.
The ‘double minting via loan’ attack uncovers the systematic and dynamic opposition to the operational gains of tokenized fiat on-chain and the economic benefits of the traditional monetary system. The latter makes the following abundantly clear:
- The power of the banking system to create money is an extension of its role in taking and creating deposits
- The reason for the taking of deposits has functions and incentives beyond just the purely operational benefits
A potential solution to this attack is to ensure that all future loans within a crypto-cash system are represented via a different token, rather than the same token that represents fiat currency. This ‘loan token’ would be minted by a protocol of smart contracts that can dynamically set the conditions of the loan, and, most likely, will need to leverage some form of collateral to mitigate risk.
Unrecognized Currency (Economic Sanction)
The ‘unrecognized currency’ attack posits the following question: What happens when the crypto-cash of one nation crosses the border and the receiving nation will not/does not recognize the tokenized fiat as legal tender?
Indeed, it seems quite possible for neighboring countries to ignore the validity of the use of crypto-cash in one nation as a form of economic sanction, particularly if the use of tokenized fiat gains mass adoption. Banking networks are often international in scale, and it is highly probable that there will be multiple crypto-cash denominations across borders. Neighboring nations, or interdependent nations could stop accepting transactions in a certain denomination of crypto-cash in an effort to withhold fiat liquidity from that country, leaving loan engagements unsettled and potentially draining a nation’s reserves (which is supposed to back the overlying token). The same could be said about intra-national disputes between banks leveraging different crypto-cashes. What if competitors are looking to settle against different tokenized denominations backed by the same fiat currency with different fee structures?
A potential solution for this attack is to mandate that all banks within a single country adopt the same tokenized-fiat standard, and, in the future, also ensure that external parties (banks of other nations) have reconciled the use of crypto-cash within their own borders as well.
Rural Bank Economic Arbitrage
If rural banks engaging within the crypto-cash system do not have equal governing rights as the rights of central banks, then how will central bank incentives to monopolize transactional leverage be curved? The ‘rural bank economic arbitrage’ attack comments on how central banks could control the liquidity constraints of rural banks if they (rural banks) are not adequately included in the governing consortium. An early manifestation of this type of attack would be the gradual increase of transactional fees that rural banks incur when receiving crypto-cash (i.e. a remittance transaction or intra-bank transaction). A more exaggerated example of the attack could be dictatorial control over when money can be transferred to rural areas at all, particularly during times of national economic crisis where liquidity becomes more scarce.
The only solution to curve perverse incentives is governmental, economic policy that mandates that any consortium of banks leveraging the advent of crypto-cash must be equally represented by central and rural banks alike. Each governing entity should have the same voting rights and privileges within the consortium.
Central Bank Ledger Collusion
If the bank serves as the intermediary settlement entity and nodes are confined to few organizational agents, corrupting the ledger becomes much, much easier. In fact, if there is an economic incentive to fraud the ledger, and transactions are not being committed to the Ethereum public chain, banks will most likely participate in this behavior. The latter could be complete erasure of transactions, changes in terms, etc.
The only solution to curve perverse incentives, in this case scenario, is to ensure that transactions are settled on a public ledger (albeit maybe in a confidential manner).
Attack Vector Recommendations
The following summarizes recommendations to avoid the aforementioned attacks:
- Development of crypto-cash policy that sets legal mandates in place to disincentivize perverse collusion amongst banks and ensures that any ledger used is completely immutable and accessible/audit-able to regulatory authority)
- Development of crypto-economic considerations around the usage of loans to prevent ‘double minting’
- Development of crypto-cash policy that sets legal mandates of how crypto-cash consortiums are governed and who can/should be represented in such consortiums