This is the latest incident involving Bitpay, but it highlights a shortcoming of exchanges, wallet providers and payment services. Cryptocurrencies, by their very nature, are supposed to hand users the power to transact with peers directly without the need for third-party services.
The power of cryptocurrency payment service providers is under the spotlight after a $100,000 donation to an Amazon rainforest charity was blocked last month. American cryptocurrency payment service provider BitPay reportedly blocked a Bitcoin payment from charity organization Amazon Watch because it had failed the internal processes of the payment platform.
It is understood that the charity’s pay limit was set below $100,000 before BitPay advised its staff to change it. The process then came to a halt, as the limit could not be changed automatically without separate documentation.
In this instance, a donation going toward a worthy cause that has gripped headlines around the world was thwarted due to the power of the platform being used. Below are various examples of similar instances from the past and why it’s important for users to understand how much power they have over their cryptocurrency that is being held by exchanges, wallets and payment platforms.
Sacrificing control for functionality
The majority of cryptocurrency exchanges and payment platforms are centralized organizations that store, process and manage user funds on behalf of their users. Many cryptocurrency users opt to store their holdings with these service providers due to the ease of access and optimized user experience.
However, what exchange users gain is essentially offset by a loss of control over their cryptocurrency holdings. Centralized exchanges retain control of users’ private keys, which means that they have complete control over the funds in a wallet. Therefore, users become dependent on their crypto exchanges when trading or transacting with their assets.
When a user makes a transaction on a platform, this must be processed by the organization itself. The third party – or any kind of middleman – has the final say over the processing of any given transaction. Payment platforms can choose to block payments if certain requirements are not met.
This is not necessarily a bad thing, as most reputable companies have stringent security and privacy processes that safeguard user funds. With that being said, there have been many cases of hacks and theft from exchanges.
Cases of interference
BitPay has been featured on Cointelegraph on a number of occasions, casting aspersions on the power wielded by some centralized payment processors. Back in October 2017, hardware wallet manufacturer Trezor decided to sever ties with BitPay and end its integration with the platform.
The move was prompted by a dispute around the implementation of the contentious Bitcoin SegWit2x hard fork. BitPay was adamant that it would accept the fork if it garnered enough support and would adopt it as the official BTC.
At the beginning of August 2019, BitPay announced that it would be suspending its services in Germany until it had evaluated new regulations that require a license to operate in the country beginning in 2020. As a result, IT news outlet Computer Base has had to stop its Bitcoin payment support, which was processed by BitPay in the country.
In June, cryptocurrency exchange Bittrex announced plans to block users based in the United States from trading in 32 cryptocurrencies. Once the change came into effect, the customers were no longer be able to buy or sell any of the listed cryptocurrencies. Open orders were also canceled and any holdings of these cryptocurrencies were moved onto the Bittrex International platform.
While these types of situations seem more likely to be enforced by centralized exchanges, decentralized exchanges (DEX) still have some influence over user activity on their platforms. This was evident in a move made by leading cryptocurrency exchange Binance on its decentralized exchange platform in June.
The Binance DEX website enforced a ban on users from 29 different countries. While the website offers users a list of different wallet service providers that support the Binance mainnet, users are denied the access to the website if they are located in one of the restricted countries.
Geopolitical affairs also play a role in the decisions made by payment service providers toward cryptocurrency use in different countries. A prime example is China and its hardline approach to the use of cryptocurrencies – a number of laws banning cryptocurrency trading and initial coin offerings in the country have been passed in recent years.
The harsh environment has forced the closure of cryptocurrency exchanges and payment platforms, with individual users having to resort to peer-to-peer or over-the-counter trading, which has also been deemed illegal in the country. This is facilitated through messaging applications that have gradually had to enforce their own rules to adhere to government legislation.
The latest instance of this was Chinese social media giant WeChat having to toe the line in supporting cryptocurrency payments on its platform due to the strict regulations in China. As a result, the company announced in May that merchants using its platform would be banned from making cryptocurrency payments.
From the outside, it looks like WeChat’s hand has been forced by the People’s Bank of China, which has implemented new payment management measures that are looking to curb “illegal telecommunications networks and criminal matters.”
Those using the platform to facilitate cryptocurrency trading will have their accounts terminated by the service provider as a result. Considering that WeChat Pay reported over 1 billion daily transactions – the move is set to hurt users.
This move came about eight months after Chinese mobile payment provider AliPay ordered a similar crackdown on its customers, in which users that had been using their accounts to facilitate cryptocurrency trading faced restrictions and bans from the platform.
Another major consideration along this vein is the necessity for exchanges to stop transactions or withdrawals in the event of hacking and theft by freezing assets. While this response is the most common action taken in such situations, it leaves users powerless and unable to access their crypto holdings.
Over the past few years, there have been a number of high-profile hacks and thefts targeting cryptocurrency exchanges. One of the most lucrative acts of theft involved Japanese exchange Coincheck back in February 2018, during which more than $500 million worth of NEM tokens was stolen from one of the exchange’s hot wallets after hackers gained access to the private keys.
One of the first points of action taken by the exchange was to completely block all transactions as well as withdrawals, leaving its users unable to access their own funds on the exchange. The Coincheck hack is still considered one of the biggest cryptocurrency thefts of all time by value, possibly even eclipsing the infamous hacks of Mt Gox.
Even Binance, the world’s largest cryptocurrency exchange by trade volume, has fallen prey to sophisticated hacking methods. In May 2019, Binance confirmed that attackers had gained access to a large amount of users’ two-factor authentication codes and API keys, which eventually enabled the perpetrators to steal over $40 million worth of Bitcoin in a single transaction from one of the exchange’s hot wallets.
Once again, the exchange’s initial response was to suspend all user deposits and withdrawals on the exchange while a thorough security review was conducted. It was a necessary step, but it meant that users had to wait patiently to regain access to their funds stored on the platform.
Another high-profile incident involved the decentralized exchange Bancor, which fell victim to an attack in July 2018. The initial theft was valued at $23 million worth of Bancor Network Tokens (BNT), Ether (ETH) and Pundi X (NPXS) tokens.
Bancor was able to freeze around $10 million worth of illicit transactions in BNT, having built in the functionality in the event of a large-scale theft. It was handy, considering that hackers had gained access to one of the exchange’s hot wallets storing crypto that belonged to the exchange.
Nevertheless, the exchange had to halt all activity on its platform in the immediate aftermath of the event. The ability to halt part of the illicit transaction saved millions of dollars but caused a community uproar, serving as a reminder that even “decentralized” exchanges still have some third-party authority and power over transactions on their platforms.
Speaking to Cointelegraph, Civic co-founder and CEO Vinny Lingham offered a measured standpoint that explains why exchanges need to have stringent processes in place. As he explained, a major factor is ensuring that customers are correctly identified as the account holders on exchanges, saying:
“If an entity is a bad actor, it’s not a question of whether a single transaction should be stopped, but whether that entity should be investigated by a regulatory body. An efficient, decentralized financial system relies on businesses knowing who their customers are and how they transact in order to prevent illegal activity.”
Lingham believes that identity verification is paramount to reducing fraud and creating a safer environment for the entire sector. In order to do that, he suggested that exchange and wallet platforms should have identity verification technology enabled at every entry and exit point in order to meet regulatory standards.
There are also counter arguments to the ethical considerations of exchanges being able to block payments and freeze funds. Centralized exchanges must meet standards in regulated markets, necessitating action in the case of suspicious account activity.
As Lingham explained, accounts being used by bad actors must be disabled. But this isn’t as easy for cases in which accounts are making transactions using smart contracts and cross-chain protocols, as the activity cannot be stopped or frozen. He said:
“In both instances, the best way to stop bad actors is at the source or destination of the transaction through identity verification. Rather than focusing on freezing transactions, regulators and exchanges should work together on not letting bad actors into the system in the first place. This process can be initiated by business through advanced identity verification technology, and further carried out through partnerships with regulators.”
The original tenets of cryptocurrency
These scenarios are a stark reminder of how exchanges and service providers have somewhat disempowered the original intention of cryptocurrencies. Bitcoin set out to create a completely decentralized, peer-to-peer payment system that would work without the need for a central authority. However, as time passed and the preeminent cryptocurrency gained adoption, more people looked for ways to buy, sell and trade – and so, concessions had to be made.
Nevertheless, any Bitcoin user that has control of their own private key will never have to worry about an exchange or platform blocking their payments or freezing their funds. This is a key point for users of cryptocurrencies to consider when handling or storing their funds. Exchanges offer many benefits, including stable markets and an exceptional user experience, but their use comes at the price of full control over a user’s cryptocurrency.
When asked for his opinion on the control of cryptocurrency exchanges, investor and Morgan Creek co-founder Anthony Pompliano suggested that users simply need to be cognizant of the capabilities their chosen platform has over their digital assets:
“Bitcoin was built on the core ethos of resisting seizure and censorship. There is infrastructure that has been built that aligns with that ethos and there is infrastructure that has been built that goes against it. It is important to understand the limitations of the infrastructure that you use, which never feels important….until it is the most important thing.”
Emin Gün Sirer, Cornell University professor and co-founder of cryptocurrency and smart contracts advocacy group IC3, was blunt in his assessment of the current status quo of exchanges when replying to Cointelegraph’s request for comment.
Sirer believes the situation goes against the central tenets of cryptocurrencies. While there is a big focus on layer-two solutions like the Lightning Network, Sirer points out that most of the working layer-two, off-chain transactions are processed by cryptocurrency exchanges:
“And almost all of today’s exchanges are custodial: they fully take possession of the users’ funds, and fully control all interactions. They require absolute trust in the exchange operator for their function. Fund freezing and blocking are instances of the operator usurping funds using his position of trust. I cannot wait for trustworthy, secure, unblockable decentralized exchanges that cannot engage in these kinds of behaviors.”