Honest Blockstack ICO review

Kiku
Golden Borodutch
Published in
15 min readSep 5, 2019
Note: this is an English translation of the Russian article we wrote recently with an in-depth analysis of the Blockstack ICO.

Website | Token Sale | White Paper | Roadmap | Telegram |Github

The review was created by “Avocado Approves” community with the support of Golden Borodutch Telegram channel. For the convenience of readers, the review is divided into six parts: product, advisors, team, partners, legal part and conclusion. We’d appreciate if the project team answered the questions in bold publicly.

First, let us enumerate the peculiarities of the reviewed project:

  • Founded in 2014 under the guidance of Princeton University;
  • Has over $ 50 million in funding;
  • Has an MVP and many developers that use it;
  • About 200 applications are running on the basis of the product;
  • The SEC certified the project token sale for Reg A+.

The Blockstack ICO completed on Coinlist September 9th.

Worth noting that everything written below only represents the personal opinion of the author, which fully complies with the Fair Use laws and the First Amendment. It’s is in no way trading advice, and all the information was gathered from public sources.

Update September 5, 2019:

Blockstack team answered all the questions from the review: both technical and non-technical. Team responses have been added to the article under the questions.

Product

Blockstack is a protocol and toolkit for developers of decentralized applications.

The product consists of five parts:

  1. Blockstack Core, a blockchain project based on PoW and several proprietary developments (Virtualchain, Atlas, BNS). Now the network works on Bitcoin, but with the next hard fork, the team plans to switch to their own blockchain with smart contracts. Every year they will conduct a hard fork to update the network. Mining will be introduced in 2020.
  2. Gaia, a system for storing encrypted user data. The peculiarity is that application users can encrypt their files and choose a place to store them: in the cloud, locally, or remotely. Applications only have access to the data hashes, and users can deny applications the access at any time.
  3. dApps Market, a list of applications made using various blockchains, including those based on Blockstack.
  4. Blockstack Auth is similar to Google Auth, but it only works for dApps on Blockstack. It also includes DNS on blockchain to register names referencing bitcoin wallets.
  5. Blockstack Browser, an extension featuring user accounts and a list of Blockstack applications. The project team claims that when you use the browser, the data is not downloaded through the website server, but directly from other users.

Only two of those projects use the blockchain technology; they are Blockstack Auth and Blockstack Naming System. Migrating applications between blockchains is painless, as all apps need to connect from Blockstack is just a JavaScript library for authentication and, if necessary, storage.

Blockstack’s documentation and FAQ are extensive and answer many difficult questions. Nick Neuman, a reviewer, has two articles [1|2] in plain English explaining the Blockstack White paper. If you’d like to learn more about Blockstack technology, we highly recommend you read them.

Let’s specify a few common questions about the product that we have not found answers to neither in the documentation nor in FAQ. We ask the team to go down to the level of their future users and answer all questions. If it turns out that the questions already have answers in the White Paper, the community will be grateful if the team rephrases them in a more straightforward language.

  • Why did you choose PoW for your blockchain, and not, say, PoS?

PoS has undesirable security assumptions compared to PoW. Also, we’re proof-of-burn — you mine blocks in Stacks v2 by destroying tokens on an existing PoW chain (e.g. Bitcoin).

  • What algorithm does Gaia use to encrypt users’ data?

Gaia itself doesn’t specify any encryption algorithms. If you use the default blockstack.js library to interact with Gaia, it will use elliptic curve encryption. You can take a look for yourself here: https://github.com/blockstack/blockstack.js/blob/master/src/encryption/ec.ts#L89

  • How will Blockstack Auth work on iOS? The question is about Apple’s policies towards third-party auth mechanisms (i.e. won’t Apple block apps with Blockstack Auth).

Blockstack on mobile is more than just an auth provider. Apple Sign In is not a replacement for Blockstack Auth. Currently, apps that integrate Blockstack SDK are not blocked from the app store. We’ll provide guidance to developers submitting their apps for review and work with Apple on this in the future. As of right now it is unclear how Apple views decentralized authentication systems.

  • Why do you need a browser if it only works with Blockstack applications that are already decentralized?

The browser is the app that holds the private keys like a wallet and generates keys for apps.

  • How can dApps developers determine the number of their active users?

If you develop a multi-player app, you can use theblockstats 3 to track this. It’s open-source so you can fork it and tweak it to just track your app if you prefer (theblockstats tracks all apps).

  • How and when are you going to monetize the project? Can you share the details of your business models?

https://stackstoken.com/static/offering-circular-20190711.pdf, p. 96

  • Why do you conduct ICO if you already have enough money?

https://t.me/BlockstackChat/43970

Judging by the Blockstack Github account, the development has been underway since 2014. The blockchain is written in Python and the tools in TypeScript. The product itself, namely authentication, BNS, Gaia storage, SDK, and the blockchain, was ready in 2018. What’s left to do is to update the blockchain by adding smart contracts and launch the main net with token turnover.

The project team promises to publish the reports of third-party security auditors who verified the blockchain and wallet code after the end of token sales. Also, the project has a Bug Bounty program on Hackerone and FireBounty.

Easy app integration is not the only thing that attracts developers. The project also conducts App Mining hackathons on a monthly basis. Each month, Blockstack allocates $200,000 in BTC from a special fund for prize money and distributes it among the TOP 100 applications made on Blockstack. By May 2020, the team plans to allocate $1,000,000 in project tokens for developers.

Here are five projects made on Blockstack as examples:

  • Dmail, paid Google Mail on blockchain. Emails can only be sent to other emails in the Dmail system, not to regular emails. On ProductHunt, the project is promoted by bots. Dmail takes the 1st place in the list of TOP applications and has received $60 000 over 3 months from Blockstack.
  • Graphite, Google Docs on blockchain. It ranks 15th in the TOP list, although it had remained 1st up until May 2019. The application has received $138 874 from the Blockstack.
  • SpringRole, LinkedIn on blockchain. The ICO was conducted in 2018. SpringRole uses Blockstack as one of the authorization methods. There is no demand for its tokens that are traded at the ICO price of $0.00002. It ranks 19th in the list of TOP apps and has received $58 113 from Blockstack.
  • Forms.id, Google Forms on blockchain. It ranks 20th in the list of TOP apps and has received $16 000 from Blockstack.
  • Encrypt My Photos, Google Photos on the blockchain. The authors are famous ProductHunt makers, Andrey Azimov and Pierre-Gilles Leymarie. It ranks 13th in the list of TOP apps and has received $12 721 from Blockstack.

As you can see, App Mining is easy money. Quality Assessment of applications leaves a lot to say; first, almost all of the assessed apps have no demand; second, their UX is awkward and unpolished. Now the apps are assessed by the following companies: New Internet Labs (a division of Blockstack), UserTesting, ProductHunt, and Awario. In 2020, judges will be elected among the people.

We contacted Andrei Asimov, the author of Encrypt My Photos, and asked a few questions about his work on his Blockstack application. Andrey told us that integrating Blockstack into the application was easy. What was difficult is explaining to people why they need to create an account on Blockstack and write all these secret words.

In an attempt to simplify authorization, the project has complicated it. Now you have to remember a secret recovery key, which you will use every time after clearing your browser cookies. After registration, the key is sent to your email, but I lost it several times anyway and had to create a new account each time that happened.

Advisors

The project has two well-known advisors.

  • Michael Freedman, Technical Advisor. He is a Professor at Princeton University. Co-founder and the CTO of TimescaleDB. Freedman indicates on LinkedIn that he advises Blockstack since June 2015. Freedman replied us via LinkedIn but only to confirm that is indeed an advisor for Blockstack.
  • Dave Morin, Product Advisor. Former CEO and co-founder of a social network called Path. Former Apple and Facebook Manager. Founder of Sunrise and Slow Ventures. We reached out to Morin on LinkedIn and still waiting for an answer.

Team

In 2014, under the guidance of Princeton University, the founders of Blockstack, started developing a project called Onename. The goal of the project was to reduce bitcoin wallets to simple names. The founders were still students then taking an entrepreneurial course at YCombinator.

The Blockstack team has about 30 people.

Later Onename turned into Blockstack with support from YCombinator and Union Square Ventures. The project’s ambitions grew with the team and the number of venture funds.

  • Muneeb Ali, CEO and co-founder. As Ali points out on his LinkedIn, he has only a Ph.D. in computer science and several university degrees. Before Blockstack he was engaged in research on distributed systems. His Github account has code of a dozen small private projects. As for his public work, the main part of it falls in between 2014 and 2017, when Ali was the CTO at Blockstack.

What products did Ali launch? And what projects brought him to Blockstack?

https://stackstoken.com/static/offering-circular-20190711.pdf, p. 110

  • Ryan Shea, was the CEO of the project until mid-2018. He has a decent share of tokens as a co-founder. The reason for his departure from the team is unknown.

Why did Ryan Shea leave the project team? Will he receive Blockstack tokens?

1. https://shea.io/from-blockstack-to-beyond
2. https://stackstoken.com/static/offering-circular-20190711.pdf (search: “Ryan”)

What experience did Nelson have before Blockstack?

https://stackstoken.com/static/offering-circular-20190711.pdf, p. 111

  • Aaron Blankstein, Engineer. Just like the project’s CEO, on his LinkedIn Blankstein points out that he only has a Ph.D. in computer science, two university degrees, and scientific research experience. He is active on Github, where programs in JS, Python, C, and C#. Blankstein has his own developments, mainly on hyperbolic cashing. Blankstein is actively working on the Blockstack code.

What experience did Blankstein have before Blockstack?

https://stackstoken.com/static/offering-circular-20190711.pdf, p. 111

  • Shreyas Thiagaraj, Engineer. For two and a half years he worked in the Servers and Tools Department at Microsoft. For a year and a half was a lead iOS engineer at Roger Talk, a Walkie-Talkie-like messaging application. Now Shreyas is a product manager of Fika, a browser extension for reading. We could not find the code of Thiagaraj’s own projects on Github. For Blockstack, Thiagaraj is developing an SDK for mobile applications.
  • Ludovic Galabru, Engineer. In 2008–2011 he was developing for iOS/macOS and worked on his own Trello-like web-application called Scrumers. For five years Galabru was the Technical Director at FidMarques, a cashback app for French products. And for two years after, he worked as a leading blockchain developer at the social video network called Props. He is active on Github. He programs in JS, Go, and Objective-C and has published most of his own developments in 2009. His latest project is a Golang library for trade on crypto-exchanges. Galabru is actively working on the Blockstack code.
  • Matthew Little, Engineer. In 2012, he developed an application for planning meetings called Appointment Keeper. For three and a half years, he worked as a senior developer at Pingman Tools; then he moved to Hosho, where he worked for ten months on a blockchain project. Also, while working at Hosho, Little participated in the development of Meadow, a tool for smart contract development and testing. Little is active on Github where has several popular repositories of his own, such as a mining pool written in Node.js; a mining pool for coins based on CryptoNote; Stratum, a high-performance server written in Node.js; a simple miner for Windows; and a set of cryptocurrency hashing features for Node.js. Little is actively working on the Blockstack code.
  • Thomas Osmonson, Engineer. Also a photographer and web designer. Since 2014, he has been working as a freelance website developer. He has published several small components of his own on Github. Osmonson is actively working on the Blockstack code, mainly on its frontend.
  • Ken (Yukan) Liao, an engineer. Co-founder of online women’s clothing store called Prapo. For less than a year he worked as a developer for a Canadian bank called CIBC and a financial service called Merrill Lynch. In 2017, Ken joined Blockstack and immediately signed up for Github where he since has only published a scrapper for Instagram and an unfinished dApp for microblogging based on Blockstack. Liao is actively working on the Blockstack code.
  • Hank Stoever, Engineer. He used to be a developer at DailyCred, UP Global, and Kadenze. He also developed a dozen personal websites. Stoever is active on Github, including the Blockstack repositories. He has a few popular Github projects: automation of crypto exchange arbitrage; issue repositories analyzer; and cookies support for electron.
  • Tim Wells and Jesse Wiley are engineers, and that is all information we could find about them.

What experience do Wells and Wiley have? Where can we learn more about them?

https://t.me/BlockstackChat/43978

In addition to these team members, there are many active community managers in the project chat rooms.

Partners

In fact, those are not partners, but Blockstack devisions.

  • New Internet Labs, the team responsible for the development of the Blockstack browser. The team is led by Larry Salibra, who was not mentioned on the Blockstack website. New Internet Labs has a blank Twitter and an empty Github.
  • Signature Fund, a Blockstack fund with a website that won’t work. The project team claims that this fund is supported by Lux Capital, OpenOcean, RisingTide, Compound, and VersionOne. The fund raised $25 000 000 to finance App Mining.
  • App.co, a base of decentralized applications based on Blockstack, Ethereum, EOS, IPFS, and Steem sorted by the number of mentions on Twitter.

Investment partners

List of investors from the project’s AngelList. Most are publicly confirmed

It is noteworthy that there is Naval Ravikant among investors. Ravikant is the CEO and co-founder of AngelList, which owns ProductHunt and CoinList. Most of the developers that use Blockstack are active ProductHunt makers. Also, Blockstack uses CoinList for holding the token sale.

You can find details on investors and their shares on pages 12 and 97 of the circular proposal sent to the SEC. Let’s highlight the most interesting aspects.

  • In October 2017, we sold for future delivery an aggregate of 323,435,373 Stacks Tokens to 24 accredited investors that were shareholders of Blockstack PBC at $0.00012 per token.
  • In October 2018, we sold 38,209,321 Stacks Tokens to Blockstack Employee LLC at $0.01320 per token.

And now 62 000 000 tokens are being sold at $0.30 per token. Does it mean, that current investors will bring those October-2018 investors 2500-fold profit? Or is there an extra three zeros everywhere in the document?

https://t.me/BlockstackChat/34231

  • In the period from November 2017 to February 2018, about 682 318 558 tokens were sold to accredited investors.
  • Expected circulation for 10 years is 4 073 500 000 tokens.
  • Initially, the company gained access to only $10,000,000. The next $20 000 000 will be available after the main net is launched and the project tokens start circulating. The last $20,000,000 will be unlocked after reaching one million registered users.

All in all, through the D+ regulation from accredited investors and Blockstack’s own funds, they have raised around $57 500 000. Now Blockstack is collecting next $28 000 000. We hope to hear explanations on the prices from the project team. We assume they can be explained by the risks that were threatening equity investors when they were funding a sheer idea.

Tokens of early investors are frozen for 3 years. You can read more about frozen tokens in the FAQ section of the Blockstack website.

Are current investments in cryptocurrency immediately converted to Fiat or are they being held in crypto?

https://stackstoken.com/static/offering-circular-20190711.pdf, p. 73

Legal part

Blockstack registered two companies and two funds with the SEC:

The project registered one patent for a decentralized DNS.

The fact that Blockstack received the A+ permission from the SEC allows both retail and accredited investors to invest in the company. However, retail investors still need to pass the KYC check and provide income information, which makes it no different from STO.

Residents of Canada, Japan, and countries subject to US sanctions do not have the right to buy tokens as well as residents of USA states of Arizona, Nebraska, North Dakota, and Texas, who are not registered as dealers. Developers from these countries and states are also not allowed to take part in application development contests.

Now to register a name in the blockchain, you have to pay in BTC. After the main net is launched, you’ll start paying in the project tokens called STX. You will also need those tokens for creating/running smart contracts and voting for updates in the Blockstack network.

In the token sale agreement, there is a condition that 80% of the profit from token sales are subject to return to buyers if the project does not launch the main net and stops developing it.

Conclusion

It would seem that all parts of this project are beautiful; it seems as if their marketing doesn’t try to cheat you. Their work with the SEC is top-notch. The product is integrated into real projects. There are enough experienced programmers working on the project. Previous investment rounds have been closed successfully.

But now the project is wasting money on applications that are worse than their centralized counterparts. Interestingly, the app developers themselves admit that these apps were created only because of the cash prize from Blockstack, and not for real users[1|2]. If there is no contest, the majority of applications will just disappear. The absence of a proper evaluation system dooms the contests to be an attraction for parasites.

The second questionable aspect is the low token price early investors paid. The price, which will bring them 2500-fold profit. If the project team explains the monetization strategy, the evaluation of applications, and the reason behind token prices for early investors, the project can be called worthwhile.

That’s all. Feel free to clap or rant in the comments if you see errors in the text. Thank you!

And Join The Avocado Approves Community

Update September 5, 2019:

Blockstack team answered all the questions from the review: both technical and non-technical. Team responses have been added to the article under the questions.

--

--