If you haven’t heard yet, CoinFloor announced that the exchange will be Bitcoin-only come January 3, 2020. That is, they’ll delist BCH and ETH and concentrate only on BTC. Similarly BitGo is no longer supporting BSV given their p2sh rollback coming in a month. This is welcome news, not the least to the poor engineers in charge of having to keep the costly nodes upgraded and running.
This is the beginning of a trend and in this article, I’m going to show all that goes into supporting an altcoin and why an exchange might be delisting certain tokens.
The Economics of Exchange Listing
Listing coins on exchanges has a sordid history, going as far back as 2013 when btc-e allegedly listed Novacoin in exchange for a significant portion of the premine. Since then, there have really only been 3 ways to get a coin listed on an exchange:
- Demand by the customers
- Bribe by the token’s central committee (usually the founder or foundation)
- Hard fork demanded by customers
The first is where the bulk of the long-term money is made for an exchange. The commissions on trades are where most of the money comes from and customer demand is a good proxy for the revenue to be made from listing the token.
Bribery is generally a short-term move as demand, if there at all, tends to not last. Still, the profits can be substantial short-term, especially during bull runs, as the frenzy tends to create crazy price action on the low-liquidity coins, drawing in traders.
Finally, hard forks can create coins that customers want their share of. BCH and ETC were two coins that essentially “forced” exchanges to at least give their customers their amounts due through what was essentially a back-door airdrop. These are, again, short-term moves as after the dump of the coins by people uninterested in holding them, the volume of trades tends to drop off substantially.
Further considerations for an exchange on the revenue front are that they may be deceived into listing a token through something like an Exchange Sybil attack. Verifying that there’s real customer demand can be difficult and requires a lot of due diligence, which a lot of exchanges simply don’t do. The trading volume after listing is often disappointing for that reason.
In addition, trading volume on a newly listed token may also take trading volume away from other tokens, essentially robbing Peter to pay Paul. Finally, liquidity on a per-token basis tends to go down as more tokens are listed as there’s only so much money that the customers have. This enlarges spreads, which reduce incentives for trading and ultimately hurt revenue. This is what you could call liquidity dilution.
In sum, long-term, the revenue that an exchange can make off of a token based on hard forks/bribery are generally not worth it. Customer demand, however, tends to be better, though even that can be faked or taper off through too many listings.
The costs for an exchange for listing a token varies. Depending on the nature of the coin, it may be cheap or expensive. It’s known, for example, that keeping an Ethereum node up is very expensive, whereas keeping a Bitcoin node up is not. Furthermore, upgrading becomes a real issue when a coin hard forks. Hard forks require downtime and maintenance which have continual costs. BCH and XMR have hard forks every 6 months, ETH at least a couple times a year (though the upcoming one in two weeks was unscheduled), and without upgrading, there’s no way for an exchange to verify transactions and downtimes create bad user experiences. BTC on the other hand, has never had a hard fork.
Thus, it’s cheap to maintain BTC support whereas the maintenance for a coin like ETH is expensive. Ultimately, the complexity of the system upgrades determine the costs to maintain a coin and at a certain point, it may simply be uneconomical or even impossible to continue support, as we’ve seen with BitGo and BSV.
Risks for an Exchange
If the revenues of listing a token outweigh the costs of maintaining a token, it would seem obvious to list it, but that’s a short-sighted view. There are numerous security risks associated with listing a token that also have to be factored in:
- Exchange hacking risk
- Block reorganization risk
- Replay protection risk
- Regulatory risk
The history of exchanges getting hacked is legion, and the costs tend to be severe. The hacks can be internal (by an employee or owner) or external (by an outside party) or some combination. As listing a coin adds to the attack surface of any exchange, this has to be a major part of the calculation.
Perhaps the most famous of these cases is the story of Cryptsy, who in 2014 was allegedly hacked by listing a coin whose node software had malware. The creators of the coin apparently used the coin’s full node software to get access to the Cryptsy systems and then proceeded to drain the exchange of 13,000 BTC and 30,000 LTC.
A security audit of each token’s source code is necessary to reduce this risk, but given how much code has to be examined and given that sometimes the code isn’t even available to be examined, this is not a common practice. Furthermore, any upgrades to the software should also require separate security audits in case any malicious code was added. Frequent forced software upgrades, or hard forks, make good security practices even more costly.
Block Reorganization Risk
Another factor for an exchange from a security perspective is the block reorganization risk. That is, a coin may be attacked directly and attackers may use the exchange as a way to cash out. For example, someone may deposit a large amount of a low hash proof-of-work token to the exchange, trade them for something more liquid and withdraw. Afterwards, the token ledger can itself be attacked and reorganized as to cancel the depositing transaction, essentially double-spending the coins. This would obviously be very bad for the exchange, as they would be out a lot of money.
Though it has not been tried yet, it’s also possible that a token’s controllers could change their ledger through a hard fork to screw over an exchange. A hard fork completely resets the rules, so it is at least possible in principle to drain an exchange solely through ledger manipulation in much the same way that ETH did with the DAO incident, but with the exchange as the “thief”.
In other words, there’s a risk of centralized controllers of these tokens stealing from the exchange through a ledger reset. This may not seem so likely now, but if an exchange is seen as a bad actor, that may be enough justification for a token’s controllers to simply change the ledger to the exchange’s detriment.
Replay Protection Risk
Another risk is the possibility that a hard fork of a given coin might create a new coin against the expectations of the community. ETH split to ETH and ETC in exactly this way back in 2016. Coinbase, for example, did not expect ETC to survive and thus sent out transactions which did not have replay protection and lost a lot of ETC which they then had to buy to compensate their customers.
Finally, there are regulatory risks associated with a particular token. AML/KYC laws may make listing a privacy token especially hard, for example. Other regulatory concerns might be if a token is considered a security and the burden that might come with qualifying investors. As each jurisdiction has different regulatory requirements, risks here include not only laws that currently exist, but also laws that might come and the lobbying that might be necessary to prevent unfavorable ones.
The Ideal Process For Listing Tokens
The ideal process should require first, a strong customer demand. That is, not just short-term demand, but long-term demand. There is generally a ton of interest in a token right after launch, but that generally tends to taper off except in extraordinary cases.
Second, the code for the token should be audited and then compiled and run in an isolated, secure environment. Any sort of upgrade should be run through the same process.
Third, the number of confirmations should be high or otherwise, there should be guarantees from the token founders for any losses due to chain reorganizations or ledger resets.
Fourth, the coin should clear any legal regulations that are currently in place and any regulations that are likely in the near future. This is probably one that exchanges are the best at, as legal expertise tends to be cheaper and easier to get than security expertise regarding the token’s software.
Given the above, it’s obvious that there are not enough security audits going on at exchanges. Otherwise, the Ethereum bug from the hard fork from last week would have been caught by anyone competent. Instead, it looks like exchanges are blindly running whatever software that the Ethereum Foundation tells them to run, or worse, just relying on Infura.
What this means is that very few exchanges are responsibly listing coins and that there should be a lot more delistings as security incidents become more frequent and trading volumes lower. The exchanges that are hoping to avoid large financial losses without proper security audits will likely learn the hard way that hope and pray is not a great security strategy.
What CoinFloor has done is not isolated. There have been hundreds of coin delistings in the past year, including BSV, Digibyte and many others. The cost both in terms of maintenance and risk are simply not worth it at a certain point if an exchange wants to survive. Given that trading volumes are dropping and the increasing risks of each separate token, we should expect not only to see more delistings, but initial listings themselves to be less frequent given all the risks and costs for new token listings.