Well it looks like the Department of Homeland Security is investigating Mt. Gox and the primary complaint is operating an unlicensed money transmittal business. Things do not look good for Mt. Gox. Its US accounts are being seized. This will likely lead to US customers of Gox (principally buyers of Bitcoin) gradually abandoning the platform, either buying Bitcoin and moving it away, or withdrawing their USD directly. The increased spread in Bitcoin prices between Mt Gox and other exchanges suggests that people holding USD on Gox are indeed buying Bitcoin in order to get out of USD in accounts that might be at risk.
This may well lead to the slow demise of Mt. Gox. Is this happens it won’t be the first time a Bitcoin exchange has shut down. A recent study showed that 45% of Bitcoin exchanges have closed. Notes Ars Technica:
Computer scientists Tyler Moore (from the Southern Methodist University, Dallas) and Nicolas Christin (of Carnegie Mellon University) found 40 exchanges on the Web that offered a service changing bitcoins into other fiat currencies or back again. Of those 40, 18 have gone out of business—13 closing without warning, and five closing after suffering security breaches that forced them to close. Four other exchanges have suffered serious attacks but remain open…
An extra risk for customers is losing their money from exchanges closing. Of the 18 closed exchanges, there was evidence that only six reimbursed their customers. Five did not, while there was not evidence enough to make a judgement regarding the remaining seven.
Hacks are one major killer of exchanges, with regulatory action or the fear of regulatory action (leading to the withdrawal of a banking relationship) being another.
And of course, exchanges are only one source of the total set of losses of Bitcoin through theft, hacks and fraud.
None of this is good for the Bitcoin ecosystem. There is little reason for trust in Bitcoin companies. Although Bitcoin is designed to facilitate transactions between untrusted parties, it is likely that trusted parties will have to arise for Bitcoin acceptance to become widespread. So what is needed to create trusted Bitcoin companies?
One proxy for trust is the set of people and organizations around a company. You are judged by the company that you keep. Companies like Coinbase, Opencoin* and Dwolla are smart to raise money from top tier VC firms as some of the credibility of the investors rubs off on the companies that they invest in. (I realize that this is quite a self serving statement since I am a VC looking to invest in interesting Bitcoin companies). But just as important in building credibility is the experience and reputation of the management team, of the board members, and of the legal representation and banking relationships that a company forms. Reputation is transitive.
Another driver of trust is a companies willingness to accept and embrace regulation in a country with strong rule of law. Bitcoin companies based in the US, the UK, the EU, Japan and other similar countries are more likely to be trusted than companies operating out of countries with weaker legal systems. But it isn’t enough to simply be based in a country with a strong rule of law, companies will need to accept and fully comply with relevant rules and laws to combat money laundering, terrorist financing and so on. Getting the appropriate money transmittal licenses that Mt Gox failed to do, and that FinCEN’s guidance clearly indicated would be necessary, is a good first step. This will take time and money, but should not put any undue limitations on legitimate companies trying to build Bitcoin into a broadly accepted payment mechanism.
A third driver of trust is developing a history of withstanding attacks from hackers. This takes time by definition, so new startups will need to develop this history. Hackers and fraudsters attach targets that are worth attacking, so in their earliest days new startups will not likely come under too much pressure. But success will attract more attention, and startups need to develop robust defenses, including physical security, network security and well trained and loyal employees to deflect attacks on multiple levels. No company is immune to a successful attack, but many Bitcoin companies have simply not put the resources against security that are necessary, and instead are only reactive to attacks that have been seen already. Mt Gox is rumored to have only three engineers, and only a portion of their time can be spent on security. It is not entirely surprising that they have failed under attack on multiple occasions.
These steps will take time, money and work to build trust on all three levels. But becoming a trusted company in the Bitcoin ecosystem will likely have signficant benefits with both customers and regulators.
What do you think can help build trust in the Bitcoin ecosystem?
* Lightspeed is an investor in Opencoin