Paxos Gold (PAXG) — A crypto-based option for physical gold ownership

For many years, my non-crypto portfolio has been the Golden Butterfly, which holds a 20% allocation to gold.

Why so much? It’s a slight modification of the Harry Browne “Permanent Portfolio”, which is based on the forward thinking idea that the economy can be in one of four states, and that a sound portfolio would hold equal amounts of the asset class that reacts most dramatically in each of these economic states, and then capture gains through both appreciation and rebalancing.

As mentioned, the Golden Butterfly is a slight modification, tilting the allocation ever so slightly towards stocks:

  1. Prosperity → Stocks (40%)
  2. Deflation → Long-term US bonds (20%)
  3. Inflation → Gold (20%)
  4. Recession → Cash (20%)

When people look at this portfolio, they almost universally respond in horror. With low interest rates, long-term bonds are surely going to get crushed! Gold and cash earn no yield! Only 40% stocks?

What they’re missing is that the magic is in the uncorrelated relationship between the classes. It’s the package that matters, and for as long as we have data, this allocation has proven to be one of the most stable in times of both growth and drawdown of any mainstream portfolio.

So that’s why I hold gold. Now let’s talk about how I own it.

In the early years, I had accounts with BullionVault and GoldMoney, where you purchase title to physical, redeemable gold. Working with these firms, however, felt archaic. BitGold emerged, and brought the user experience of owning gold into the 21st century, but then dropped much of their fantastic user experience, when they merged with GoldMoney. Eventually, I moved away from GoldMoney, to purchasing the iShares Gold Trust ETF, IAU.

Owning an ETF is convenient for rebalancing, but it’s still a paper form of ownership, and so I’ve been keeping my eye open for alternatives. One did appear a few years ago, Vaultoro, a Berlin-based physical gold provider. My main hangup there, however, was that it’s bitcoin-based, i.e. you can’t deposit and withdraw fiat, making rebalancing within a larger portfolio a bit inconvenient.

A new solution to gold ownership has recently emerged that looks to have all the characteristics I’ve been looking for—and more! And that solution is Paxos Gold.

Paxos is the New York regulated company that issues the PAX USD stablecoin, whose market cap recently passed TrustToken’s TUSD. Pax Gold, or PAXG, is their new stablecoin product, in which each token is backed by one ounce of physical gold in a Brink’s vault in London.

Here’s what I find attractive about PAXG:

  • Trust. — Paxos is a New York regulated Qualified Custodian and financial services company, with a solid track record. (Binance, for example, chose Paxos to custody and issue their new USD stablecoin, BUSD.)

  • Physical ownership. — Each token is backed by physical gold, and is redeemable. At the Paxos website, you can even trace each token to the serial number of the London-vaulted 400 oz gold bar to which it corresponds.

  • Accessibility. — As an ERC-20 token on the Ethereum network, PAXG can be freely moved and traded as a bearer-instrument 24/7. You can choose to custody it at the Paxos website, where you can redeem it for cash or gold, or you could custody it yourself, say in a hardware wallet, and sell it on a public exchange.

  • Low fees. — Depending on volume, purchase fees can range between 0.03% and 1.00%, and Paxos additionally make money on Ethereum network transactions (0.02%). During their launch sale, however, there’s no purchase fees, and even a 2% rebate, on the first 7,000 tokens sold.

But perhaps most exciting about PAXG, is that it opens the door, for the first time, to earn yield on your held gold. For example, Nexo have already announced plans to add PAXG to the list of deposited stablecoins on which they pay 8% per year in-kind interest.

Of course, lending your gold, like lending anything, introduces third-party risks which one would need to take into consideration, but it’s very exciting to know that options to earn yield on held gold are being enabled through technological innovations like PAXG.

At the time of this writing, during its launch week, roughly $2.4M of PAXG has already been minted. With the benefits listed above, I’m excited to keep an eye on PAXG as a fascinating option for my gold holdings. (And if I end up going with PAXG, I guess I’ll have to stop referring to it as my “non-crypto” portfolio!)

The importance of plausible deniability in crypto products

One of the most important, yet overlooked, features of any crypto currency product is support for plausible deniability. This feature is best understood by example.

The Ledger and Trezor hardware wallets, like nearly all crypto wallets, are secured with a 24-word seed phrase. Access to the wallet is then secured with a four-digit PIN code. Most of us are familiar with this model by now.

What many people don’t realize is that these devices don’t just support one single wallet behind one single PIN, but rather support any number of wallets secured behind any number of PIN codes.

This feature, known as the “25th word feature”, allows you to add additional words to the seed—i.e. 25th words—thereby creating additional wallets, which you can then secure with additional PIN codes. And since there can be any number of 25th words, these devices support any number of wallets! Take a moment to think about the implications of that.

This feature provides both convenience and plausible deniability:

  • Convenience, in that you can have a default wallet, containing a small amount of currency that you use for day to day transactions, without having to expose your larger holdings.

  • Plausible deniability, in that if you were forced to open the wallet, you can open your default wallet containing a small amount of funds, and it would be impossible to know whether you have additional wallets, where you’d maintain your larger cold storage funds, secured behind additional PIN codes.

In my view, plausible deniability should be a core feature of crypto products, presented and promoted front and center. Uunfortunately, it’s often considered too complex by some products, and poorly implemented by those that do support it. Let’s look at at few more examples.

Mobile Wallets

The Secure Enclave makes iOS devices surprisingly good platforms for secure wallets. But I would never use my iOS device to store significant amounts of crypto currency because nearly none of the current wallets support plausible deniability, and the one that does, doesn’t support it well from a UX perspective.

TrustWallet, BRD and Edge are all high-quality mobile wallets, and all of them support the interaction of launching with a prompt for a PIN code. None of them, however, support multiple wallets, secured behind multiple PIN codes.

I once spoke with BRD about this, and their view was that plausible deniability was too advanced for their users. At the same time, however, they argued for using BRD as one’s primary crypto storage, due to the security of the Secure Enclave. That would be a terrible recommendation, for a product that supports only a single wallet.

(Note that all of these products claim to technically support multiple wallets, by the fact that you can restore any number of wallets from different 24-word seeds. That’s terribly impractical, however, from a UX perspective.)

Ledger Nano X

Since the recently-launched Nano X, which does support multiple wallets secured by multiple PINs, is accompanied by an iOS app, Ledger Live, I was hopeful that plausible deniability would finally be supported in a useful way on a mobile device. Unfortunately, the implementation is such that it’s nearly as unwieldy as restoring a 24-word seed in the other wallets.

The Ledger Live mobile app supports “accounts”, which are individual currencies within a given wallet. If you had two sets of wallets behind two PINs on your Nano X, each of which held BTC and ETH, you would either have to have all four “accounts” always visible in Ledger Live—say, “BTC”, “BTC Cold”, “ETH” and “ETH Cold”—which, of course, defeats the whole purpose of plausible deniability, or you would need to add your cold storage accounts only when needed, and then have to remember to delete them from the app when done. (Deleting them in the app doesn’t affect their presence on the hardware device.)

So, unfortunately, the Nano X, combined with the Ledger Live mobile app, doesn’t move us forward in terms of usable plausible deniability on mobile devices.

Portfolio Tracking Apps

It would be great to track my full crypto portfolio in an app like Blockfolio.

Again here though, Blockfolio doesn’t support plausible deniability. As with mobile crypto wallets, Blockfolio could launch with the presentation of a PIN interface, behind which multiple portfolios are managed—i.e. my real portfolio, and then a shadow portfolio I’d open if forced. But since this isn’t supported by Blockfolio, or any of its competitors, I’m left to track my crypto holdings in a spreadsheet, locked away inside a hidden encrypted disk image.


My hope in publishing this article is to bring more awareness to the need for supporting plausible deniability as a core feature of crypto products, and for those that do support it, surface it in the user interface as a primary function of the product, rather than hiding it away behind the “Advanced” settings.

For further reading, and a great example of how beneficial plausible deniability can be in general, be sure to see my article about the Espionage product for Mac OS X.

Comparison of cryptocurrency exchange service rates

For those interested in trading cryptocurrencies, and wishing to avoid complex interactions with an exchange like Binance, a number of easy-to-use online cryptocurrency changer services exist, as well as in-wallet changers.

In this post, dated January 11, 2019, and which I hope to periodically update, I present a comparison of the ones I know about. For each, I’m comparing the BTC→ETH rate, and using CoinMarketCap as a reference.

Changer1 BTC → ETHPercent Loss
CoinMarketCap (Reference)28.78830.00%
Edge Wallet (Changelly)28.4513(1.17%)
Exodus Wallet27.6682(3.89%)

Of course, some exchanges require accounts, while others are anonymous, and so other factors may be involved in one’s choice than rate alone.

(PS: If you know of other services I should add to the list, please mention them in the comments, and I’ll add them to future updates.)

Understanding Zerocoin

This article was first published on the Veil blog.

In this article, we’ll describe the Zerocoin protocol—one of the beautiful technologies underlying the strong anonymity you’ll find in the Veil currency.

History of Zerocoin

The Zerocoin protocol was conceived in 2013 by John Hopkins researcher Matthew D. Green1, as an extension of Bitcoin, providing for optional anonymity in the Bitcoin network. We say “optional” anonymity since the Zerocoin model involves converting public bitcoins to anonymous zerocoins, and back.

So the first concept to understand is that in Zerocoin networks, there are two types of tokens (coins)—public tokens, known as basecoins, and anonymous tokens, known as zerocoins. (Misunderstanding of this concept is a common source of confusion in networks such as PIVX, where one finds “PIV” and “zPIV” coins.)

In Veil, the on-chain coins are called Basecoin Veil, and the anonymous coins are called Zerocoin Veil. Since the Veil wallet automatically converts basecoins to zerocoins, however, the general use of “Veil” is meant to imply the anonymous coin.

(You’ll notice that for Basecoin Veil, we used the term “on-chain”, rather than “public”, since in the Veil network, Basecoin transactions are also anonymized using “RingCT” technology, but explanation of that will be saved for another post.)

The logic behind Zerocoin

Imagine we’re considering how to design an extension to the bitcoin network that would allow us to convert bitcoins to zerocoins, and then be able to spend them later anonymously.

In order that the bitcoin monetary supply remains auditable, the creation of zerocoins can’t be anonymous, i.e. when we bring a zerocoin into existence, through a process known as minting, we necessarily have to take a bitcoin out of circulation, in a process known as burning, and since bitcoin is a public token, its removal (burning) also has to be public.

Therefore, if I minted 1.73458 zerocoins—something we’ll later see isn’t technically possible, but for the moment we’ll ignore that—by burning 1.73458 bitcoins, and if the world can know, since bitcoin is public, that I owned those 1.73458 bitcoins, then the world will also know that I now control 1.73458 zerocoins.

So the challenge in a network like this is:

If my creation of zerocoins is public, how can I later spend those zerocoins anonymously?

Fixed denominations

The above example already presents the very first challenge. If I created such a precise amount of zerocoins in the past, like 1.73458, then when that precise amount of zerocoins gets spent in the future, it wouldn’t be very hard to assume that the spend came from me. Why? Because there simply won’t be very many other zerocoin address “outputs” out there holding precisely 1.73458 coins.

Considering this problem, Green may have thought, “What if zerocoins only existed in fixed denominations, like cash bills or casino chips? If there only existed denominations of, say, 1 zerocoin, 10 zerocoin, 100 zerocoin, and 1,000 zerocoin, then maybe I could design a system in which, if you spend a 10 zerocoin, the network won’t know which of all the 10 zerocoins you spent.”

This idea of fixed denominations was ultimately implemented in the Zerocoin protocol, and made to work through the concepts of accumulators and zero-knowledge proofs.


In Zerocoin networks, an “accumulator” exists for each denomination supported by the network. So if the Bitcoin network supported denominations of, say, 10, 100 and 1,000 zerocoin, it would have three accumulators.

Conceptually, most people think of accumulators as “buckets”, holding all the coins of a particular denomination. But in reality, as we’ll see later, an accumulator is actually a single number, that cryptographically embeds knowledge of the existence of each outstanding zerocoin in that particular denomination.

As you might imagine, the particular choice of denominations in a Zerocoin network has to be carefully considered, and the trade-off is between convenience and anonymity.

To understand this, consider that when I spend a 10 zerocoin token, its traceability back to me—i.e. back to my minting of a 10 zerocoin token—is a function of the total number of 10 zerocoins that exist. If there’s only five 10 zerocoins in existence, and I spend one of them, it might not take much sleuthing to figure out it was me. On the other hand, if there are five million 10 zerocoins in circulation, the problem becomes much more difficult, if not impossible.

For this reason, a network that only has six denominations would likely provide greater anonymity than one that has a hundred different denominations (all other things being equal). For the Veil network, there will exist four denominations, and hence, four “accumulators”: 10, 1000, 1000 and 10000 Zerocoin Veil.

Zero-knowledge proofs

Zero-knowledge proofs2, to most mortals, are akin to black magic. We won’t get close to the math behind them, but here’s what a zero-knowledge proof is in practice:

A ZK proof is a method by which one party can prove to another that a given statement is true, without conveying any additional information apart from the fact that the statement is indeed true.

Mind blowing, I know. Don’t get scared!

How the Zerocoin protocol works

With all that as background, we can now proceed to explain how the Zerocoin protocol works in practice.

Let’s start by walking through the process of what happens when you mint zerocoin by burning basecoin—something that happens automatically in the Veil wallet.

Burning & Minting

Say you received an incoming payment of 10.73458 Basecoin Veil. Looking at that number, your wallet would know that it can convert 10 of those to a single 10 Zerocoin Veil token. (The remaining 0.73458 Basecoin Veil would stay as Basecoin Veil in your wallet.)

To create your new 10 Zerocoin Veil token, your wallet creates a unique serial number, that we’ll call “S”, and a random number, that we’ll call “V”. Your wallet then performs what’s known as a “one-way” cryptographic calculation known as the Pedersen Commitment, that takes V and S, and computes a number called, “C”:

C = comm(S,V)

This formula simply means that “comm” is a mathematical function—the Pedersen Commitment—that takes S and V as inputs, and produces the number C as an output. It’s “one-way” in the sense that S and V can’t be back-calculated from C.

Having computed C, our wallet now “burns” 10 Basecoin Veil—taking them out of circulation—in a blockchain-recorded transaction in which the value “C” is publicly recorded.

The “10 Zerocoin Veil” network accumulator number is then updated cryptographically to embed knowledge of the newly introduced “C” value.

By burning 10 Basecoin Veil in this way, we have also “minted” a brand new 10 Zerocoin Veil token, that is associated with the recorded number “C”, which is linked to me, and to the unique serial number, S, which at this point is only known to my wallet!

Before moving on, let’s review where we are:

  • We have burned 10 Basecoin Veil in a blockchain transaction that minted the creation of a 10 Zerocoin Veil token, recorded with the number, C.

  • Since the burned Basecoin Veil is public (or for Veil, more precisely “on-chain”), the number C is publicly visible.

  • Only our wallet knows the random number, V, used along with S, in the calculation of C.

  • Only our wallet knows the serial number, S, which is the unique identifier of our particular 10 Zerocoin Veil token, among all the tokens.

Spending anonymously

Now comes the interesting part: How do we later spend those 10 Zerocoin Veil anonymously? To do that requires that the spend can’t be linked back to the mint. Let’s look at how that’s done.

When I’m ready to spend my 10 Zerocoin Veil, my wallet calculates two zero-knowledge proofs, the first of which can be used independently, and the second which can only be used in tandem with the first.

In the first ZK proof, I mathematically prove that the coin I want to spend (the 10 Zerocoin Veil) exists in the 10 Zerocoin Veil accumulator, without revealing which coin that is. Mathematically, I have to prove that the value “C” I wrote to the blockchain during my mint exists in the accumulator, without revealing the particular value of “C” I’m proving—since that would point directly back to me!

To do this, I compute the Pedersen Commitment function using C and another random value, R, that I choose and is only known to me, to produce the output Y.

Y = comm(C,R)

(The inclusion of a random number R is critical, because if I just computed comm(C) to produce Y, then by computing comm(C) on all the recorded C’s in the blockchain, you could easily figure out which C I’m proving!)

When I provide the value Y to the network, the network can validate my proof using Y and the current accumulator number to confirm that, yes, I do control a particular coin in the accumulator, but without knowing which one, i.e. the network doesn’t know which “C” I used in the computation of Y.

Then, I publicly reveal the unique serial number, S, corresponding to my particular 10 Zerocoin Veil, and provide a second ZK proof demonstrating that I know some random value V, that, in turn, proves I control the still-unrevealed “C” used in the first proof.

That’s a mouthful, but is why the second proof is only meaningful in tandem with the first.

So in summary:

  • Proof 1 proves that I control one of the coins in the accumulator, corresponding to the minting recorded with C on the blockchain, but without revealing which C that is.

  • Proof 2 allows me to reveal the unique serial number, S, corresponding to my particular coin, without revealing which burn and mint transaction, C, it corresponds to.

Or said another way:

Zero-knowledge proofs have allowed me to prove that I control a specific token among all the 10 Zerocoin Veil tokens, without any connection to the specific blockchain transaction that created that coin.

At this point, my spend transaction will be recorded on the blockchain:

  • The transaction will publicly record my unique serial value, S, so that that coin can’t be double spent in the future.

  • 10 fresh Basecoin Veil will be put into circulation and delivered to the destination address of my transaction, and my 10 Zerocoin Veil can not be re-spent due to the public recording of its unique serial number, S.

And so, through the use of zero-knowledge proofs, I have spent my 10 Zerocoin Veil anonymously!


In this article, we’ve described the Zerocoin protocol—one of the beautiful technologies underlying the strong anonymity you’ll find in the Veil currency3.


  1. See 
  2. See 
  3. Thanks to Veil developer Random.zebra for helping me wrap my head around the concepts like zero-knowledge proofs described in this document, and to Veil team members for editing feedback. 

An introduction to PIVX and a proposal to help its user experience

In this article, I’m going to introduce the PIVX coin, along with its associated network, and propose some ideas for helping it become a leading cryptocurrency.

The history of PIVX

As readers will know, Bitcoin has some privacy deficiencies. For example, when you make a transfer, you expose the full balance of BTC held on the source address(es) used in the transaction.

DASH forked from Bitcoin, in order to (among other reasons) introduce the masternode-facilitated PrivateSend feature, which, in mixing transactions, provides some level of privacy through obfuscation.

Concern remained among some, however, that obfuscation can’t protect your privacy if someone with the resources of a nation state wants to determine who’s behind a transaction. To address this, PIVX forked from DASH with the goal of providing for deeper anonymity.

At the time of this writing, the project is within days of releasing version 3.1 of PIVX, and achieving both the goals of providing anonymous privacy, as well as providing the incentive for people to use those facilities.

The PIV and zPIV coins

The original coin of the PIVX network is called PIV. Transacting with PIV is similarly public to Bitcoin and DASH (without PrivateSend), in that all PIV transactions can be explored and traced on its blockchain.

The PIVX project innovated in the creation of a second coin supported by the network, called zPIV, which, existing in discrete denominations like casino chips, is truly anonymous.1

Using the project’s wallet, one can privately convert PIV into zPIV, and transacting in zPIV is completely anonymous for the sender—meaning that while the blockchain reveals that a certain number of PIV arrived at a public PIVX address, no information about the sender is revealed. (And if the recipient of those PIV then converts them to zPIV, their forward-going history will also remain private.)

The incentive to be private

With the forthcoming version 3.1 release of the PIVX wallet, network users will be incentivized to maintain their PIV holdings in the private zPIV format. For those who leave their wallets open, any zPIV balance can be “staked”, and earn PIV rewards.

What does this mean? PIVX uses a consensus algorithm called “Proof-of-Stake”. Unlike the Bitcoin “Proof-of-Work” network, in which miners validate new transaction blocks, in the PIVX network, “staking wallets” are randomly chosen to validate new transaction blocks, every 60 seconds. A given wallet’s chances of being selected for validation of a given block, and earning a reward, are increased as a function of the number of coins it holds, and the time over which it’s been staking those coins.

For each block that is validated, the network creates five new coins. If the validating wallet is staking zPIV, then it will receive three PIV, and a randomly selected masternode will receive two. If the validating wallet is staking PIV, then it will receive two PIV, and the selected masternode will receive three.

(There is a possibility of a sixth coin being created and awarded to the PIVX Treasury, which we’ll get to in a minute.)

So with the release of version 3.1 of the wallet, PIV holders will be incentivized to convert to zPIV, and through staking of those zPIV, participate in securing the network and earn rewards. I’ve been staking PIV for a while, and have earned close to 5% interest—considerably better than a USD savings account—and this should only improve with the release of version 3.1.

The tendency among people, especially in the US, is to give up their privacy under the idea they have nothing to hide. Trying to mass educate is a lost cause. But incentivizing people to be truly private, without having to convince them of the need for that, is a beautiful artifact of the zPIV staking system.

The PIVX Treasury

PIVX has a governance system in which anyone can make a proposal, and if accepted by vote of the masternode operators, the proposal can get funded. If an accepted proposal exists on the network, and is not fully funded, then a sixth coin will be created during each block validation, and transferred to the PIVX Treasury. This will happen until the Treasury holds enough PIV to fund all accepted proposals.

What does this facilitate in practice? When visiting the PIVX Discord, you’ll find support staff who are paid to help users with their questions. You’ll notice ongoing marketing activities that are funded through the Treasury. The developers themselves are paid for proposals to maintain and extend the system.

The PIVX Treasury system represents an elegant, decentralized, democratic method of funding the long-term maintenance and advancement of the platform.

The PIVX economy

Each time a PIVX transaction block is validated, up to six new PIV are created. In this way, PIVX is inflationary. Each time a PIVX transaction occurs, however, the transaction fees are burned (destroyed). In this way, PIVX is deflationary.

Whether the network is in aggregate inflationary or deflationary depends on the networks transaction volume, but we can see that by design the network isn’t ever inflationary—which is a good thing economically.

Where are we, and what’s the problem?

Considering the capability of privacy and anonymity, the ability for anyone to help secure the network and earn interest, the governance system and treasury, the sound economic model and the vibrant community, I’m optimistic that PIVX has the ingredients necessary to establish itself as a leading store of value and medium of exchange.

The current market cap of DASH is $2.8 billion, while the market cap of PIVX is $211 million. Just moving closer to DASH would represent a major return for PIVX investors today.

Not only are there structural reasons to make this happen—i.e. I know of no other cryptocurrency that offers what PIVX offers—there’s also a large economic incentives.

In my view, getting from where the project is today, to where it needs to be, fundamentally depends on positioning PIVX for the coming wave of new entrants to the crypto markets. These are people without much knowledge, and possibly not much interest, in how cryptocurrencies and blockchains work. But they are very interested in the benefits that crypto offers to them.

So what are the problems? In my opinion, the following needs to happen, in order of importance:

  1. Engagement and interaction — PIVX needs to deliver an amazing user experience in the wallet for the forthcoming wave of new users, and in this regard, it needs to expose interaction concepts in familiar terms those particular users will understand, and be comfortable with, if not excited about, engaging with. In particular, and fundamentally, the wallet needs to address the confusion those new users will likely have in understanding the differences between PIV and zPIV. I’ll expand on this in the next section.

  2. Positioning and information — This pertains to the PIVX website. The current website, in my opinion, overemphasizes the technology, e.g. “Zerocoin + PIVX = Privacy Meets Proof of Stake” (unintelligible without a lot of work), “Built on Bitcoin” (confusing), “60 Second Blocktime” (unintelligible without a lot of work), and its styling is consistent with that technology focus. I believe the coming wave of new users should be greeted by a friendly website that, in a friction-free way, explains the benefit of PIVX to them, in terms they can understand, and unequivocally motivates and helps them to get hold of, and use PIV. Of course, the technology details should be discoverable, but only for those motivated to look for them. I think the Stellar project do a good of this. Finally, the current website seems to be built on WordPress, using the popular DIVI theme. For a project of this importance, and given the various purposes it will eventually serve should the currency become mainstream, I would suggest building it on the developer-friendly CraftCMS.

  3. Branding — The current PIVX logo is typeset in capital letters. Perhaps that was chosen since it’s an acronym for Private Instant Verified Transactions. I believe a friendly, warmer, more engaging feeling would be transmitted to new users if the letters were set in lower-case, i.e. pivx. That feels cute, and sticky to me, and could look beautiful with a well-designed text treatment. Secondly, I think it would be great if the project’s logo could somehow transmit the dual-coin nature of the network, in order to help users become accustomed to this core concept.

The wallet experience

The first solution that comes to mind, to provide the experience that anticipates the context, background and needs of the wave of future PIVX customers (and benefits the current ones as well), is to introduce the metaphor of two “accounts”, presented in familiar terms, like “PIV Current Account” and “zPIV Private Savings Account”. With a simple distinction like this, we can communicate the potential for earning “interest” without having to introduce complex concepts like “staking”, and communicate that interacting with that account is the “private” part of the overall system.

This is just a starting point. There will be lots of challenges to address, including:

  • The wallet should include an on-boarding experience for first-timers, helping them understand how thing work, and where to purchase PIVX if they don’t have some.

  • It should address the potential confusion users may have with the concept that an account can have multiple addresses, and nail the UX around that.

  • The wallet needs to communicate that it has to be open to earn interest. As part of that, the wallet needs to communicate that it needs to be encrypted to make earning interest something that is safe.

  • To reinforce the the above, the wallet needs to clearly indicate when the Private Savings Account is earning interest (and not with an indicator that the “wallet is staking”.)

  • The wallet needs to communicate that earned interest is a statistical event, and, while we can report an average rate they can expect, emphasize that it will fluctuate.

  • We can build on the dual accounts metaphor, emphasizing that mobile wallets are extensions of the PIV Current Account. (Color differentiation between the accounts could help with this.)

  • Anticipating that people may want to store their wealth in zPIV, we’d want to ensure a means of hiding their balance (since the wallet will always be open.)

  • The wallet needs a UI hierarchy that only exposes advanced concepts like masternodes to those specifically searching for them.

  • Lots, lots more.

How can I help?

I’m associated with a world-class group of product designers, developers, and copy-writers, that is capable of delivering on the above points 1 and 2. Most of our work is for customers in the Bay Area, and our costs are consistent with that environment.

We could definitely contribute 100x in terms of the critical wallet user experience, and associated website, from where the project is today. (And based on my experience with many Qt wallet, it would be the best crypto wallet in existence.)

If the PIVX community believe that what I’ve outlined above could help establish PIVX as a leading cryptocurrency, and believe the investment would be worthwhile, then we would make the effort to submit a proposal for funding as part of PIVX Treasury activities.

  1. The nitty-gritty of zPIV can be found here

Crypto Taxation

Crypto taxation is a hot topic in 2018, given the growth of the space, and dramatically appreciating prices, over the past few years.

There have been some good discussions of the topic, including Laura Shin’s Unchained podcast episode with Tyson Cross and Jason Tyra, and last week’s Crypto Street Podcast, with guest @CryptoTaxGirl. While these were both quite informative, there were some points I felt needed expansion, clarification and additional emphasis, and so I decided to finally write-up and post the general article I’ve been procrastinating on.

(Update: Don’t miss the new section added at the end, with links to good articles I’ve discovered since posting this one.)

Take crypto taxation seriously

I’ve come across two camps of people exposed to crypto taxation risks:

  1. Those banking on anonymity — Betting on staying anonymous with your crypto, or pleading ignorance as a Plan B, is a huge risk. If your anonymously-held crypto ever hits the fiat system, you will no longer be anonymous. If you purchase something conspicuous, you will no longer be anonymous. If your crypto was purchased with sources identifiable to you, it will become increasingly likely, with the emergence of better chain analysis tools, that your activities will be closely scrutinized.
  2. Those unaware they’ve had taxable events — These are the folks who didn’t realize that a crypto-to-crypto trade results in a taxable event.

In either case, if it’s discovered that you’ve failed to report taxable events, you will run the risk of costly penalties, costly professional help, costly loss of time, and even the risk of criminal prosecution for fraud or tax evasion.

You do not want to find yourself on the wrong side of an audit, so take crypto taxation seriously.

We’re flying a little blind

While there hasn’t been guidance from the IRS on crypto since 2014, the crypto space has advanced significant, and so on nascent issues like, “when did you receive your forked coins, the day the project forked, or the day you extracted them?” we simply have to take our best, informed guesses as to the approach we take on recognition.

But taking action, on your best informed guess, is far better than taking no action at all.

The IRS treats crypto as property

This means that when you sell it, you will be liable for either short-term or long-term capital gains, based on the value at which the crypto was bought and sold, and the time it was held. If you held the crypto for more than a year, you’ll pay long-term gains, which for most people will be 15% under current laws. If you held your crypto for less than one year, you’ll pay something closer to personal income tax rates.

Use an automated service to keep track of your activities

This is a no-brainer. Given the disparate export formats of the various exchanges, the need to track changes in accounting method from year to year and the need to determine the fair-market USD value of crypto-to-crypto trades, it’s essential to use an online service like or to track your crypto activities.

These services integrate via API directly to most of the common exchanges, and support manual entry and CSV data uploads for everything else.

As regards complete and accurate record-keeping, don’t forget the following:

  • Some exchanges limit records export to, say, a period of one year. It’s therefore important to be diligent about downloading and importing your records promptly, before they’re gone.
  • Some exchanges, like ShapeShift, don’t provide records at all. It’s therefore important to enter these transactions manually when you make them, including the transaction URL in the notes field to provide evidence of the transaction.
  • When considering the use of a DEX (decentralized exchange), be sure to first confirm that it supports the export of trading records, and confirm for hold long records are kept.
  • Don’t forget to report earnings from staking, masternodes and other sources of crypto passive income.

Masternode & staking rewards are income

Staking and masternode rewards are considered income at the time they are received. If you do you not immediately exchange them to fiat, then they simply are treated as property moving forward, with a cost basis equal to their income value at the time of receipt.

Cryto-to-crypto trades are taxable events

Perhaps the most widespread problem in the crypto space, as regards taxation, is lack of awareness that a direct crypto-to-crypto trade (like BTC → ETH) is a taxable event. Such a trade is treated as if you sold BTC for USD, and then bought ETH. At that point, your sale of BTC is taxable based on the amount of time you held it, and the price at which you purchased it, known as your tax basis.

This also means you need to track the fair-market value of the BTC at the time of the trade! As mentioned above, an indispensable feature of the online services is that they will automatically asses and record the fair-market value of the selling half of the traded pair.1

Like-kind exchanges

Recently, there has been much discussion about the use of “like-kind exchange” laws (also known as “1031 exchanges”) to claim that crypto-to-crypto trades can be tax-deferred. Since crypto is considered as property by the IRS, the idea is that like-kind exchange laws—that allow for the non-taxable exchange of certain kinds of property—may be applicable to crypto-to-crypto trades.

First, from 2018 onward, this is clearly disallowed, as the 2018 tax reform included clarification that like-kind exchanges are only applicable to real estate.

So the only question is whether to declare like-kind exchanges on crypto trades made in years prior to 2018. I’m not a tax professional, but I engage with some good ones, and their strong opinion is that it’s likely not a good idea, for two reasons:

  1. You can’t just declare a like-kind exchange, and be done with it. You have to present argumentation, and a like-kind exchange is anything but obvious. Just as gold and silver are not considered like-kind, bitcoin and ethereum could arguably also be considered sufficiently different to exclude them from 1031 applicability. So at minimum, you’ll be faced with the professional costs of preparing your 1031 justification.
  2. Then, if the IRS doesn’t accept your claim, you’ll be faced with the costs of defending your position, and potential penalties if you lose.

These risks have to be weighed very carefully, if deciding to claim like-exchange for years prior to 2018.

Accounting method

The only point of contention I had with the Crypto Street episode, was the statement that the coffee you buy today, is paid with the bitcoin you purchased in 2011, due to a requirement to use the FIFO (first-in-first-out) accounting method.

The reality is that, as long as you keep careful and accurate track of things, you can use any accounting method you like, and choosing one over another can have a huge impact on your current tax liabilities.

In this regard, and important feature of the online tracking services is that they will actually show you which method is optimal for the current year, highlighting it green:

And an even more important feature, is that they’ll keep track of the fact you claimed LIFO on that little BTC purchase in 2016, HPFO on that other one in 2017, and FIFO on that one in 2018.

How to treat a fork

The IRS hasn’t provided guidance on this, but there are two possibilities.

  1. Forked coins should be treated as the receipt of zero-basis property. (This is how, for example, newborns of farm animals are treated.)
  2. Forked coins should be treated as income, with a fair-market value for the basis moving forward.

It seems highly probable that the correct recognition is zero-cost basis, and that an income approach would be unfair and simply unworkable.

  • In the zero-basis approach, the question of when you received your forked coins is only relevant to the determination of long-term vs short-term applicability. If they were treated as income, the question of whether you received them at the time of fork or at the time of receipt becomes important, as it relates to the determination of the fair-market value. If at the time of fork, then all forks of a project should be treated as income, whether or not you received them, and whether or not you even knew about them.
  • In the zero-basis approach, we don’t have to answer the question of the fair-market value of the coins when they were received, since it will be zero. If they were treated as income, determining the the fair-market value would be very difficult, especially for obscure forks that aren’t quoted. Income treatment would also be unfair to the owner of a coin with a high value at inception, but dropping before the owner had a chance to sell them.

So it really seems that an income approach would be unworkable, and that a zero-basis receipt of property is the better claim to make.

(Update: Here is an interesting article analyzing the tax treatment of a fork, and leaning towards an income classification. The arguments are solid, but I still find it hard to be tenable, for the reasons listed above.)

Risk of double-taxation for expat Americans

The United States is the only country in the world that taxes its citizens regardless of residence. So if you left the US to do your crypto transacting in another county, you will be liable for both taxation in the country where you’re resident, and the United States.

And even though the USA has dual-tax treaties with most countries, you are especially at risk of double-taxation with crypto, since there is diversity among countries in the “concept” of crypto. Many countries, for example, tax crypto as currency, and may not extend double-tax protection if you’ve paid property capital gains tax in the United States.

Move to a tax haven?

If you’re American, it doesn’t matter where you move, as the US taxes its citizens regardless of residence. The exception is Puerto Rico, in which, as a resident, you are subject to Puerto Rican taxation, rather than mainland US taxation. But even then, it’s widely anticipated that the IRS will have keen interest in claiming tax on the gains one’s crypto experienced prior to the change of residence. This remains an open question.

Renouncing US citizenship is an option, but then you have to research whether you’ll be considered for the exit tax, and weigh all the non-financial trade-offs of giving up that passport forever.

And if you’re European, the situation is always much better, unless you’re lucky enough to be living in Germany, where there is no long-term capital gains tax on crypto! For other countries, some have laws stating that if you move to a country considered to be a “tax haven”, you can remain liable for taxation in the former country for up to 10 years.

A difficult future ahead

If the area of crypto taxation has some ambiguities today, the situation is likely to get even murkier in the future. How will ICOs be taxed? What about participation in synthetic products like the Prism Portfolios, or the Abra mobile app, which don’t involve directly holding crypto at all, but rather involve the collateralization of Smart Contracts that aren’t even denominated in USD? What tracking and reporting burdens will be expected of the taxpayer, when we live in a world of thousands of token-to-token exchanges happening daily in automated, machine-to-machine systems, in which the tokens serve utility but at the same time are “valued”?

One thing we can depend on is that the advancement of crypto will far outpace the tax authorities’s abilities to keep up with clear guidance. And unfortunately, that means early adopters will, as always, bear a disproportionate amount of the pain and costs, defending themselves in ambiguous situations, and establishing the case law that will benefit all those coming later.


As you’ll have noticed from my previous articles, I’m transitioning from the world of traditional investing, to the world of crypto investing. I hope to use this blog as a platform for publishing my experiences and the things I learn along the way.

Crypto taxation is like going to the dentist, something we’d like to avoid, but better addressed earlier rather than later, and in this article I hope to have provided quite some food for thought and consideration. I hope you’ve enjoyed it, and if I’ve left out anything you’d like to see included, just post a comment below.

Additional reading

  1. If you use, it is critical to understand that their tracking of daily average cost is only up-to-date as of the previous day. So if you import, today, the crypto-to-crypto trades that you made today, resulting in the sale of BTC, then the website will use yesterday’s BTC price. That can be very costly, given the volatility of the crypto market. So just remember to wait a day before importing your transactions to the service. 

Earn passive income through staking, masternodes and lending

If you’re a long-term investor in cryptocurrencies, you’re probably holding some coins that you don’t intend to sell for many years. In this article, I’m going to discuss three ways you may be able to put those coins to work earning passive income, through staking, masternodes and lending.

I’m going to organize this article into an introduction to the concepts of staking and masternodes, then dive into the details of my approach to both, and conclude with a description of how I earn interest through lending.

Introduction to Staking

Readers will probably be familiar with Bitcoin’s consensus approach, called “Proof-of-Work” (PoW), in which miners spend energy computing hashes in order to validate transaction blocks and earn rewards. A more energy-efficient alternative to PoW is called “Proof-of-Stake”, in which the actors who validate blocks can be anyone who holds the blockchain’s token and is willing to “stake”, or lock-up, those tokens.

In a Proof-of-Stake network, the staker’s local wallet joins the global pool of stakers who are available to validate the blocks of transactions. When the network has a block of transactions to be validated, a staking wallet will be selected deterministically. The frequency with which a given wallet will be selected, is a function both of the number of coins being staked, and how long those coins have been staking, such that the stakers most dedicated to the network are chosen more often.

What’s in it for the stakers? Unlike PoW systems, there is no “block reward”. Instead, the staker that is chosen to validate a given block of transactions gets to keep the fees associated with the transactions in that block. For someone holding a PoS coin for the long-term, staking can be a source of passive income.

Introduction to Masternodes

Another interesting concept is the Masternode. In Bitcoin, the network is secured exclusively by miners. Networks like DASH, however, which involve additional functionality beyond validating blocks, add a second layer of “nodes”, called masternodes.

Masternodes, like miners, are permanently-available servers that provide second-layer functionality to a blockchain’s network. In the case of DASH, masternodes provide services such as its “Instant Send” feature, and “Private transactions”, in which the masternode mixes (obscures) transactions, like traditional bitcoin tumblers.

Masternode systems also require their operators to stake coins, and for their services, masternodes receive a percentage of the network’s mining fees, resulting in another potential form of passive income for the masternode coin holder.

Choosing your strategy

Let’s now think about staking and masternode strategies. Here are some considerations:

  • Opportunity cost — The total return you’ll receive on your investment is the sum of the coin’s annual price appreciation plus any returns you receive from staking or masternoding. Therefore, an investment in a coin whose price appreciates 15% per year is a better investment than a coin which provides 5% staking returns, but whose price is declining over time.

  • Minimum investment — While most staking systems don’t impose a minimum balance, all of the masternode systems I’ve seen do. The minimums vary by coin. In the case of DASH, it’s 1,000 coins, or at today’s prices, almost $500,000 USD. In the case of PIVX, it’s 10,000 coins, or about $50,000 USD.

  • Complexity — Staking involves leaving your GUI wallet open at all times, and can be achieved by anyone. Masternoding, on the other hand, involves running masternode software on a server that’s always connected to the internet—e.g. a hosted VPS at DigitalOcean—and therefore requires expertise of Unix-based system operation and administration. (Note that there are services available that will run a masternode for you, for a fee, but these are not covered in this article.)

  • Annual return — There are websites such as that rank blockchain projects by the ROI of their masternodes:

As you can see, some master nodes offer annual returns in the four digits! Any student of history or economics, however, will know such returns are not sustainable. For the most part, I would ignore lists like these, and only stake or masternode a coin in which I would invest without any potential for passive income.

(An aside before moving on — In reporting returns of staking and masternodes, I commonly see the term ROI, return on investment, misused. ROI is a measure of total return, and what we’re interested in is the annual return. That measure is called IRR, or internal rate of return. If you have a savings account paying you 5% per year, its IRR is 5%. If you put money in that account, and leave it there for 5 years, your ROI will be 27.6%, or 1.055-1.)

In light of the above, here are coins that I masternode or stake:

  • DASH — For the next handful of years, one focus-area for me will be coins that address the use-case of money, and in that realm, I believe a small set of anonymous/privacy coins will flourish. I believe one of those will be DASH, based on its momentum and funding. Since I don’t hold 1,000 DASH coins, running my own masternode is out of the question, but I did find a great shared masternode service that I’ll describe in detail below. I’m currently earning around 7.5% IRR with DASH.

  • PIVX — PIVX is another anon/privacy coin that I like, on the basis of its technology and community. By design, there’s not a lot of economic benefit to masternoding with PIVX versus staking, and so for simplicity I just stake my coins and am currently earning around 5.0% IRR.

  • BLOCK — Blocknet is an interoperability project that I was turned on to by @notsofast, which I like based on its role—I believe cross-chain interoperability will be increasingly important—and by the pace of work I’ve observed from the project. I’m currently staking Blocknet, and am seeing an IRR of over 30%. I didn’t choose the project for that return, and I don’t imagine it will be sustainable for too long, but while it lasts, I’m not complaining!

What I do…

At this point, I’ll now dive into the details of DASH shared masternoding, PIV staking on Mac OS X, and then conclude with a discussion of margin lending at Bitfinex.

DASH Shared Masternoding

In a shared masternoding system, the masternode operator funds the masternode—1,000 coins in the case of DASH—from the contributions of multiple people, and then distributes the rewards pro-rata to the participants, minus a fee for providing the service. A critical difference between operating your own masternode, and participating in a shared service, is that in the latter you have to send the operator your DASH, rather than retaining them in your wallet. So shared systems require that you trust the operator.

For DASH, I was able to find two such services,, run by “Moocowmoo”, and, run by “Splawik”. Both of these individuals have good reputations in the community. Moocowmoo charges 15% for his service, while Splawik charges 10%. Despite paying more, I went with Moocowmoo for the following reasons:

  1. Automation — Moocow has completely automated his service. Upon signing up, you receive a PGP signed welcome message containing a unique DASH deposit address assigned to you. You can, at any time, deposit DASH to this address, in multiples of 25 DASH, i.e. your deposits can be 25, 50, 75 DASH, etc. Upon deposit, you receive a PGP signed deposit receipt, indicating the address of the masternode to which you are contributing, the percentage of the masternode’s payout you will receive, and the address to which you will receive those payments. To redeem you DASH, you simply return the welcome message by email, and all your deposits are returned to their sending addresses. (For that reason, it’s important to deposit from a local wallet, and not an exchange.)

  2. Security — Moocow has engineered a “dead man’s switch” system that will ensure all customer funds are returned in case something happens to him. The way his system works is, should any of his session logins remain idle for 30 days, his dead man’s switch monitor will assume something has happened, and will automatically dispatch pre-signed transactions to return customer funds.

So far, so good. I’ve made a couple of deposits, and am regularly (roughly weekly) receiving payments and payment receipts, and earning about 7.5% IRR.

PIVX Staking

The PIVX network applies a dynamic algorithm that shifts the proportion of rewards between stakers and operators of masternodes. An estimation of rewards between the two options can be found at this convenient online calculator. In my case, I chose simplicity over rewards maximization, and went with staking. Following are the details.

One begins by downloading the wallet from the PIVX site. After downloading and installing the wallet, here’s how you get going:

  • From the PIVX-Qt → Preferences → Main area, enable “Start PIVX on system login”—since your wallet can only stake coins when it’s open!—and set “Preferred Automint zPIV Denomination” to a large number like 5000.

Why the 5000 number? Starting in version 3 of the wallet, PIVX introduced their next-generation zPIV “Zerocoin”. At some point in the future, staking zPIV coins will be more profitable than staking PIVX, but at the time of this writing, it’s not possible to stake zPIV at all. So for now, we only want PIVX in the wallet.

By default, the wallet will auto-convert 10% of your received PIVX coins to zPIV, and by entering 5000 in the above setting, we can prevent that from happening. (There’s also a setting you can enter in the pivx.conf file to disable the conversion altogether, but I didn’t want to risk forgetting about that in the future.)

  • From the PIVX-Qt → Preferences → Wallet area, enable “Coin Control”, the purpose of which I’ll explain later in the article.

  • Now do Settings → Encrypt Wallet... and create a password for your wallet.

  • Create a new receive address from the Receive tab, and transfer some PIVX into your wallet (from an exchange, or wherever.)

  • Click (or toggle) the lock icon in the bottom right corner, enter your wallet password, and enable “For anonymization and staking only”. This will allow your wallet to safely keep the wallet unlocked for staking.

After unlocking your wallet for staking, and after the coins in your wallet have received something like 101 confirmations, you’ll see the staking icon (next to the lock icon) become green, indicating that you’re currently staking your coins.

Within a day or so, you should start seeing staking rewards flow in. Yeah! The value of the reward will be a more or less a constant, corresponding the block transaction fees, but the frequency with which you receive them will be a function of the number of coins you are staking and how long you’ve been staking them.

Before concluding this section, there’s a couple of important things to notes:

Backups — If you’ve used an HD (hierarchically deterministic) wallet in the past, like Exodus, you’ve probably gotten accustomed to backing up your private key or mnemonic once, knowing that any time in the future you can recover the wallet, and all its derived addresses, from that original backup. That’s not the case with the current PIVX wallet. In principle, each time you receive staking rewards, or add a new receive address, you should backup your wallet, by doing File → Backup Wallet and giving the backup file the extension “.dat” (e.g. wallet.dat).

I wish that could be automated, but for the moment, I try to remember to backup every week or so.

Input consolidation — Each time you receive a staking reward, it will create an “Unspent Transaction Output”, or UTXO, on the address holding the staked coins. Over time, as the number of UTXOs grows, your wallet file will grow in size, and the wallet software itself may lose stability. This requires some periodic maintenance, called “inputs consolidation”, and here’s how you do that.

  • In the Receive area, create a new receive address.

  • In the Send area, click the “Coin control” button. This will open a window listing all your UTXOs. Click “Select all”, and then then “OK”, to close the window.

  • Back in the Send area, you’ll see the number of selected UTXOs indicated at the top left. At the top right, you’ll see a value representing something like “total value minus transaction fees”. Precisely type that into the “Amount” field. (Maybe the Qt team will pre-fill that in the future.)

  • In the destination field, paste in the receive address you created in the first step, and then click “Send”.

So what we’re doing is sending ourselves the value of all our UTXOs, and consolidating those values into one single address. You’ll have to wait for that self-send transaction to confirm something like 101 times, after which staking will again be enabled, and you’ll have a nice, squeaky-clean wallet (for the time being).

Margin Lending at Bitfinex

In this section, I’m going to discuss the third and final way in which I earn passive income—margin lending.

Bitfinex is one of the world’s largest exchanges, and like many, provides margin to its traders, allowing them to access up to three times the funds they have on deposit. Rather than funding this margin using the exchange’s reserves, Bitfinex have implemented a peer-to-peer system in which Bitfinex customers themselves can provide margin funding, thereby earning interest.

Assuming you trust the platform, the risks associated with margin lending are relatively low. I was affected by the Bitfinex hack a few years ago, and was impressed by the innovative recovery model they put in place, socializing the losses and issuing the BFX tokens with a par value of $1, which they eventually paid back.

Due to that experience, along with observation of the technology and UI innovations they regularly push out, I trust the platform, to an extent at least. However, we should never forget that exchanges are continual targets for hackers, and should weigh that fact when deciding how much of your funds you want to keep lent out on any exchange.

As you can see below, it’s possible to lend everything from USD to any of several cryptocurrencies. The interest rates indicated are daily, so USD loans are currently paying about 5%, while ETC loans, for example, are paying about 18%.

What I’ve observed is that when the price of bitcoin is increasing, the USD lending rates increase, as traders borrow USD to purchase bitcoin now, with the expectation of selling those bitcoins for USD at a higher price later. Upon returning the lent USD, they’re left with a USD profit. Inversely, when the price of bitcoin is dropping, bitcoin lending rates increase, as traders want to borrow bitcoin to sell now for USD, with the expectation of buying them back at a lower price. After returning the lent bitcoin, they are left with a profit in bitcoin.

Since the lending rates of bitcoin and the USD move in opposite directions to each other, I keep some of both continually lent out on the platform. When times are quiet, the lending rates tend to drop to around 5%, and when there are sharp moves in the market of bitcoin, the rates of one or the other can suddenly increase to 50% or more.

There is an area in the left-hand side of the platform where one can make a lending offer:

You can enter a specific daily interest rate, or you can specify to use the “flash-rate”, or FRR, which is a dynamic market rate computed by the platform. As a consequence of most people auto-renewing their loans (see below), the manual offer form provides a “variable FRR” feature allowing you to place an offer for an interest rate that’s some discount to the FRR. The terms of the loans can be anything between two and 30 days.

If you make a manual offer that’s accepted, you’ll need to remember to return to the site when the term expires if you want to try to renew it. There’s a few problems with this. First, your offer might be taken in chunks, by multiple traders. Second, a trader can return the loan at any time. He or she doesn’t have to wait for the term to expire.

For this reason, most people use the auto-renew feature, and set the lending rate to the FRR, in order to allow the platform to determine the current market rate.

With an auto-renewing loan, set at the FRR, you can start lending your money and/or coins, and then forget about it, as the platform will attempt to keep your funds continually lent out at the FRR.

The only downside to auto-renewed lending, is that since most people use it, there is usually a lot of money on offer at the FRR. And those offers are consumed on a first-in-first-out basis, which means your auto-renewing funds will sit un-loaned for a period of time while working their way to the front of the queue. Not the end of the world, of course, but that does result in a slight drag on your potential returns. (To address that problem, and optimize the lending term, I run some custom software that I developed.)

The average interest rate you’ll earn over the period of a year can vary greatly, depending on factors like the market dynamics of the coins, the total availability of funds, and behavior of the lenders. On average, one should expect something between about 5% and, say, 10%.

Update — The CryptoLend service can fully automate lending not only at Bitfinex, but other exchanges as well.

Crypto Lending at Celsius & Compound

Since publishing this article, some new options for earning yield have emerged:

  • Celcius — Celsius loan cryptocurriencies like Bitcoin and Ethereum to hedge funds who want to short the currencies, and require USD collateral of around 120% to 150%. To source the crypto for the loans, they allow their own customers to deposit crypto with Celsius, and they share the yield with their customers. At the time of this writing, they are paying about 3.5% APR on deposited Ethereum, and 3.75% APR on deposited Bitcoin. Currently they pay interest in the deposited currency, but plan to pay in their own token, CEL, at some point in the future. The risks, as I see them, are two-fold: (1) You’re handing over custody to a third party, who in theory could simply run off with it, and (2) if a Celcius customer defaults on their loan, you have to hope Celcius have enough collateral to make you whole.

  • Compound — Compound is a Smart-Contracts based lending platform on the Ethereum network. It seems the yield on various ECR-20 tokens is quite low at the moment (c.a. half a percent). In this case, one would hope the custody risk is less than with a centralized organization like Celcius, but you’re also exposed to the risk of bugs in the smart contracts.


If you’re a long-term investor in cryptocurrencies, there are opportunities to put those held funds to use earning passive income. This article has discussed staking, masternoding and margin lending. I hope you’ve enjoyed it.

Learning about cryptocurrency mining

As a long-term investor in crypto, I want to deeply understand as many aspects of the space as possible. Having started to follow traders and miners like @notsofast, I decided that mining was one such area.

While I’m definitely not someone who’d likely be able to setup a “mining rig”, I did manage to do some mining, and wanted to document what I learned. Also, since there was so much digging around involved in actually getting started, I wanted to pull together the details into the article I wish I’d had available.

So in this post, I’m going to talk about my experience with cloud-based CPU mining, and my experience with cloud-based rental of mining rigs. But first, let’s introduce a couple of key concepts.


For starters, mining is a computational activity in which you calculate hashes in an effort to validate blocks of transactions on the chain of whatever coin you’re trying to mine. The calculation of a hash is performed according to a particular cryptographic hashing algorithm, of which there are several. In the case of bitcoin, the algorithm is called SHA-256.

A hashing algorithm takes any size input, and produces a fixed-length output, from which the input can not be determined. That’s why hashing algorithms are referred to as one-way functions. The process of mining, at least in bitcoin (I haven’t checked if it’s precisely the same for others), involves calculating the hash of a block of transactions, the hash of the block header, hashing those together and looking at the output for something called a “nonce”, which verifies that we’ve found a block.

The miner then broadcasts those hashes to the network, which can verify their work and assign them the reward.


Whether I’m using my laptop computer or a full-bore rig to mine, I only get a reward when I find a block. And that can take a long time. For that reason, mining pools were formed, that aggregate the hashing power of multiple contributors. Whenever the pool discovers a block, the rewards are distributed pro-rata to the pool contributors.

From what I can tell, most mining nowadays is done in pools.


Bitcoin was originally mineable with CPUs on desktop and laptop computers. People later discovered that GPUs (graphics processors) are much better at computing hashes, at which point it became economically uninteresting to mine with CPUs. Finally, task-specific processors called ASICS were produced, which are optimized for the computation of hashes.

There seems to be an order of magnitude in capability between these technologies, with hash power discussed in units of KH/s, MH/s and GH/s, respectively.

As you can imagine, there’s also a cost difference between these technologies. Getting up and running with a GPU “rig” is more expensive than mining on your laptop, and only those willing to make a major investing in mining are using ASICS.

Interestingly, some projects, like Ravencoin, wish to preserve a broader community of miners—i.e. less consolidation of hash power—and design their hashing algorithms to be ASIC-resistant.

Cloud-based CPU mining

Given that I can’t setup a mining rig, my first option for experimenting with mining was to deploy cloud servers (VPSs) at places like DigitalOcean and Scaleway (which even I can do in a few clicks), and then hopefully find some Unix-based CPU mining software.

Fortunately, some Unix-based CPU mining software does exist, and is even designed to allow you to mine a variety of coins, using a variety of hashing algorithms. It’s called cpuminer-multi.

Below are the CLI commands I pieced together to get the software installed and running. This assumes you’ve created a server running Ubuntu 16.04 (the default OS at DigitalOcean, and offered by almost all cloud-server providers) and are logged in as root (and be sure to answer “Y” to any prompts):

Here’s the first command (not sure what it’s doing):

apt-get update

Now we make sure the git version control software is installed:

apt-get install git

Now we install a bunch of stuff that’s going to let us build the cpuminer software on our server:

apt-get install automake autoconf pkg-config libcurl4-openssl-dev libjansson-dev libssl-dev libgmp-dev make g++

Now we download the cpuminer software:

git clone

Now we switch into the cpuminer directory:

cd cpuminer-multi

…and we build the software:


We’re going to launch the cpuminer software inside a screen manager (called “tmux”) so that we can then close our login session if we want:


Finally, it’s time to issue the command to start our miner! As you’ll see, we’re going to be passing in some information (parameters), including the pool where we’re going to mine and how we’ll be identified there.

To mine Ravencoin, I created an account at the Suprnova pool, then created a “worker”, specifying an arbitrary worker name and password. Also, in your Suprnova account, you have to specify a payout address where you want your earnings sent.

So here’s the format of the command you issue inside tmux to start mining Ravencoin at Suprnova:

./cpuminer -a x16r -o stratum+tcp:// -u <user_name>.<worker_name> -p <worker_password>

You can see that the algorithm we’re going to be using is Ravencoin’s “x16r”, which is an algorithm that rotates between 16 algorithms, in an effort to be ASIC-resistant.

There are other pools that don’t require creating an account at all. You simply pass your receiving address in the miner launch command, like this:

./cpuminer -a x16r -o stratum+tcp:// -u <your_Ravencoin_address>

Couple of things before moving on:

  • To escape from tmux, type control-b followed by d. Don’t worry, though, your miner is still running, but it’s safe now to logout of the server if you like. To kill the miner, run top, which will show your miner process at the top, quit out of top with q, and then kill your miner with kill <miner_process_id>.

  • I understand that at Suprnova, you should create a different “worker” for each machine that’s going to be mining in your account. At the pools where you don’t create an account, however, you can mine with multiple machines on the same receive address.

  • Finally, the pools and crypto projects could really help noobs like me by specifying the whole command to start mining. Some just say things “Stratum on port 3636”, and assume you know the rest.

How were the results?

In a word, awful, but that was expected. Using a 16-core “optimized” droplet at DigitalOcean ($320/month or $0.476/hr), I was able to generate 850 KH/s (kilohash per second). Interestingly, with a Scaleway 8-core “bare metal” server ($20/month), I was only able to generate about 65 KH/s. I’m not sure why there’s a 10x difference, given a doubling of cores, but I wasn’t bothered to look into that.

Economically, at DigitalOcean, I was getting about 2.65 H/s/$ (hash per second per dollar), while Scaleway was about 3.25 H/s/$. So one would do slightly better to deploy 13 servers at Scaleway, but, of course, that adds some overhead. (And, as we’ll see below, this is a moot issue anyway.)

Using the DigitalOcean machine, I was mining about 1.74 Ravencoin per hour. With a server cost of $0.476/h, that means I was paying about $0.27 for each Ravencoin.

At the same time, in the #trading channel in Ravencoin’s Discord chat, OTC trades were happening at about 500 Satoshis, or about $0.06 per coin—i.e. 4.5 times cheaper than I was paying through mining. (And those 500 Satoshies represented a 500% price increase with respect to the previous 48 hours, given the news that Overstock had invested in the project!)

So clearly, I’d be better off buying Ravencoin, than mining it. (I noted that almost everybody in the #mining channel were using GPU rigs, and getting MH/s performance.)

The conclusion here is that CPU mining generally makes little economical sense, but it is a convenient way to actually try out and learn about mining.

Before leaving the topic of cloud CPU mining, it should be noted that most cloud-server providers prohibit mining, since most VPSs (virtual private servers) use shared infrastructure, such that your miner software’s consumption of 100% of the CPU, 100% of the time, unfairly impacts other VPS users. At DigitalOcean, for example, they only allow mining on their “optimized” droplets, which use dedicated CPUs, and at Scaleway, you can only mine on the bare metal servers.

(Some providers actually offer GPU cloud-servers. I didn’t experiment with those as their costs are upwards of $1,000 per month, and don’t seem to be available on a per-hour basis. I was actually prepared to try one, but I couldn’t find an answer to the question of whether the software would auto-detect and use the GPU. Since its name is “cpuminer”, my guess was “no”, and I didn’t want to drop $1,000 to find out.)

Renting real mining rigs

The next stop on my mining journey was which offers a marketplace where you can actually rent time on someone else’s mining rig.

At NiceHash, after setting up an account and depositing some bitcoin, you create one or more pool configurations where you want to mine. For this experiment, I chose the IPBC coin that I’d seen @notsofast mention he liked.

Next, you access the “marketplace” under the “For buyers” menu. This screen seemed to be an order-book of offers to rent hash power.

The documentation recommendeds that beginners create “Fixed” offers, as compared to “Standard”, since there’s only two variables under your control—hash power limit, and total cost.

(After entering those two variables, the order window updates with an estimation of how long your mining will last. I think the maximum time allowed is a few days.)

I set the hash power to 0.2 MH/s, and the amount of BTC I wanted to spend on the experiment, and clicked “Place Order”. On my first attempt, the system responded that there were no matching offers. Adjusting the values slightly, though, my offer was accepted and a graph appeared immediately, showing the state of my mining!

I then switched over to the IPBC pool’s website, did a lookup on my IPBC address, and saw that, sure enough, I was contributing about 200 KH/s of mining hash power to the pool! And then I waited.

Each time the pool found an IPBC block, the website would report a proportional payment to me—based on the number of “work shares” I’d contributed—and those payments soon appeared in the IPBC wallet that was running on my Mac.

How were the results?

Better than with CPU mining, for sure, but still not economically interesting. Using NiceHash, I was paying about $0.60 per IPBC coin, while they were selling on the Livecoin exchange for about $0.40.

According to some users on reddit, the people who profit from using services like NiceHash are those who closely monitor the short-term windows when the rental cost movements lag the price movements of coins. (Perhaps that explains why maximum rental duration is specified in units of days, instead of, say, months or years.)

Renting can also make sense for people who want to speculatively mine a brand new coin that’s not listed on an exchange.

Update: After writing this article, I posted another article about how to calculate the breakeven cost of mining a coin, so that you can determine whether or not it’s economically worthwhile to mine with rented hashpower.


I’m really happy to have spent the time and effort to actually do some cryptocurrency mining. In the process, I learned about how mining actually works, I learned about the role of hashing algorithms, and I learned about the economic realities of cloud-based CPU mining, and GPU rental mining.

Hopefully, getting my hands dirty in the trenches will help me to become a better long-term investor in this space. That’s my objective, in any case.

Next stop on the journey, staking and masternodes. Stay tuned!

Does rebalancing an allocation of cryptocurrencies make sense?

One of the features offered by the Prism exchange is the ability to “rebalance” your basket of currencies back to its original allocation. Given an investment vehicle in which you create an allocation, it might seem natural to offer a rebalance feature. But does this make sense?

In Markowitz Portfolio Theory, a portfolio is constructed of multiple, uncorrelated asset classes (in the real world, that means stocks, bonds, precious metals, etc. which, as we know, are not perfectly uncorrelated.) The allocation of the asset classes determines the risk level of the portfolio. For example, 90% stocks and 10% bonds is much riskier than 10% stocks and 90% bonds. It’s assumed that one investor will have different appetite, need and capacity for risk than another, such that there’s no one-size-fits-all allocation.

Over time, as a portfolio deviates from its original allocation, it implicitly deviates from its risk profile. To return it to its risk profile (assuming the characteristics of the asset classes haven’t changed), we can rebalance it. And doing this systematically over time has been shown to also add value, since we’re systematically selling asset classes when they are high, to buy those which have dropped. Many call this the only free lunch in investing.

The extent to which rebalancing makes sense and works, however, is a function of the extent to which the underlying asset classes are uncorrelated, and have a tendency to revert to the mean. So it’s critically important that when one zigs, the other zags. (Interestingly, the accessibility of the modern Exchange Traded Fund (ETF) has increased correlation of a number of asset classes like commodities, with equities and bonds, such that many experts wonder how long rebalancing will continue to be a free lunch.)

And this is why rebalancing doesn’t really make sense in the context of a basket of cryptocurrencies. Although it’s still early, and things can change, currently, as anyone who watches CoinMarketCap will attest, cryptocurrencies appear to be almost perfectly correlated! When you’re selling Bitcoin low, you’re likely going to be buying Ethereum low as well.

So be careful out there—we have to be very careful when blindly applying traditional investing concepts to emerging spaces like crypto. (In that regard, next on my radar is thinking about whether it makes sense to track a marketcap-weighted index of crypto.)


Why ICO self-regulation can’t work

Last week Ryan Selkis proposed a mechanism of ICO self-regulation, to avoid that state authorities like the SEC step in with their own. Reading the piece, my intuition was that the proposal is a good idea, but would never work — in principle.

Imagine that today, in 2018, the consumer protection agency of the US government stood up and expressed concern about the uptick in websites that are popping up on the internet that pose threats to consumers, and advised the website community that it’d better self-regulate; otherwise the agency itself will have to step in and lay down some internet website regulations.

In 2018, we’d collectively roll our eyes, and react with ridicule to the suggestion.

  • We’d note that, in the first place, the internet is global, and that any legal regulations applicable in the United States would simply put website owners there at a competitive disadvantage to the rest of the world, given the cost of compliance (whatever that might be).

  • We’d also note that the sheer number of websites on the internet, and the acceleration of their increasing appearance, would make any attempt at self-regulation as impractical as the hope that every operator of an e-commerce site would add that little “Secured by Verisign” graphic at the bottom of the checkout page. Consumers might have looked for that back in the day, but nobody does today.

  • We’d probably ask the consumer agency what they even mean by “the website community” in the first place?

But we might not have reacted like that in 1998. Back then, website builders considered themselves to be a community. US senators said if things didn’t slow down a bit, they might just shut the damn thing off. And many visionaries believed the appearance of internet “malls” was inevitable, where you go to shop at a variety of “online stores”—not related, of course, but that’s how good we were at envisioning where things were going!

So I believe today’s ICO situation is similar to the internet and the appearance of service-offering websites back in 1998. And just like the evolution of the internet that we’ve all now experienced, I believe the ICO landscape will play out similarly:

  • We’ll eventually have millions of ICOs, given that their issuance is permission-less, and executing on one will become as technically easy as getting a website online is today. The shape and mechanics of ICOs will evolve into derivative things we can’t even imagine, and which will continually widen the gap in similarity between an ICO and the issuance of securities. The sheer scale and complexity will make self-regulation of ICOs as impractical as self-regulation of websites, and will also end the sense we have today that a crypto or ICO “community” is even a thing.

  • The SEC will initially attempt to regulate ICOs—because there’s a clearer mapping of an ICO to a security issuance that there was between a website and anything regulated in 1998—and the consequence will be that, for a period of time, the issuance of ICOs will simply happen outside US borders, and Americans (as well as citizens of other countries whose governments have acted similarly) will be excluded, as we already see happening today. The SEC, under pressure from Americans and the growing difficulty of even articulating what exactly is being regulated, will eventually be forced to roll-back policies in order assuage the disadvantage placed on its citizens.

So my feeling is that an explosion of ICOs, and expansion of their form, is inevitable, and attempts at either self- or governmental regulation are simply wastes of time.