It’s multiple risks, each singly counted. Bitcoin in general is risky for definite reasons: volatility, the possibility that governments will come down hard on it, security of the cryptography it depends on, etc. But any particular method of operating in Bitcoin has its additional risks of the probity and security of those involved. My unconfidence in some of the cryptocurrency dealers I looked at was not simply because they were cryptocurrency dealers.
Yeah, it’s definitely true that it’s an additional risk. My intuition that it’s likely to be a misfiring heuristic lingers, though.
Say any given exchange has a 50% chance of losing or stealing your money, and that it’s independent of the chance Bitcoin succeeds. (That feels pretty pessimistic to me, and the actual track record has been notably better than that.) If you needed 1/10000 credence for success before adding that factor, now you need 1⁄5000. I’m skeptical that any of us are well-calibrated enough to put Bitcoin’s success at higher than 1/10000 but lower than 1⁄5000.
It also seems that it’s unlikely to be uncorrelated. I would expect a higher chance of exchanges working in worlds where Bitcoin is successful. (Because if exchanges are consistently unreliable, that will make Bitcoin less attractive, and because they’re both entangled with difficult-to-observe factors like “the community actually tries to make it work rather than just scamming everyone”.)
This is of course all hindsight, so I could easily be wrong. But it seems definitely true to me that most people have a lot of trouble overcoming conservative heuristics enough for successful “black swan farming”, and paying too much attention to superficial feelings of sketchiness seems likely to be -EV in that context.
Say any given exchange has a 50% chance of losing or stealing your money
Applying a population average to an individual is a course of last resort, especially in a marketplace that contains everything from solidly reliable businesspeople to those who will just take your money and run. One must seek further information about each individual to make a judgement about who can best be trusted.
For example, the reviews I found of one of the exchanges I considered were almost all negative, the main complaint being that it was next to impossible to withdraw funds from it and customer support was uncontactable. The few positive reviews I found read like spam. No-brainer there—avoid.
It also became clear to me that to deal seriously in cryptocoins (and dealing at all is too expensive to do frivolously), you must have your own wallet on your own machine, and not merely have an account with an exchange that holds your coins for you in their own wallet. The track record says that no exchange can be trusted to that extent. The latter is the usual way of handling conventional currency, but that is because banks, funds, etc. are on the whole and by and large, reasonably reliable, notwithstanding notable financial crashes from time to time. (Even then, you need to mitigate the risk by diversifying not just your kinds of investment, but the institutions they are invested with.) You then have to take seriously the security of that wallet, to the point of never exposing it to the internet except as absolutely necessary and for the shortest possible time.
In short, you have to think about specific failure modes and plan against them.
Your post is a good summary of how to have excellent cryptocurrency security, but why is it a requirement to have excellent security? In sentences like this one:
you must have your own wallet on your own machine
Where does the “must” come from? What would happen if you didn’t?
This seems like applying K-selection strategy, in a situation where a r-selection strategy might outperform. I posit that it would have been better to use $10 to buy 5 Bitcoin without substantial consideration of security risk, rather than put $0 in due to worries about security. Yes, you might lose that $10 in all sorts of ways, but that’s the risk you’re signing up to take, and the potential reward makes it worth it.
I bought 200 BTC and lost them in a hack. Later bought 50 ether and kept them in a wallet, so I still have those. In light of that, I’d say security was pretty important!
Security is great! I love security. I recommend hardware wallets if you’re storing a non-trivial amount of crypto.
But the question is about what someone should do when it’s 2011 and they want to buy $10 worth of Bitcoin as a (+EV) lottery ticket. My claim is that, if your goal is “have some Bitcoin”, then the options go like this:
“Buy Bitcoin + implement security best practices” > “Buy Bitcoin without worrying about security” > “Don’t buy Bitcoin”
It’s great if you can get the first one, but it’s irrational to let the existence of the first strategy push you into the third strategy. The second strategy ends up with “maybe some Bitcoin”, which is more Bitcoin then “definitely no Bitcoin”.
For my purposes, I rate the middle option lower than the last. I’m not interested in merely “having some Bitcoin” (or other cryptocurrencies, some of which look more promising going forward). My only reason for doing this is for a significant chance of making some useful amount of money. By “useful” I am roughly thinking in terms of at least 6-figure sums of money. Proper security is essential at that scale, and caution over who I deal with. My currently trifling amount of BTC was only to test the basics of how to do it, and in fact I haven’t yet tested the other half of the matter, i.e. turning BTC back into conventional currency.
a significant chance of making some useful amount of money
It sounds like you’re talking about a different bet than the one the article is about. Gwern’s 0.05% is not “a significant chance”.
I agree that for your totally different case, you should put more effort into security.
[Edit: The 80⁄20 for crypto security is to buy from Coinbase if you’re in the US, or the most credible local exchange if not. If you’re buying altcoins, convert from BTC/ETH on poloniex or shapeshift. Then put it in a hardware wallet such as Trezor or Ledger, with paper copies of your private key in a couple secure locations.]
It’s multiple risks, each singly counted. Bitcoin in general is risky for definite reasons: volatility, the possibility that governments will come down hard on it, security of the cryptography it depends on, etc. But any particular method of operating in Bitcoin has its additional risks of the probity and security of those involved. My unconfidence in some of the cryptocurrency dealers I looked at was not simply because they were cryptocurrency dealers.
Yeah, it’s definitely true that it’s an additional risk. My intuition that it’s likely to be a misfiring heuristic lingers, though.
Say any given exchange has a 50% chance of losing or stealing your money, and that it’s independent of the chance Bitcoin succeeds. (That feels pretty pessimistic to me, and the actual track record has been notably better than that.) If you needed 1/10000 credence for success before adding that factor, now you need 1⁄5000. I’m skeptical that any of us are well-calibrated enough to put Bitcoin’s success at higher than 1/10000 but lower than 1⁄5000.
It also seems that it’s unlikely to be uncorrelated. I would expect a higher chance of exchanges working in worlds where Bitcoin is successful. (Because if exchanges are consistently unreliable, that will make Bitcoin less attractive, and because they’re both entangled with difficult-to-observe factors like “the community actually tries to make it work rather than just scamming everyone”.)
This is of course all hindsight, so I could easily be wrong. But it seems definitely true to me that most people have a lot of trouble overcoming conservative heuristics enough for successful “black swan farming”, and paying too much attention to superficial feelings of sketchiness seems likely to be -EV in that context.
Applying a population average to an individual is a course of last resort, especially in a marketplace that contains everything from solidly reliable businesspeople to those who will just take your money and run. One must seek further information about each individual to make a judgement about who can best be trusted.
For example, the reviews I found of one of the exchanges I considered were almost all negative, the main complaint being that it was next to impossible to withdraw funds from it and customer support was uncontactable. The few positive reviews I found read like spam. No-brainer there—avoid.
It also became clear to me that to deal seriously in cryptocoins (and dealing at all is too expensive to do frivolously), you must have your own wallet on your own machine, and not merely have an account with an exchange that holds your coins for you in their own wallet. The track record says that no exchange can be trusted to that extent. The latter is the usual way of handling conventional currency, but that is because banks, funds, etc. are on the whole and by and large, reasonably reliable, notwithstanding notable financial crashes from time to time. (Even then, you need to mitigate the risk by diversifying not just your kinds of investment, but the institutions they are invested with.) You then have to take seriously the security of that wallet, to the point of never exposing it to the internet except as absolutely necessary and for the shortest possible time.
In short, you have to think about specific failure modes and plan against them.
Your post is a good summary of how to have excellent cryptocurrency security, but why is it a requirement to have excellent security? In sentences like this one:
Where does the “must” come from? What would happen if you didn’t?
This seems like applying K-selection strategy, in a situation where a r-selection strategy might outperform. I posit that it would have been better to use $10 to buy 5 Bitcoin without substantial consideration of security risk, rather than put $0 in due to worries about security. Yes, you might lose that $10 in all sorts of ways, but that’s the risk you’re signing up to take, and the potential reward makes it worth it.
I bought 200 BTC and lost them in a hack. Later bought 50 ether and kept them in a wallet, so I still have those. In light of that, I’d say security was pretty important!
Security is great! I love security. I recommend hardware wallets if you’re storing a non-trivial amount of crypto.
But the question is about what someone should do when it’s 2011 and they want to buy $10 worth of Bitcoin as a (+EV) lottery ticket. My claim is that, if your goal is “have some Bitcoin”, then the options go like this:
“Buy Bitcoin + implement security best practices” > “Buy Bitcoin without worrying about security” > “Don’t buy Bitcoin”
It’s great if you can get the first one, but it’s irrational to let the existence of the first strategy push you into the third strategy. The second strategy ends up with “maybe some Bitcoin”, which is more Bitcoin then “definitely no Bitcoin”.
Th easiest way to buy Bitcoin was MtGox for a long time and anybody who just kept the Bitcoins at MtGox lost them afterwards.
Yep! When you make 1000-to-1 bets, usually you lose.
For my purposes, I rate the middle option lower than the last. I’m not interested in merely “having some Bitcoin” (or other cryptocurrencies, some of which look more promising going forward). My only reason for doing this is for a significant chance of making some useful amount of money. By “useful” I am roughly thinking in terms of at least 6-figure sums of money. Proper security is essential at that scale, and caution over who I deal with. My currently trifling amount of BTC was only to test the basics of how to do it, and in fact I haven’t yet tested the other half of the matter, i.e. turning BTC back into conventional currency.
It sounds like you’re talking about a different bet than the one the article is about. Gwern’s 0.05% is not “a significant chance”.
I agree that for your totally different case, you should put more effort into security.
[Edit: The 80⁄20 for crypto security is to buy from Coinbase if you’re in the US, or the most credible local exchange if not. If you’re buying altcoins, convert from BTC/ETH on poloniex or shapeshift. Then put it in a hardware wallet such as Trezor or Ledger, with paper copies of your private key in a couple secure locations.]