Welcome everyone to another episode of the GoldSilver Bitcoin Show brought to you by
GoldSilverBitcoin.com. We are more than honored to be sitting down today with Jameson Lopp.
Jameson is the co-founder and CTO of CASA. He's an OG in the Bitcoin space. I've known his name
for many, many years now. Thank you so much, Jameson, for joining us today.
You bet. Glad to be here.
Pleasures all are. So you just actually published on January 4th, Bitcoin 2021 annual review,
and it was a big year for Bitcoin. What were some of the main events that you highlighted
in that annual review? Well, the main point that I usually try to get at with these annual reviews
where I think I have dozens, if not a hundred different metrics that I track is that most
people only look at the price. And I consider the price to be kind of a lagging overall metric of
adoption, but there's many, many other things that we can look at. And really one of the interesting
things I think that we saw, at least with Bitcoin and the on-chain metrics that are easier to look
at is that we've seen continued increase of adoption just in the amount of money that's
being sent through the network. I think some people were saying that it has surpassed like visa level
scale of volume. And it's pretty interesting considering this is just an open project run
by a bunch of volunteers. How's it been watching this open project run by volunteers evolve over
the many years you've been in Bitcoin and maybe address how you got into Bitcoin?
Well, it's always, I guess, a little surprising the pace of adoption that we can see. It's not
the first time that I've been kind of riding an early wave of adoption. I've actually seen a lot
of similarities to what happened in the big data and cloud computing space back in the late 2000s,
where when I first started being interested in it and working in the industry, almost nobody even
knew what it was. And after a few years and more adoption happening, we started seeing conferences,
we started seeing lots of new startups. And I've seen that same type of thing play out with Bitcoin,
with the industry as a whole, the ecosystem that's building up around cryptographic assets,
just continuing to evolve at a faster and faster pace. And so I know you said you like to focus
on Bitcoin, I focus on Bitcoin. And part of the reason for that is just the fact that I don't have
the time to keep up with everything. It was similar to other tech spheres that I've been in
is that eventually, you have a limited amount of time that you can focus on learning and keeping
up with stuff. And then eventually you find yourself having to just choose a fairly narrow
silo if you want to have decent depth of knowledge in something. If I even tried to keep up with the
thousands or tens of thousands of crypto projects out there, I'd be spread so thin that I wouldn't
really be able to talk eloquently about any of them. What should people know about Bitcoin
generally? You've been able to focus on it and dive in. I chose to focus on Bitcoin after coming
to the space, after studying history, becoming interested in financial history, discovering
alternative assets, gold and silver at that point really. And then by 2012, diving into the deep end
of Bitcoin, because I see it making history, world history with the adoption of El Salvador, etc.
I feel that as you stated, there's enough going on in Bitcoin for one person to focus on and
be consumed all day. So can you speak to diving in deep with Bitcoin, especially from a technological
point of view? What have you learned about it? What's changed about it over the years?
Yeah, it's been, I think, regularly surprising as we've had different conflicts, as we've had
different types of adoption. Each cycle seems to be slightly different. There are obvious
waves of adoption and cycles, but they don't repeat themselves perfectly. It's more of a rhyming type
of thing. So in general, Bitcoin has continued operating for over a decade now with a really
high level of robustness, resilience, despite having even some of the most powerful countries
in the world stand up and try to crush it. And that was one of the big, I think, milestones
of 2021 was seeing China for the millionth time ban Bitcoin, but this time to really do it
for real. And finally, and you kick all the miners out and tell them that they couldn't
do anything. And this was, for many years, considered to be a potential catastrophic
situation for the Bitcoin network, where people were afraid that it could cause massive outages
and network instability. But what we really saw was once again, yet another major stressor event
that people had only theorized about for many years actually played out. And once again,
the decentralization and anti-fragility of this network, which is basically a result of the fact
that it's just an open project run by a bunch of volunteers who are all over the world, allowed it
to recover from that major stressor within a matter of months. And we can look at the
charts of the hash rate and see, even though over half the hash rate disappeared in a very
short period of time, it all ended up coming back. And this is because the game theory and
the rules around the Bitcoin network, they're fairly simple and straightforward, easy to
understand, and yet almost impossible to break or to game. And those simple rules have continued
keeping the network chugging along for over a decade. What about Bitcoin's game theory
excites you most? I think the exciting thing about blockchain in general is it's probably
pushed our understanding of particularly, I guess, digital game theory to new horizons.
What about Bitcoin's game theory specifically excites you?
Well, at this point, a lot of the stuff around the technical aspects, I think we have enough history
that we can be fairly assured that things are going to keep going along smoothly there. And now
I think the new frontiers are more interesting when we think about the game theory that has not
really been tested yet. And I think the final frontier is nation-state level geopolitical
consequences. And that's one of the exciting things that is happening now with El Salvador
being the first nation to go forward with making it a legal tender is you have to start thinking
about the game theory there of what happens if it's really only the first domino? What happens if
other countries who find themselves in a similar situation of not having their own sovereign
monetary system and basically operating under the whim of some central bankers in some other
country that they may despise, start saying, hey, maybe this Bitcoin thing is actually a better,
fairer alternative than the current regime that we're kind of oppressed and living under?
Many people argue that we're heading into a time of fiat currency crises and that this is
just the beginning. We saw El Salvador already at the beginning of this century adopt the US dollar
while it was going through a peso, I believe, crisis. And now we see that it's adopted Bitcoin
to further insulate itself from any further currency crises in the dollar and otherwise.
And they cited in the law central banking activities as one of the reasons why they
had to do this. Now, what I find interesting is that if we are going to experience currency
crisis after currency crisis and poor nations are going to experience this first, there may
have been an alternative timeline or set of scenarios in which they began adopting the US
dollar in order to insulate themselves from their own currencies being devalued. And now
things might have changed so much that they might instead jump over the dollar, follow El Salvador's
lead and adopt Bitcoin instead of the dollar, which changes geopolitical game theory quite
significantly. We've seen IMF say that urge El Salvador to drop Bitcoin as legal tender. And I
don't know if that's political theater or not, but it certainly is significant historically.
Do you have any thoughts on any of that?
Yeah, there's also, I think the question of what of the other first world nations. I think there
have, there's been some news recently, you talk of basically Russia and China entering into new
pacts. It's, there's the question of what happens with the dollar or more specifically the petrodollar
if eventually the petrodollar collapses as being, you know, the main currency used for oil, energy,
and so on and so forth, and what arises out of that chaos? And perhaps it just means that the other
top tier nation state currencies just gain more equal footing. It may also mean that that's just
another opening for Bitcoin to enter into the fray. And this is something it's, it's hard to
really speculate as to exactly which way it's going to go. The only real thing that I'm sure of is
that Bitcoin will remain a viable option. The only question in my head is, you know, how many
other entities start to realize that it's something worth actually trying. And that's why I think the
El Salvador story is very important that, you know, we really, and by we, I mean, anyone who's
interested in Bitcoin, try to contribute anything that they can to help the El Salvador story play
out well, because, you know, we want to set a strong precedent there.
And I believe that includes putting pressure on Buccalay himself to, I guess,
recognize some of these embedded values in Bitcoin and practice them. And I don't think he always
has for various reasons of dating back to before he adopted Bitcoin. So now you've created LOP's
threat index and you analyze the top five Bitcoin security threats. Can you say, and you, you lay
them out as accidental loss, digital theft and attack, government seizure, physical theft and
attack, and surprise threat inheritance planning. Could you lay out LOP's threat index?
Well, the, the short version to this, you know, after spending the last couple of months,
working full time on Bitcoin, self-custody and key management and all of the security stuff around
that is that you hear a lot about these, you know, high profile hacks, thefts, what have you, you
know, those are the things that make it in the news. What you don't really hear about is the less
sexy, but much more common foot gun, you know, that's what you hear a lot about.
Which is the million different ways that you as a Bitcoin holder can just screw up and lock
yourself out of your own money for the rest of time. And so when we think about Bitcoin and
private key security at Casa, we are actually as a primary focus trying to protect our clients from
themselves. And so that means thinking about things like trying to automate backup schemes, trying to
put them in a position where they're using multiple different keys, so they have additional
redundancy. So if, if one gets lost or stolen, it's not a, you know, catastrophic loss type of
event. And, you know, from the the metrics, if we look on chain and try to guess, you know, how
many coins have been lost because they haven't been spent in many years, there's a pretty good
chance that three or 4 million Bitcoin are basically lost forever and never going to be
recovered. And that actually pales in comparison to the like 2 million or less Bitcoin that have
been stolen over the years. And I'm also I'm, you know, continually tracking both the digital
hacks and thefts and the physical attacks, which are even rare, but you know, interesting to talk
about. And just from a total like proportion, or volume of Bitcoin per year, it's actually going
down significantly year over year, like the total number of Bitcoin that gets stolen keep going
down. And I do attribute that to us continuing to improve usability and security. And so I think
to improve usability and security around key management. Can you talk a little bit about the
physical attacks and how they played out? Yeah, so we are aware of maybe around 80 physical attacks
through over the entire history. In reality, it's probably anywhere from three to 10, if not more
times, as many physical attacks, because I suspect that the vast majority of people who do get
physically attacked do not talk about it. They don't go to the media, they don't make a big public
stink about it, because they don't want to attract even more attention to themselves and the fact
that they had some vulnerability that got exploited. But a lot of these tend to be people who are doing
more risky behavior, which is, you know, engaging in like, face to face peer to peer trades, where
you might be meeting someone and doing a like, you know, duffel bag full of cash exchange for Bitcoin
type of thing. That's risky behavior. You know, if you're going to engage in that, you need to have
really strong security precautions in place and not just be meeting up with randos who might then
just stick a gun in your face. We're also seeing a slight rise in home invasion attacks. And I think
part of that may be attributable to a lot of the the leaks that have happened, where just a lot of
like physical addresses of people who are crypto owners get put out onto the dark net, and those
get scooped up and used mostly for stuff like phishing. But I suspect also, for some physical
attacks to just show up at that address and see what people can get. But this is an ongoing
dynamic situation, which will, I think, continue to become more prevalent. As we go through more
waves of adoption, then necessarily what happens is Bitcoin gets on the radar of more criminals
who are willing to commit physical acts of violence. And they're essentially testing
the waters to try to figure out what is the risk and reward of me going up and trying to
rob a known Bitcoin holder versus robbing a gas station or a bank or what have you.
What do people need? And this goes for El Salvador too. I mean, that's a dangerous place to be
walking around outside once you just wander out of Bitcoin city, I suppose. And that's just
reality. It kind of sounds like a cliche that El Salvador is dangerous and everyone says it,
but when you walk around the second world or third world country, it's much different than
walking around, well, maybe not today, but it's much different than walking around middle America
somewhere. And I have experienced that firsthand walking around in Mexico. There's certain things
that you just don't do. Walking around at night is one. And if you are walking around at night,
you stay on the well-lit streets where there's lots of tourists and activity and you don't meander
down any of the alleyways. It's common sense like that. I think that you can forget when you're just
out having fun, not thinking about your surroundings and keeping an eye over your shoulder. Can you
speak to what people can do practically speaking in order to ensure that they don't become a victim
of their own incompetence and lose their Bitcoin? Right. So when we talk about security, it's never
any one thing. You want to think of security as layered defenses. So the outermost layer of defense,
I think, for any Bitcoin holder should actually be privacy. Preferably, you should not be going
around shouting, hey, I've got a bunch of Bitcoin. If you do share with people that you have a
substantial amount of wealth in Bitcoin, then it should only be really people that you trust with
your life because that's the type of thing that some people just will like to gossip about.
And so it can very easily spread out beyond the sphere of people who you trust and end up
with you on somebody's radar that you don't want to be on. So first step is just privacy to prevent
yourself from becoming a target. For those of us who are more public, this is really the reason
why I got attacked and had a SWAT team come to my house a number of years ago is because I'm a very
public persona and I attracted the attention of the wrong person. For those people who are out
there publicly with their real name, then you have to look at the things like your physical security
of your residence and your sort of day to day activity, multiple layers, both at your residence
and then around the actual keys themselves. And the short version to what we call the $5 wrench
attack, the short version to how do you protect your Bitcoin from essentially being coerced
from you is that the only foolproof solution to that is to not have direct access to it.
By which I mean, you don't keep all of your money on Bitcoin that is just like in a treasure or a
ledger in a safe in your house. That's a single point of failure that's just asking for trouble.
At the very least, you know, keep that off site somewhere that requires, you know, traveling
to actually get to. If you want to go to the more extreme level, which is really the type of setup
that CASA makes easy for people to get into, then you're actually going to want a multi key solution
where you have to have authorization and cryptographic signatures from multiple different
keys that you then have physically distributed around in different locations that have different
types of physical security around them. And at that point, it just becomes a question of
what is the level of trade off that you're willing to make between convenience and security?
That's really most of the decisions come down to convenience for security. So, you know, the most
convenient is, like I said, you know, have your wallet in a safe in your house. It's pretty easy
to get to. That can become a problem. The extreme opposite end of that, which we have some clients
do, is you have five different devices and they're literally spread out across different continents
that require airplane flights to get to. So, you know, a lot of people are somewhere in between
those two extremes, but you have a lot of options of what to do with your keys. You just have to sit
down and think about it. Okay. I see that on your website, you did sort of a bunch of things,
sort of a post-mortem on your swatting experience. So, can you speak to that experience and what you
learned about it after the conclusion of your four year long investigation in pursuit of the person
behind the extortion attempt? Yeah. So, the short version of what happens with swatting is just that
the vast majority of people, it's very easy to find your physical address. Like, unless you have
taken a lot of measures over the years, then your name and physical address are probably in numerous
different databases. And it's probably just a simple Google search or tax record search.
Or if that isn't the case, one of a dozen different, you know, people searching engines,
you can pay $20 to that will essentially dump all of the information that they've aggregated on you
over the years. So, if you aren't like really privacy conscious upfront, then you should assume
that someone with even a modest amount of interest can find your physical location.
And then to actually pull off something like this only requires a small amount of technical expertise
to be able to create essentially a throw away virtual phone number that they can then use to
call up your local police department. And they just have to say a few key words, you know,
basically say, you know, someone's life is in danger, and this is, you know, my name and address,
come and get me. So, those saying the right keywords really triggers bureaucracy at your
local law enforcement that if a certain threat level is exceeded, then you know, they have to
send out the, you know, armed response team that takes the most extreme precautions because they
believe someone's life is in imminent danger. And, you know, it's a crazy level of asymmetry
there where someone can basically spend 20, $30 and be able to have tens, if not hundreds of
thousands of dollars of law enforcement resources directed at you with very little physical risk to
themselves. Then, thankfully, you know, that situation resolved without anyone getting hurt.
And there have been a few situations where innocent victims were actually killed because
the police thought that they were, you know, armed criminals and they shot them. And, you know,
the next several years of me trying to get a conclusion to this, basically get some justice,
was an extremely long and drawn out and boring process of me having to spend tens of thousands
of dollars of my own resources on private investigators and attorneys and, you know,
speaking, putting out a bounty and collecting tips and, you know, speaking to potential witnesses.
And the short version of all of that is that it is incredibly difficult to pursue justice,
at least in the United States. If it's a crime where no one got, you know, physically killed
or injured, then, you know, these type of like extortion and threats and, you know, less violent
types of crimes don't really get a high level of attention or prioritization from law enforcement.
So that's why it took me years to collect enough evidence that we were then able to get the
attention of the FBI. And then the crazy thing was the FBI found the guy and handed it over to the
local federal district attorney who then declined to prosecute the case because the attacker was a
minor at the time and apparently they figured it wasn't worth it because they wouldn't get a harsh
enough sentence. So then we had to go through, you know, a whole bunch of other hoops to basically
get the state district attorney to pick it up and eventually got, you know, a charge and a guilty
plea and all that. But, you know, it was pretty much a slap on the wrist for the guy because he
had no other offenses and, you know, he was a minor at the time. So basically got probation and
a few other court mandated things that he had to do.
With this trail of where we've lived, of who our family members are that are available
online with a quick swipe of a credit card or inputting of that information,
what can we do in order to kind of make our lives more private?
Well, the good news is that you can start off small. You don't have to go to the extreme
like I did. But if anyone is really interested in just learning what all of the different options
are for improving your privacy in many different aspects of your life, I recommend buying Michael
Bezel's Extreme Privacy Guide on Amazon. I think it's around $40, totally worth it. It's like 550
pages. And it'll tell it'll have a chapter on every different aspect of your life, you know,
setting up your computer, your phone, how to deal with just day to day internet browsing,
you're using VPNs and ad blockers and stuff. And so, you know, you can start off small.
You know, I would suggest just spending a few hours on the weekend, hardening your
computer and your phone, your ad blockers and VPNs are a good start. They don't take a whole
lot of work. The real the final like extreme side of it is going to the point of trying to
disassociate your name from your physical address. And that's where you start going down the road of
having to create legal entities and essentially hiring people to act as proxies for you.
And just as a simple starting point, I suppose using a P.O. box, first and foremost, might be
one simple step originally to kind of divorce your address from your name.
Yeah, that and if you're in the US, setting up virtual credit cards, I'm a fan of privacy.com,
where you can basically create a different virtual credit card for every merchant that
you interact with. That's good, not only for privacy, but also your security, you don't have
to worry about, you know, every merchant you've ever interacted with potentially getting compromised
and, you know, wiping out your credit card information. So the nice thing about that,
too, is that those cards, they will they will work and allow you to charge them against any
address you can put in complete junk addresses and the card will still get accepted. So that's
really helpful, I find when you're buying just digital stuff, you know, when you're not having
something physically shipped to you. Why give an address if there's no actual, you know, physical
good that you have to pick up? Can you speak to the swatting event itself and what that was like?
Well, you know, I wasn't really sure what was happening because I actually wasn't home when
the call came in. I was I was out at the gym. And I was trying to get back into my house and the
police had barricaded off the neighborhood. So it was really confusing because they told me I
couldn't get into my own neighborhood, because there was a potential active shooter situation.
And I actually took like 1520 minutes before we figured out that they were actually looking for
me. And at that point, I think they I think they already suspected that it might have been a false
call. But at that point, you know, I just had to go have a chat in the mobile command unit to explain
to them what was going on. They detain you? Or did they? No, no. You know, I think it was very clear
to them that I was not walking around holding any weapons. It was a little awkward because they
really wanted to clear my house. And, you know, I had a dog that doesn't like strangers. I didn't
want, you know, a dozen guys with rifles going through my house, potentially fearing further
life from my dog. And and it was actually additionally nerve wracking for me because
I actually did have a bunch of guns that were just laying around in my living room because I had been
to the shooting range the day before, and I was waiting to, you know, clean and oil them before
putting them away. So when they they said they wanted to go through my house, I was like, Oh,
no, they're going to find, you know, like, 10 rifles laying out on the floor and wondering, Oh,
you know, was this really a legit call after all? So thankfully, they decided that they did not have,
I guess, sufficient evidence to force their way to my house when I decline politely declined
that having my house searched.
That's a big step and certainly well within your rights. Was it hard to exercise that right?
Thankfully, no. You know, the they they tried to kind of slide it in of like, would you be okay,
you know, if we check out your house? And I was like, No, I think I'm okay. I don't need anybody
to kill it. They didn't press it. I think they may be asked two or three times, but they didn't
really try to put any pressure on me. I think they, I felt like they just felt like they wanted to
have done something, you know, and not feel like the whole thing was a complete waste of time,
which of course it was.
So once you've reinforced your privacy and you begin looking for the attackers, like, what do
you do? Like, I guess you're filled with a little bit of anger and like, what are the first steps
to trying to reverse engineer what had happened?
Yeah, well, I mean, I waited almost a year before actively going on the hunt, because I spent that
entire year burning down my entire life and recreating it, moving it, moving to a new location,
you know, acquiring the new property with corporations that were not connected to my name.
And even after I had done all of that, I was still very nervous. You know, I paid some private
investigators to basically try to, you know, attack me or try to find me. And thankfully, they
were not able to. So I was feeling a little bit more confident, but it's still, you know, you're
still very nervous about this, because there's no way for you to really know, you know, is someone
going to be able to find me.
But the first thing that I did once I felt fairly confident was I published a blog post that
basically said, you know, this is everything that happened one year ago, and I need information.
And I basically posted a bounty for information. And I was like, okay, I'm going to try to find
you. I posted a bounty for information. And a fair amount of anonymous tips started flowing in.
But then it, I don't know, it really turned into a nightmare on the legal side.
Because it was hard to find attorneys who are, I guess, prosecutor attorneys who don't work for
the state. It seems like all the prosecutors work for the state, and then all of the private
attorneys are defense attorneys. And so I would call up, you know, a dozen different attorneys,
explain the situation. And they're like, well, you know, you're not being charged with anything.
You're not a defense client that, you know, will be paying us hundreds of thousands of dollars.
So we don't really have time for you. So it was very hard to find the right attorney,
because it was such an odd situation of me like pursuing my own justice.
And then even once I did that, it was incredibly difficult for us to get attention
at the FBI. And, and also difficult because all of the the tips that I got were anonymous.
And basically none of these people because obviously they were like associates of the attacker,
none of them wanted to come forward with the real identity and you'll be a witness, you know,
on the stand and all this other stuff. So the sort of credibility wasn't all there though,
you know, after getting a dozen different anonymous tips and seeing certain patterns
between them, it was clear that, you know, some of these things were likely accurate.
But it was just a long slog because it was such an odd situation. It was a unique,
a unique path that meant there weren't many other resources out there to help guide me down it.
These are pretty, and then ultimately the person was found in the district attorney's office
would now prosecute. And these are pretty serious charges that he ultimately would plead guilty to
extortion, which is a felony of the third degree telecommunications fraud, a felony of the fourth
degree and inducing panic, a misdemeanor of the first degree. Can you speak to like the DA not
prosecuting? Well, yeah. Well, I never got to talk to the federal DA. It was basically explained
to me that the federal system doesn't really have like a juvenile justice. And that in general,
like juveniles at the federal level don't really get much punishment, if at all. So
basically what it came down to was the fact that, you know, there was a juvenile justice system
at the state level, and they did have the time and resources and interests in prosecuting this.
But even, you know, thankfully, we didn't have to go through a whole trial or anything, like once
the guy had the FBI show up at his door, he just admitted to everything. But just due to the way
the juvenile justice system works, if you're a first time offender, and it's a nonviolent thing,
you know, you're probably just going to get some probation, which is basically what happened here.
So, you know, hopefully he straightens up and gets his life back on track.
What lessons did you learn from this experience?
I would say the biggest takeaway is what can happen as a result of the internet age,
if you will. The whole thing about like swatting or being like attacked by sort of
off the wall people who are willing to stalk you and threaten you, that's it's not necessarily a
new thing. What's new is who is vulnerable to it. And by that I mean, originally, these type of
things only really happened to mega celebrities, superstars, because it's sort of a law of large
numbers thing. You know, if you have an audience of millions of people, then statistically, there's
going to be a few crackpots, a few people who are willing to do stuff that you would consider
irrational or immoral or what have you. And so the difference now is that anyone with an internet
connection can find themselves becoming a sort of micro celebrity overnight. There's plenty of
examples of this. But you know, everybody today knows what it means to go viral. You can be a
nobody one day and have either like one funny or outrageous or whatever tweet or TikTok or, you know,
small social media clip that goes viral and gets seen by hundreds of millions of people. And, you
know, hopefully it's something that makes them laugh. But sometimes it's something controversial
that pisses off tens of millions of people. And if that attracts the attention of someone who gets
so upset that they're willing to do something threatening or violent about that, then that's
when you can find your life really changing overnight, where it's really your threat model
that also changes is that, you know, I never really considered the threat that someone
might want to swap me. I figured I was just, you know, somebody posting a lot of stuff on Twitter,
they're like mostly technical stuff that, you know, wasn't that interesting to the mainstream
attention. But the point is that you never know what little bit of information you might put out
there that might trigger somebody. And if you trigger the wrong person, and you attract their
attention and they're willing to do something, then all of a sudden you now are potentially
a victim. And it kind of goes back to, you know, what you were saying earlier on is,
you know, when you're talking about physical security, you don't walk through the unlit
streets of Mexico in the middle of the night, if you're not a local who doesn't understand,
you know, the culture and the language and so on and so forth, it's kind of the same thing now,
where if you're going to be, you know, walking through the dark alleys of the internet,
you need to be aware that you may become a target, even if you don't think that you're
someone who's worthwhile being a target. So moving on, I want to speak a little bit about
security threats in Bitcoin itself a little bit more. So you've covered on your blog,
the threat of quantum computing to Bitcoin, I believe. Could you kind of lay this out to
people and is it a real threat? Yeah, this is something that has been coming up for at least,
I think, six or seven years. When we talk about low-level cryptography that secures the protocol,
and, you know, some of those cryptographic functions are this public-private key cryptography,
where the whole idea is that you can put your public address, you know, out on the internet,
and people can send money to it, but that does not allow them to steal your money. You have to have
that private key in order to be able to create a cryptographic signature that creates a valid
transaction that will get accepted by the network. Now, there are some potential attacks that can
happen against this public-private key cryptography if you have a sufficiently fast computer. And by
sufficiently fast, we're talking, you know, many, many orders of magnitude faster than any current
computer that's available. But quantum computers could potentially leapfrog and hit the level of
computational power necessary to essentially to reverse engineer a private key from a public key.
So eventually, all cryptography gets broken. This is something that, you know, it's going to happen
eventually, but probably not for decades. And that's what I think people get kind of nervous
about is you might hear some fud that says, oh, you know, scientists are making advances with
quantum computing, and it may only be another couple of years before Bitcoin gets completely
broken. But I think the important thing to note is perspective, that if there was a quantum computing
breakthrough that was able to completely break and reverse public-private key cryptography,
Bitcoin would not be like the most valuable target there. Basically, all financial infrastructure
would become a target. You know, many of the different cryptographic functions that secure
different aspects of internet protocols would be under threat. And so this is the type of thing
that people in the cryptography field are aware of, and they keep an eye out for. And it's not
likely to be something that happens overnight. Rather, it's something that we expect to see
continual progress over a many year period. And we expect to have many, many years of heads up
that this threat is looming. So there will be plenty of time, I think, for people to upgrade to
quantum resistant cryptography. You cover on your blog that the network has seen a
node syncing performance drop. Could you speak to that? Yeah, kind of. This was getting really
down in the technical weeds. So I test node implementations and doing a full validation
sync every year just to see if they're getting faster or slower or whatnot. And while the
software itself is getting more efficient from a computation efficiency and disk efficiency
perspective, I noticed that there was an issue a few months ago with just the network syncing.
And I didn't think that it was an issue with my bandwidth at my house, my ISP, like all of my
other tests seemed to indicate that that was doing fine. And what I ended up doing is some analysis
of basically all of the nodes that I could talk to across the network, which is a little over 5,000
nodes just on the IPv4, which is what you might consider like the standard network. There's
actually several different networks that you can run a node on. And what I really found is that a
lot of them are just really slow to try to pull data off of. And my best guess is that this is
just because residential connections, even if you have a really fast download speed, the upload
speed tends to be one tenth, if not less, of your download speed. It's just stupid asymmetry that
cable and DSL providers tend to put a cap on there, even though it's technically feasible for them to
go higher. So if you can get fiber internet, run a node on that. That's good advice. And then you
also cover on the blog, before you covered whether or not the Bitcoin network itself was slowing
down, you discussed, and I think this is a hot topic right now, how the 21 million Bitcoin cap
is defined and enforced. This has become a massive point of adoption for Bitcoin. Is this 21 million
Bitcoin cap? It makes it unlike any other commodity or asset on the planet. Can you speak to this deep
dive into the code that keeps Bitcoin's inflation rate on this predictable schedule?
Yeah. So the synopsis of that is that it really comes down to about five lines of code. And I
think I probably wrote about 1500 or 2000 words going into these handful of lines of code and
how they work. But the main takeaway with the limit and the enforcement that I was trying to
get people to understand is that the nodes themselves and the protocol and the software,
it doesn't work by actually checking how many Bitcoins exist. There's no checks in the code
that say, hey, are there fewer than 21 million Bitcoin? Or are there fewer than 19 million,
200,000, whatever, how many exist right now? Rather, what the code is doing is it's acting
more as a limiting function. Basically, with each block, these five lines of code are just saying,
okay, make sure that we're not creating more than the expected number of Bitcoin in this block.
And the idea behind why that works is that you can just think of it as kind of like an
aggregate targeting function. As long as we can enforce the cap and we know it's below that,
then there's no need for us to constantly be summing up all the values of all the Bitcoin
and making sure that it's less than the expected amount. So basically, it's a more efficient way
of ensuring that limit that it's implicit rather than explicit, which is what I think people
generally assume. So people generally assume that there are regular checks.
Yeah. And so it is possible, of course, to do an explicit check. There's a function you can actually
call against your node that will do that, but it will take a couple of minutes to run because it
has to read about 80 million unspent transaction outputs off of the disk and you sum up the value
of all of the Satoshis in them and then it can output what the current number of coins is.
Could this be changed? And if so, how? Could Bitcoin's max supply of 21 million
Bitcoins be changed? Yeah, absolutely. Anything within the protocol can theoretically be changed
because it's just software. You can download the software, change any aspect about it that you
want to and recompile it and run it. And now you have changed that. But when people say,
can it be changed? What they really mean is, can it be forced or changed at a global level for
everyone? And the answer to that is no, not unless you consent to it and you modify your software
to have those same changes. So this turns into less of a technical discussion and more of a game
theory and incentives discussion of why would people want to change it to be a different limit?
We've seen this happen in the past. I think in 2013, there was some sort of issue perhaps
with a new Bitcoin Core version, I think, if I'm not mistaken. This was 10 years ago, actually,
almost. And so I'm just calling this for memory. And so essentially, everyone that wanted to just
use an older version of Bitcoin Core, I believe is how that resolved itself. Could you explain
the process by which everyone would basically consent to upgrading or changing Bitcoin's code,
especially as it relates to something like the Supply Cow? Yeah. There were a few notable
incidents. The 2013 fork was due to a really obscure difference in how the database locking
operations, I think, were happening on different types of operating systems. And that resulted in
some miners creating a block that other miners thought was invalid because they basically
computed the total number of operations differently. And what happened there was actually
a pretty simple fallback of a bunch of the miners and developers got together on a chat room and
said, look, this is the issue. Obviously, we're going to fix it in the code, but the fastest,
simplest solution to get everyone back on the same fork of the chain is for the people on this
version of the code just to change back to the old version so we're all running the exact same code.
And then a month or two later, a new version of the software that fixed that particular
discrepancy got pushed out. Back in, I think it was either late 2009 or early 2010, there was an
inflation bug that was exploited and someone created 100 billion Bitcoin out of thin air,
essentially by exploiting this overflow issue that was not correctly checked in the code.
And what happened there was at the time, Satoshi was the lead developer and he basically said,
look, this is the problem. I already fixed the code. And he put out a new version of the software
and everybody updated to that. And it essentially invalidated that block and that transaction.
So people fell back to the block before it and started going forward again. It would be a lot
harder to do something like that today simply because there are so many more people and
businesses and stuff that are running the node software. But in a sufficiently dire
emergency situation, everyone like myself and people running other businesses, people who
are paying attention would come together and say, we need to do something about this.
So the incentives are there. We're talking about a trillion dollar ecosystem at this point. So
there are plenty of people who are paying attention. What does Bitcoin mean to you, Jameson?
Well, at the very core, Bitcoin is freedom of economic interaction.
It is freedom from the arbitrary manipulation by third parties. It's basically an open project
where anyone who wants to can try to work to create the optimal form of money. And
it's not perfect. There are certainly plenty of deficiencies, but I think that it's also overcome
a lot of challenges that few people expected it to be able to. And while there are many different
technical and game theory reasons for why the system is robust and has been operating
so reliably for the past decade, the underpinning of Bitcoin is all of the people who care enough
about it to pay attention and contribute whatever skills and resources they have. And it's that
diversity of different people and perspectives and resources that is ultimately what makes the
system anti-fragile. Or even if there is some major catastrophic events, we can always come
together and fall back to the human consensus layer and then agree upon how to proceed forward.
What's your hope for the future of Bitcoin and humanity, or rather,
what's your hope for the future of humanity and how does Bitcoin play a role?
Well, I see a lot of trends that are disconcerting, whether it's privacy, security,
general lack of critical thinking, and people getting manipulated by misinformation.
I see Bitcoin as a beacon of truth. It's something that you can actually trust in to be correct,
and you can trust in it without having to trust any individual or any entity. And so, I am hopeful
that that fundamental model of how Bitcoin is going to play a role is going to play a role in
I am hopeful that, you know, that fundamental model can be replicated for a variety of other
systems. There are certainly plenty of projects out there that are trying to take that similar
model and use it to disrupt other types of systems that are currently very fragile and
centralized and open to manipulation. So, in general, I'm hopeful for a more open and
collaborative world that is also more resistant to manipulation by a small number of people.
Any other comments? What's new at CASA or otherwise?
What's new at CASA? Well, we're going to have a few announcements coming out before too long,
though nothing to announce at the moment. We've been chugging along pretty well
throughout the past year. There have been ups and downs, but if anything, I think that
people have been, you know, looking at the world over the past couple of years with the pandemic
and realizing just how fragile a number of the different systems are that we're reliant upon
and how it actually doesn't necessarily take a lot of stress for some of those systems to break down.
And that's why we've seen more people looking at Bitcoin as one replacement for one fragile
system. So, I'm just hoping this trend of people waking up continues. I hope that it doesn't take
a lot of people being significantly harmed for them to wake up and realize that they need to
start looking at alternatives. We've had the honor and privilege today of sitting down with
Jameson Lopp. Jameson is a Bitcoin OG. He's also a co-founder and CTO at CASA. Thank you so much,
Jameson, for joining us today. Thanks for having me. And thank you everyone for listening.