We are going to keep right on rolling.
So the funny thing about success is that when you are successful, you often get complacent and may not realize that you are about to have the rug ripped out from underneath you by someone who is hungrier, faster, and able to adapt more quickly.
Up next, with the curse of success, we have Jameson Lopp, the co-founder and CSO of Casa.
Please give Jameson a warm welcome to the stage.
All right, Bitcoiners, are you tired of winning yet?
Have you had enough winning?
I hope not, because that's what I'm going to talk about today.
And really, we're here to discuss the current state of Bitcoin and try to figure out where we're going.
So I'm the chief security officer at Casa.
If you have more Bitcoin than you can afford to lose, you should definitely give us a call because we can help you make sure that you don't lose it.
If you are familiar with the innovator's dilemma, this is kind of foundational to what I'm going to be talking about.
This generally is thought of being applied to companies, but I will argue that it also applies to protocols and really any good or service that is trying to gain adoption.
The short version is you start off with basically nothing, and then you're innovating, you're improving things.
If you're successful, you gain market share, you get that S-curve of adoption, and then eventually you peak.
And this is when you hit the innovator's dilemma.
Essentially, you've done so well, you start to be afraid that if you continue to make change, you risk losing it all.
So do we continue innovating and take a risk that we might go backwards, or do we stop innovating and stay content with what we have?
But if we do that, we might actually backslide anyways because some other person or entity may come along who doesn't have anything to lose and innovate past us, eventually taking market share away.
So some people say, you know, Satoshi was actually very, very conservative, and Satoshi said that, you know, Bitcoin is pretty much set in stone, right?
I think that that quote often gets misinterpreted because, in fact, Satoshi had many quotes that said, hey, this is software.
Software can be upgraded, and there is a consensus mechanism to do that, and we should expect that there are going to be bugs, and we should expect that there are going to be opportunity for improvement.
And if we agree upon that, then we can upgrade.
So, you know, this is open source code.
It's a protocol.
If we decide that there are changes that are beneficial, generally, then we can do a fork.
Whether it's a hard fork, a soft fork, whatever, if people agree to it, you can do it.
Satoshi also foresaw the problem that Bitcoin users might become increasingly tyrannical about the block size because, of course, they want to keep it very cheap.
And easy for people to audit.
So, you know, Satoshi foresaw that there are certain potential, like, cultural or even political things that may get imbued into the consensus of the people who are operating the network.
And then that can affect the, quote-unquote, governance of the network.
So, one thing that we can look at, if we look at the history of soft forks over the past 15 years, there's some interesting patterns we can pick out.
First of all, very small number of people who have really shepherded or guided or championed these soft forks.
And almost all of them are not around anymore.
Obviously, Satoshi is gone.
Peter Willett is around, but has nothing to do with consensus changes from here on.
He doesn't want to do it anymore.
Gavin Andreessen, no longer around.
Peter Todd is around, but I don't think he's proposed any sort of consensus changes in nine years.
Friedenbach, gone.
Drack, gone.
Dorier, around.
Lombroso, gone.
Karen, gone.
Lau, gone.
Now, AJ Towns and Jonas Nick are still around.
So, that's maybe two or three developers who have experience shepherding something through a consensus change process that are still around.
Anyone else who's interested in innovating has no experience doing this and is probably flying somewhat blind.
Another problem with the general success in this space is there is real physical danger and risk to those of us who have been around for a while.
Now, in general, like the physical attacks that are happening in this space seem to be correlated roughly with the price.
And, you know, it may look good that it's been going down the past few years.
Well, 2025, that number is actually already out of date.
We're already at nine known attacks.
And if we extrapolate the trend, we're going to hit an all-time high in physical attacks halfway through this year.
Probably going to double the previous all-time high.
That means prominent people in this space who are suspected, not even necessarily known, to own a lot of Bitcoin are putting themselves in real danger of doing things like coming up on a stage and getting recorded and having their face broadcast out to the entire world.
What else has been going really well?
Mining's great.
That's a hockey stick.
That is, you know, hash rate and thermodynamic security that is reaching all-time highs on almost a weekly basis now.
Seems good, right?
Bitcoin network's getting more powerful.
You know, you look at the pools, and it seems, you know, roughly distributed amongst a number of different pools.
So that should be safe, right?
Well, until you start looking into it, you find out that actually a large number of these pools seem to be orchestrated and operated as if they are one meta pool, with a lot of the outputs, the actual money, going to the same custodian, with a lot of the block templates being eerily similar, despite being a number of different named pools.
Not great.
ETFs, great, right?
We had a presentation yesterday where we learned that the ETF launch is something that has never been seen before and will likely never happen again at this level.
That's definitely good from a financial perspective.
But what if we look at, like, where are all these Bitcoin going?
I want to say, like, over 90% of the Bitcoin, you know, only two or three of the ETF providers seem to have a custodian other than Coinbase.
So, yeah, you know, number go up into Coinbase's coffers.
This is yet another centralization risk.
So, we're successful, but we might actually be weakening ourselves along a certain vector.
So, once again, you know, we're hitting this S-curve.
We're succeeding in a number of metrics.
And then we have to ask ourselves, are we going to try to innovate and change things to stave off some of these weaknesses?
So, for example, with the mining stuff, we know how we can fix some of the mining weaknesses.
People have been working on Stratum V2 protocol for several years.
We have not been getting really any traction or adoption by the mining pools to do that because that would take power away from the mining pools and put them back into the hands of the actual hashers.
What if we look at some business cases?
There's many, many different business cases where you can see that they hit the innovator's dilemma and they made the wrong decision.
You know, Kodak, they were actually one of the first to invent digital cameras.
But for whatever reason, they decided that was not going to be the future of, you know, retail photography.
They were wrong.
MySpace, you know, the first major social network, did really well, got a lot of adoption, stopped innovating.
Their lunch got eaten by Facebook.
Blockbuster had the opportunity to buy Netflix for, I think, $10 or $20 million.
But they figured, ah, video streaming, that's not going to be a thing.
And a DVD rental business is where it's at.
That ended up being a poor decision in the long run.
Yahoo was the, you know, dominant search engine for a number of years.
But they stopped innovating.
Someone else came along with a much better algorithm.
Google ate their lunch.
And BlackBerry was the dominant smartphone, the early smartphone.
But they were so dead set on having a physical keyboard in the phone and only having a small number of apps that by the time they realized that the iPhone had done something that had transformed the world and they tried to catch up, it was too late.
So you might say those are companies.
Bitcoin's not a company.
Fine.
Let's look at network protocols.
You know, there's nothing you can directly connect and compare to Bitcoin because there's nothing like Bitcoin.
Bitcoin is this chimera that has a number of different properties of different things.
So the best we can do is look at a wide variety of different things.
What about IPv4?
This is fundamental to how the network itself operates.
Well, you know, this was created decades and decades ago.
They did not have the foresight to expect that there would be billions and billions and billions of devices connected to the Internet.
I think that you can only have something like three and a half or four million IPv4 addresses.
And we've already exceeded that many devices connected to the Internet.
So we've effectively run out of IPv4 addresses.
So how does this work?
Well, it means that you have to have a bunch of private subnets.
Basically, your house, you have a Wi-Fi router.
You probably have a dozen different devices at home.
And each of those has its own private IP.
You only have one public IP that's issued by your ISP.
And these devices have to route the traffic that's coming in and figure out how to do this network address translation.
It's really boring stuff.
But suffice to say, it's not possible for your device to reach out and immediately talk to every other device on the Internet because many of them are behind network address translation routers that don't necessarily know how you want to route that data.
This actually affects Bitcoin as a result of this, the vast majority of Bitcoin nodes that people like you are running at your home are not reachable by other nodes on the network.
They're not able to accept inbound connections.
So as a result, on IPv4, I think we have around 10,000 reachable Bitcoin nodes, but the estimates are that there's actually more like 100,000 Bitcoin nodes out there, and most of them are not reachable.
So this is suboptimal for the topology, the architecture of Bitcoin's peer-to-peer network.
TCP, a similar type of thing.
You know, this is used as a basic level transport layer for almost everything that you're doing on the Internet.
Now, TCP was designed to be optimized for reliability, to make sure that data gets to where it's supposed to go.
But there's so much hardware out there that has the hard-coded interpretation of TCP, there's no way for us to effectively improve it to make it faster.
So people who want to make it faster have to use other protocols, such as UDP, where they can build basically a faster protocol that is more focused on speed than reliability.
Now, that's an interesting tidbit.
Like I said, most protocols are designed to be optimized for one thing.
SMTP was the same way.
This is email protocol.
It was designed for reliable delivery of messages.
And that was great back in the 70s and 80s when there were only a few thousand people on the Internet.
But in the 90s, when we started having millions and millions of people join the Internet, some naughty people also joined.
And these naughty people figured, hey, why should I try to send spam through physical mail when it costs me many, many cents to do so for each recipient, when I can do it practically for free using SMTP?
SMTP.
So, the world changed, and SMTP could not adapt to this changed environment with these new adversaries.
It effectively ossified in the 1990s, and we could not change the SMT protocol to have things like better security and encryption and authentication and anti-spam mechanisms.
So, we had to slap all of these things on top.
And these solutions ended up being highly centralized.
A lot of the authentication is based on DNS records, which is fairly centralized.
The anti-spam stuff is mostly based on reputation, which is even more centralized.
So, you've basically got a handful of trusted third parties out there who are telling us who to whitelist and who to blacklist.
And all of these additional things, these solutions that got slapped on top of the protocol, basically creating meta protocols, have greatly increased the cost of using SMTP.
So, as it stands today, 90% of email users are captured by about 10 companies.
It is no longer really feasible for an individual person to be a sovereign SMTP user.
The costs are too high.
You have to have a huge organization with a whole team of people that are willing to help maintain and manage all of the reputational and technical complexities for being able to operate an email server that actually works.
Anyone can go download the code and run an email server and it might work for a little while, but you're probably going to get blacklisted eventually.
Similar things with TLS, SSL, these are other encryption layers on top of TCP, and these had to be created because TCP itself had no encryption, no privacy.
In fact, if you ask the wizards at the Internet Engineering Task Force that were around back in the day, many of them will say one of their greatest regrets was not building fundamental encryption security and privacy into the lowest layers of the Internet.
So, once again, we ended up with this patchwork of solutions that were slapped on top of it, and it's become very difficult to get people to upgrade.
FTP, kind of similar thing, didn't have good security, and because the FTP protocol itself ossified and was not improved, it got supplanted by better, more secure protocols.
BGP is a big one, this is the border gateway protocol, another backbone of the Internet, this is basically how data gets routed all over the Internet.
It's been pretty much the same for 30 years, and once again, it's basically hard-coded into a lot of hardware routers and such all over the Internet.
It's very difficult to get people to replace all of that, and this is actually another ossification protocol issue that tangentially has been detrimental to Bitcoin.
So, there are security issues with BGP, and it's possible to hijack BGP and essentially force data to get routed to destinations that's not intended.
There have been multiple attacks against Bitcoin and crypto entities that were BGP-based attacks.
Some of them have rerouted data from wallet providers and essentially stolen private keys and other transaction data because people thought that they were doing one thing,
but they were actually sending sensitive data to a malicious party.
There have also been hijacks of mining pools and hash rate where people have redirected hash power to different mining pool servers that would then pay out to the attacker rather than to the actual owner of that hash rate.
So, where are we today?
If we assume that Bitcoin has ossified, I think there's a lot of questions of how are we going to solve and improve problems like scalability?
How are we going to address issues of thermodynamic sustainability, which is a fancy way of saying ensuring that the miners are going to keep getting paid even as the block subsidy keeps going down?
How are we going to deal with these centralization risks that I pointed out around custody and mining if we can't continue improving the protocol to make it easier to do these things in a decentralized fashion?
How do we protect against other potential long-term risks like quantum computing, which I gave a talk about last year?
And, of course, are we going to be able to protect against innovators who don't have anything to lose coming along and perhaps creating some protocol that's an order of magnitude better?
And especially due to these centralization risk and scalability risk, that then rises the question of the governance and the game theory of the network itself.
You know, who runs the nodes? Who controls the money? Who is able to weigh in as major economic actors?
And what are these major economic actors going to do or not do when it comes to questions such as scalability, security, and especially the cost of self-sovereignty, which is a fancy way of saying how much does it cost for you to directly use the Bitcoin protocol in a trustless fashion?
Which I would argue is kind of the entire point of why we're all here is to be able to use these protocols without having to ask permission from a trusted third party.
So, one quote that I like to bring out from time to time with Greg Maxwell, it really strikes, I think, an important tone that you can apply this to many things.
Greg was mostly talking about the block size, but I think that in a number of different centralization risks and different vectors where we can try to somewhat measure the power balances of different aspects within the Bitcoin ecosystem,
We have to understand that in many cases we don't want extremes, we want there to be decent balances.
So, here he's saying, you know, if it's too costly for you to run a node to audit the system, then you're not going to run a node, you're just going to trust a third party to audit the system on your behalf.
And, of course, if you're trusting a third party, they could lie to you, they could essentially do a number of malicious things.
Once again, this is kind of antithetical to the entire reason Satoshi created Bitcoin.
On the flip side, if it's too cheap, you know, to transact on Bitcoin, you know, if we have way too much block space, there's basically an infinite demand for block space over the long term, then it's going to cost too much for people to be able to...
I might have had that flipped around.
If it's too cheap to use to buy the block space, it's going to be too costly to run the node, and the inverse is true.
If it's too costly to run a node, if it's too costly to buy that block space, then you're once again going to be using a trusted third party.
So this is true not only for doing like an on-chain transaction that's like a simple sending money from one place to another, but what he's talking about is using the chain for dispute resolution.
So all of the layer 2s, not just Lightning, but any other layer 2 system is generally dependent upon being able to buy that block space.
So it's feasible that we could get to the point where layer 2s themselves may not be able to operate using the game theory that they were expecting when they initially launched.
There are, for example, issues with Lightning Network and closing channels.
If it takes too long to close a channel, bad things could happen.
So basically he's saying you don't want it to go too far in any one direction.
You want some sort of balance.
We don't really have a solution for that right now.
But we are at a dilemma.
We don't really know which way we're going.
And I actually see a kind of bifurcation and a polarization happening in this space.
I see a new cohort of developers coming along that want to continue innovating.
And we're seeing more and more proposals happening at the Bitcoin protocol layer.
But on the flip side, you have those of us who have been in the space for a long time who may have the vast majority of our net worth in Bitcoin.
You have organizations who may have corporate treasuries where the vast majority of the corporation's money is in Bitcoin.
And so they may be on the opposite side of saying, no, don't touch it.
We can't afford for anything to go wrong.
And it's very hard for these two different polarized parties, I think, to come together and discuss.
So you've probably seen this meme before.
I think it applies to many, many different things.
We see these type of cycles happen.
And from my perspective, over the past decade or so, we have done a great job.
We have created a very strong network.
We have managed to get a lot of adoption.
And we have now the ability to enjoy the good times.
And the question I think that we have to ask ourselves is, are we going to rest upon our laurels?
Are we going to be complacent with everything that we have built so far?
Or are we going to try to break this cycle?
Because I think if we just sit around and say, oh, look, number go up.
We all got rich.
We don't have to worry about trying to continue to improve this protocol.
You know, screw the rest of the world.
They're late.
It doesn't matter if we continue to improve things, whether it's scalability, security, privacy,
so that the rest of the world can enjoy using Bitcoin.
You know, we've built so much so far.
We don't want to lose it.
We're just going to stay right here.
I do fear that that will result in the good times creating a weaker society, if you will,
when it comes to Bitcoin.
So I think there's room for improvement.
I don't have all the answers, but I think that we at least have to keep talking about it.
I think we have to keep looking to push the boundaries of permissionless innovation.
Yes, other layers are the answer.
But we don't have all of the tools that we would desire to be able to build permissionless layers.
This is what a lot of the current technical discussion at the protocol layer is about.
I think the bit process is okay, but not enough people, especially not enough diverse participation from different major actors in the ecosystem is happening.
It seems to be a very tight knit, you know, academic, super nerd coder group of people who may not be going out and necessarily gathering enough information and support from the rest of the ecosystem to help understand what we should really be doing.
You know, maybe we even need to do a meta-research analysis to see if we can improve the BIP process.
And related to that, I think we should consider trying to push the philosophy that soft forks, if there is rough consensus for them, is a good thing.
More funding is also great.
I do like the fact that Starkware put a million dollar grant out for OpCat related research.
I wish that more industry participants would do stuff like that.
And in general, you know, the pro-ossification people, if all you have to say is no, then we have nothing to talk about.
I'm interested in having productive, constructive conversations here.
If all you're going to say is no, then I think we just have to part ways.
And you can do your thing and we can do our thing.
So to recap, success leads to complacency.
Complacency creates resistance to change.
Resistance to change means flaws don't get fixed and opportunities get missed and potentially innovative competitors can come along and eat our lunch.
So let's not let that happen.
We know this is a risk.
We can do things about it.
We don't have to repeat the cycle.
And those of you who are mainly focused on number go up and who are looking at the trad fi people, I want you to understand they could not care less about sovereignty.
They could not care less about permissionless innovation because it means nothing to them.
They don't need it.
Their business doesn't need it.
Their business can fully operate by going through trusted third parties and updating numbers in their private databases.
And Bitcoin can stay ossified, never change, and everybody can keep getting rich while the network itself continues to get weaker and is never able to really fulfill the promise of sovereignty for the entire world.
There are many different ways that this can go.
I'm definitely not saying Bitcoin is going to fail.
Bitcoin is going to keep working one way or another.
It's a question of what is Bitcoin going to look like in the future, depending on which way to go.
And if this polarization continues and the gap continues to wide, then I think we may see another battle brewing.
So all we can do is to keep talking about it, and I look forward to continuing discussion both at the conference, in person, and online.
Thank you for your attention.