Chapter 02

The Hunt For

The early 1990s had brought a fascinating era, Tim Berners-Lee introduced the World Wide Web and set the stage for the mass adoption of the internet. The new set of standards — HTTP, HTML, and URLs — allowed for user experience transformation through new browser interfaces. Handy tools such as Mosaic, Netscape Navigator and others made retrieving data from the Web easy. Chaum and Berners-Lee both delivered keynotes at the first World Wide Web conference in CERN in Geneva in 1994, laying out visions of the rise of online economy, electronic commerce and knowledge distribution. As the Internet had been gradually making its way to the masses, technology companies were plotting the next big thing — e-money. Naturally, such a development raised a plethora of questions that early fin-tech pioneers were keen to answer. Where will the monetary value origin from? Who will eventually back up the money? Whether it would be governments, banks, payments processors such as Visa — what will be the business model behind it? Which regulations do apply to virtual money transactions? And, of course, how much privacy should be embedded into the payment systems? Bank notes and coins have been anonymous by nature. Electronic cash not necessarily. Chaum’s school was at one side of the spectre, arguing for anonymous electronic money systems. The opposition was vocal too. Some of the government officials, close to IRS, were even talking about automatic fulfilment of tax returns. Traceable cash would made tax collection simple and smooth. But would this be worth to sacrifice financial privacy?

It was just from 1990 when we the discussion on e-money got really serious. Even though the hardware part of this riddle had been in development much sooner. The first smart card products started to be developed in the late 1970’s, and the first microprocessor-based smart card combining processor and local memory was designed in 1979 by Bull CP8 — one of the three commercial manufacturers at the time. Multiple companies were after the holy grail of the internet protocols. Kawika Daguio, a Washington, DC, representative for the American Bankers Association described the situation:

We may be in a situation analogous to the 1860s - in those days, before our current Federal Reserve system, bank checks backed by different institutions weren't as widely accepted - they circulated and were usually discounted. Chartered banks also printed private-bank notes. Now, we see that some institutions are interested in printing their own versions of electronic money and following their own rules.

But the concept of electronic money was not only explored within banks and corporations, but also in digital communities. In principle, there are three main design patterns within the e-money space that emerged in the 1990s and persisted until today. The first one attempts to create a bridge between national currencies and the digital currency system in a reliable and verifiable manner with Ecash being the most notable example in the pre-Bitcoin era. In the age of modern cryptocurrencies such currencies are known as stable coins. Tether is the biggest one by market cap at the time of writing. In the second pattern, commodities such as gold or silver are utilised as the underlying asset for a digital currency. While E-gold pioneered this concept, Digix Gold Token could be considered its modern alternative. The last category creates a new kind of asset that is not connected to any underlying asset in the physical world, such as Bitcoin, and could be considered intrinsically worthless. One of the objectives of this book is to prove the opposite, though.


It took a few years of thorough cryptographic research until Chaum decided to act upon his vision of anonymous payments. By 1990, Chaum had moved to the Netherlands, became head of the cryptography department of the Centre of Mathematics and Information Science and founded his company — Digicash. The product company created was named “ecash”, and it effectively became the first digital cash system in the history. The company was onto something. The team behind Digicash consisted of excellent cryptographers and coders many of which would later become known for different projects or activities. To name a few: Nick Szabo for inception of smart contracts and proposing Bitgold, Zooko Wilcox for creating Zcash, Hal Finney for creating RPOW and early involvement with Bitcoin, or Eric Hughes for hosting the Cypherpunks mailing list. We will explore all of their stories later in the book. It is important to mention that by that time Chaum was already recognised as one of the most renowned cryptographers in the world.

Digicash translated Chaum’s vision into reality and it allowed for anonymous transactions. Moreover, the system’s mathematical brilliance would make untraceability unconditional. The only situation that would violate this principle was a double-spend attempt which was useful design feature since only cheaters would be revealed. Ecash was essentially a piece of data with different signature used for each coin denomination. It utilised RSA public key cryptography and every user had his own key pair, and the prototype allowed smart cards to hold a certain amount of verified cash value. In practice it looked something like this:

Imagine Alice wanted to send e-money to her friend Bob for the lunch she owed him for. She had an empty smart card which she could load up with money from her bank’s account. Alice would just need to insert the card into a slot machine similar to the one of ATM, in a machine at home or on the street. The card’s chip would generate a random key, and send it “blinded” to Alice’s bank (that was part of the Ecash system). The bank verifies her balance, signs the data, and sends back to Alice’s card. The card would produce a complex numerical code that would serve as anonymous cash.

So her card is charged and now she can send money to Bob. She just slips the card into Bob’s hardware wallet, and the numerical code is copied to the Bob’s machine which further attaches its own unique ID number to it. Such aggregated data is sent to Bob’s bank which subsequently credits his account. Note that the bank can’t trace back the transaction’s origin to Alice. Likewise, Alice could execute such a transaction on the Net, using her computer, and send the complex number representing her Ecash anywhere like an email. As long as the recipient’s bank was in the system, he could get the money credited to his account.

For quite some time things went rather smoothly even though some employees decided to quit the company. They let themselves heard in various medias, of course anonymously, that Chaum, who retained the control over the company as its CEO, was very stubborn, did not want to delegate anything to anyone, and often changed his mind and direction of the company. That was supposedly slowing down the research activities, and upsetting a few people.

Nonetheless, the digital payment system he invented was recognised, by insiders, as a technically perfect product, and Chaum was aware of that. Ecash gained a lot of traction and acquisition offers started to keep rolling. Henderson Investment Management, ING, and even Microsoft sent their bids. Microsoft even wanted to integrate Ecash into every copy of Windows 95. It is said that the offer something around 100 million dollars. But Chaum insisted on a share from every single copy sold. Bill Gates could not accept such an offer. Unfortunately, Chaum’s stubbornness turned out to be detrimental to the company’s interests as it killed negotiations with another giant — Netscape. This time because Chaum insisted that everyone sings an NDA straight away before any negotiations were initiated. The very same paranoia which made Chaum assume that the whole world is trying to rip you off, and made him an excellent cryptographer — caused him to bail out on the deals many in Sillicon Valley could just dream of. In 1996 a credit card company Visa offered forty million dollars to invest in the company. Chaum demanded seventy five million dollars. The offer was gone. That was the last drop for many within the company. They organised a coup and demanded that Chaum leaves his position of the CEO. He could choose, either him or them. He stepped down, remained only in the board, and the company got two new managers — Jelte van der Hoek and Wouter Habraken.

Things seemed to be settled for now. As the new managers were more of cryptographers than business people, the peace did not last long and many employees left the company. From the outside perspective it still looked shiny and investors continued to come with offers. In 1997 new investors eventually joined the company, and subsequently appointed also a new CEO — Michael Nash, who formerly worked for Visa. Soon after the appointment he opened a new office in Palo Alto. The company’s operational costs skyrocketed, the development was split up, and American employees were enjoying higher salary than their counterparts in the Netherlands. These factors once again contributed to rising tension within the company.

Nevertheless, the company exhibited some success as it managed to sign the first bank — The Mark Twain Bank. The American bank was first one to experiment with ecash. Soon, few more banks followed the suit, amongst them Deutsche Bank and Credit Suisse. As conservative and robust banks are in nature they were not in hurry. Digicash had been also in a series of negotiations with CitiBank. The big American bank known for their aggressive policy and innovations could have been a break dealer with its roughly seventy million clients. Unfortunately for Digicash, the bank went through difficult times of decreased stock market valuation which lead into a merger. That was where the management’s focus was, Digicash integration and negotiations were not the priority anymore. This turned out to be the critical moment, and also the final nail in the coffin. The company’s burn rate was too high, estimated at a million a month, the reserves were eaten up and there were no revenues to compensate for. The company went officially bankrupt in September 1998. Just few months before PayPal was founded.

The story of Digicash is a fascinating one. It is a story of brilliant minds translating their vision of digital privacy for everyone into a perfect product. Sadly, the brilliant minds became their own victims, and thus could not fulfil the prophecy of anonymous digital cash. Even though this entrepreneurial endeavour was eventually not successful, the heritage it left behind turned out to be one of the building blocks for what came next. As the Dutch Magazine Next! would write in their extensive report on Digicash, in January 1999:

The rise and fall of DigiCash: a story of paranoia, idealism, amateurism and greed.

DigiCash was the first but not the only project in the field of digital currencies in the early 90s. CyberCash was one of its most prominent competitors. The company’s team included some quite high profile personas from different industries. It was led by Bill Melton, the creator of Verifone system, a multinational multi-million company dealing with credit card transactions. Jim Bidzos, from RSA Digital Security Inc., was onboard too. The company provided an online wallet software for merchants to accept credit card payments, and while first few years things were quite well, they underwent an IPO in 1996. It had also a slightly different business model compared to competitors with transaction fees. The company was earning interest rates on the money deposited by its users. The similar model Facebook used for Libra’s design a few decades later.

On the brink of a new millennium the situation briskly changed. Their systems suffered from a software vulnerability that caused double spending of the payments within their system. This was exploited by a teenage Russian hacker nicknamed “Maxus”, and got the company in unrecoverable troubles. By early 2001 the company had filed for bankruptcy. Their assets were acquired by VeriSign, and few years later by PayPal which bought the VeriSign’s payment services.

Elsewhere, in mid 1990s Visa commenced negotiations with some banks to create a consortium that would introduce “Electronic Purses” to the UK market. It was supposed to be a direct competitor to Mondex, a smart card electronic cash system that was publicly revealed in 1993, and eventually acquired by MasterCard. It used tamper resistant hardware that allowed for anonymous transactions. Its disadvantage was similar to cash in the way that in case of the wallet was lost, there was no way to recover money.

NetCash and NetCheque were another instance of internet payment systems, being developed at Information Sciences Institute of the University of Southern California. Finally, Microsoft started to form a digital money group in 1990, and launched their program named Microsoft Money a year later. They later tried to acquire Intuit — a financial software company, but the regulators eventually put it on hold.

Magic Money

But not only corporations were tinkering around with digital coins and notes. Marching towards the mid 1990s there were multiple attempts to design electronic money via community bootstrapping. One of such attempts was an experimental market called Hawthorne Exchange. Its participants could engage in trading of units of reputation. The native unit was named thorne. The project became popular within some micro communities such as Extropians — believers in tech-enabled immortality — as well as the Cypherpunk that we cover in the next chapter. Some of their leading figures such Timothy May, Nick Szabo or Hal Finney took part in the experiment. Nevertheless, as the community interest faded the project died out in 1994. However,, soon it had a successor in a digital cash system programmed by pseudonymous “Pr0duct Cypher”. The project was named Magic Money. It got announced on the Cypherpunk mailing list in February 1994:

Magic Money is a digital cash system designed for use over electronic mail. The system is online and untraceable. Online means that each transaction involves an exchange with a server, to prevent double-spending. Untraceable means that it is impossible for anyone to trace transactions, or to match a withdrawal with a deposit, or to match two coins in any way. The system consists of two modules, the server and the client. Magic Money uses the PGP ascii-armored message format for all communication between the server and client. All traffic is encrypted, and messages from the server to the client are signed. Untraceability is provided by a Chaum-style blind signature. Note that the blind signature is patented, as is RSA. Using it for experimental purposes only shouldn't get you in trouble. Digicash is represented by discrete coins, the denominations of which are chosen by the server operator. Coins are RSA-signed, with a different e/d pair for each denomination. The server does not store any money. All coins are stored by the client module. The server accepts old coins and blind- signs new coins, and checks off the old ones on a spent list.

Hal Finney had welcomed the concept as warmly as he did Bitcoin a few years later — “Wow! Hot stuff!”. Magic Money’s toolkit allowed for creation of different coins. The mailing lists archives reveal there were a couple of them circulating within the community. GhostMarks or DigiFrancs, or NexusBucks are just some examples.

Magic Money certainly did provide the geekery with amusement that kept them busy for few weeks but the activity gradually decreased. Tim May saw the main source of failure of the system in the almost non-existent supply of items listed for sale with the electronic fun money as well as complicated and confusing process of sending them. He contemplated on patterns of the bootstrapping problems that “crypto” faced in general in a lengthy post. Those very same patterns seem quite accurate also for the cryptocurrency era that came two decades later.

Hal Finney asks us to think about and comment on the important issue of why digital cash, in its myriad forms, is not in wider use. Especially on this list, where the Magic Money/Tacky Tokens experiment has not (yet at least) produced widespread use. This question also goes to the heart of several related questions: 1. Why aren't crypto protocols other than simple encryption, digital signatures (both implemented in PGP as the de facto standard in our community), and remailings (implemented in Julf's remailer and in the various Cypherpunks remailers) being *used*? Why no DC-Nets, no data havens, no digital timestamping, etc.? 2. What *incentives* are there for creative programmers to devise and/or implement new crypto protocols if essentially everything for the past year and a half (since the fall of 1992, which is when PGP 2.0 and remailers became widely available) has languished? 3. What are the "killer apps" of crypto? 4. What platforms and user environments should would-be developers target? What machines? What networks? What languages? (An ongoing interest of mine. Objects, scripts, Visual Basic (!) VBX tools, TCL, perl, many platforms, etc. A tower of Babel of confusion is upon us.)

Twenty years later and the question “What is the killer app for crypto?” is very often part of any conversation involving cryptocurrencies. May went on to elaborate on his take on contemporary struggles of digital cash including Magic Money and Hawthorne Exchange:

Here is my first-cut analysis of the digital cash situation. I. Why is Magic Money/Tack Tokens, in particular, not being more widely used? - Nothing of significance on the List to buy, hence no incentive to learn how MM works. (Just because someone announces that their new article is available for 10 Tacky Tokens doesn't a demand make!) - Semantic gap. I confess to not having the foggiest ideas of how to go about acquiring Tacky Tokens, how to send them to other people, how to redeem them (and for what), etc. Having nothing to buy (no need), and plenty of things to occupy my time, I've had no interest in looking at MM. II. Other Experiences with Digital Cash in Some Form - On the Extropians list a while back (I've since left that list), there was an interesting experiment involving reputations of posters and "shares" in their reputations. Brian Hawthorne introduced is "Hawthorne Exchange," HeX, with eventually a few hundred or so reputations trading. The unit of exchange was the "Thorne," with each new list member given 10,000 Thornes to trade with. Trading was very sparse, with most people apparently never bothering to learn to trade (a la my own experiences with Magic Money). I downloaded the docs one night, tried a few trial trades, and then proceeded to make dozens of trades, trying to buy cheap and sell dear. Between my trades, the reputation attached to my posts (and to my "nom du humor," Klaus! von Future Prime) I amassed a sizable fortune in Thornes. I even offered to exchange real dollars (checks) for Thornes, the better to amass a fortune (for reasons I won't go into here). Edgar Swank offered to sell me his Thornes for $20, I think it was, and I sent him a check immediately. (No one else did.)

He concludes with a list of use cases and markets that may be crucial for development and bootstrapping any forms of digital money in the years to come:

III. What Markets Might Make Use of Digital Cash - phone cards, subway cards, parking garage cards...all are examples. But these are mainly to reduce the need for customers to carry coins and bills, to reduce the dangers of theft of coins and bills (and the need to collect them frequently from payment points), and to speed up processing by not having customers fumble for change, etc. - toll roads...this is a market that Chaum's DigiCash company has been targeting for several years now. Privacy is a concern (don't want Big Brother tracking your movements), and the infrastructure may allow considerable investments in remote sensing of IDs and pseudonymous IDs, online clearing, etc. Read the Chaum stuff for details on this. - illegal markets, for transferring wealth in fairly large amounts. Not at all clear how this will happen, and it sure won't happen with some fly-by-night hackers and/or students offering a new service.
- betting markets, the "Internet Casino in Cyberspace," etc. Nick Szabo was once championing this, and I think it could be an interesting, and very real, market. Lots of issues here.- Digital Postage. This remains my favorite. There's a _need_ for untraceable payments (else why use a remailer?). I've written about this extensively, as have others.
IV. Is there Any Hope for Cypherpunks Software Use? The remailers (of Hughes and Finney, with other contributions) came in the first few _weeks_ of existence of the Cypherpunks group. Julf's system already existed. Remailers were the "low-hanging fruit" that got plucked fairly easily (not taking anything away from Eric, but he himself says he learned enough Perl in one day to write the first, crude remailer the _next_ day!). Later protocols have not fared as well. Why this is so is of great importance. That's a topic unto itself, and one which I hope to write about soon. Lots of important questions and interesting issues.

Maybe it was the issue with some crucial parts of Magic Money system being patented, and thus illegal to use that prevented its wider usage or perhaps it was just a bad timing, but only few months after its launch Chaum’s Digicash announced its trial period during which it was handing out cyberbucks to early adopters and participants of the network. The community’s focus and interest, unsurprisingly, shifted to the new toy to play with, and for some time corporation-led efforts for digital cash took over again.

Commodity-backed Digital Currencies

By the second half of the 1990s first commodity-backed digital currencies emerged. In his book, The History of Digital Currencies in the United States, Philip Carl Mullan compiled an extensive and detailed overview of most of them. While they differed in the company structure, level of transparency as well as some other features, there were some things they shared. Most of them were backed by gold or silver, and they could have been bought, sold and exchanged for other digital currencies through third-party independent agents. Moreover, transactions within their systems were usually irrevocable.

Similarly to modern cryptocurrencies, the first years of the period when these novel currency systems emerged, they were not identified or recognized as a new financial product. There were no laws defining anything about digital currency systems, exchange agents, or commodity-backed tokens. While US banks and money service businesses were notoriously subjected to Internal Revenue Service (IRS) reporting, anti-money laundering (AML) and know-your-customer (KYC) rules, digital currency operators did not have to deal with any of these. Furthermore, these digital currency systems did not have to restrict themselves in terms of the territories they served and they could have had customers from any country, even those sanctioned ones.


In 1996 the company Gold & Silver Reserve, founded by Douglas Jackson, launched their product named e-gold. e-gold was a digital currency backed by physical gold. The system behind it was quite advanced, it had SSL encrypted connection, immediate settlement, and API for third parties to build on. Note the company launched two years before PayPal came on the scene. In 2000, the company would mark the first spike in its traffic volume and the trend would continue in the next upcoming years. Payments within the system were anonymous, irreversible and final. Moreover, for entities selling big ticket items, such as airline tickets, the direct cost of receiving payment in e-gold was less than one tenth the cost of a credit card payment. The company was also known to arduously adhere to a high level of transparency regarding their gold reserves.

The whole model seemed to work quite well, and competition soon arose. E-Bullion, GoldMoney, OSGold, Standard Reserve, Pecunix or INTGold are just few of the companies that entered the arena of gold-backed digital currencies. By 2005 e-gold had become quite popular and during its heyday served over $5 million accounts, had in the reserves over 3,5 metric tonnes of gold and annual volume of transactions reaching $2 billion dollars. In the online payments industry it was second, just behind PayPal. Interestingly enough, e-gold achieved all this with quite modest funding. The company was initially bootstrapped with $1 million, and over the years cumulatively raised only $3,5 million dollars. The amount raised by its competitors was well over $300 million dollars combined. One of the reasons for e-gold success was ability to find a good balance between usability and security of their services. In his post from 1997, Jackson argued that emergence of SSL-enabled browsers allowed for adequately secure and user-friendly transactions.

The way I see it, SSL has rained on the Digicash parade. SSL is the reason we at G&SR didn't shell out big bucks to Digicash (or license the RSA algorithm ourselves). It's got the same session key RSA blah-blah whatever, but folks get SSL-capable browsers for free and a secure server is dirt cheap. And fairly big bucks people are keeping it all up to date so you don't need to bother with expensive proprietary crypto.

SSL, or Secure Sockets Layer, its a standard technology used for safeguarding sensitive data that is being sent between two systems such as an e-shop and browser. According to Jackson, secure communication was the missing bit needed for transmission of payment instructions and notifications. This changed in 1996 when Netscape implemented SSL 3.0 enabling a web browser ot serve as the client software for secure client-server communication. The solution offered adequately secure service which Jackson deemed good enough. He considered the Cypherpunks to be overly concerned about perfect security.

The emergence of e-gold had been the final nail in Digicash’s coffin. Then, for the decade during which e-gold was operational, though there was a continuous succession of one crypto scheme after another, nobody cared. ... e-gold exposed the disutility of crypto-based monetary schemes and as long as e-gold was active, none of them could get a foothold.

Eventually, e-gold became a victim of its own success as it drew unwelcome attention and was used in various Ponzi schemes as well as phishing and many other attacks. US authorities started to investigate the company on the grounds of being an illegal money transmitter. This started a spiral in which e-gold lost a huge part of its user base and eventually closed. Jackson envisioned it as a private, international currency that would float across the borders freely, and would provide remedy to the illness of the modern monetary system. He wanted to bring sound money more mainstream again, but ended up with an electronic tracking device strapped to his ankle instead.

"It's supposed to be jail, only it's self-administered", he said to magazine Wired in 2009 during his first in-depth interview after pleading guilty to money laundering-related crimes and operation of an unlicensed money transmitting service. e-gold being seized by authorities resulted in numerous convictions of some of the most wanted credit card thieves and hackers. The dramatic part of the story of a maverick and visionary such as Jackson came rather unexpectedly as initially there were no indications that anyone had a problem with his entrepreneurial activities, including the Federal Reserves. He reached out to the intelligent services himself, but he was ignored. Later, when they reached back to him he was cooperative and helped them tracking account owners suspected of illicit activities. Even this did not prevent him from being cracked down on, and treated like a criminal, even though eventually the judge spared Jackson of a jail time as it was proven that he did not intend to engage in illegal activity. Initially, Jackson had faced up to twenty years in prison and a $500,000 fine. He was sentenced to 36 months of supervision including six months of house arrest, and 300 hours of community service.

Moreover, his company got fined hundreds of thousands dollars and had to start the process of compliance and apply for the appropriate licenses related to money-transmitting services. The very same licenses and regulations he initially believed should be exempt from — the faulty assumption made by several internet payment services during the early years of the internet, including PayPal. e-gold did not recover from the fatal shake-up and continued in dying out slowly for few more years until they closed down. In our interview, Mr. Jackson admitted that absence of rigorous customer identity verification turned out to be a big mistake:

The biggest challenge though, what turned out to be our fatal flaw, was my failure to marshal the resources to implement rigorous customer identity verification and due diligence as prerequisites to granting system privileges. Until these days Jackson maintained rather critical tone when speaking about the Cypherpunk movement which he blames for causing financial damage. He is equally critical towards Bitcoin which he labeled as ecological devastation, or cryptocurrencies in general which he called a “pointless wasteland.

GoldMoney & WebMoney

GoldMoney officially launched in 2001 even though the company’s founder, James Turk, envisioned in his monographs the concept of gold used for retail payments already in 1979. His vision, though, has not come into reality until now. The updated company’s mission from 2011 suggested GoldMoney dropped its grand plans for gold to be used in online payments, and communicated the service as mainly as a tool to preserve purchasing power via ownership of precious metals. Regardless of its mission, the company has always adhered to more strict rules related to their customer identity, than any other private currency operators. Perhaps that is also one of the reasons while it is still in operation in 2020. In retrospective, this strategy turned out to be decisive and kept the company operational also during the period of financial crisis in 2008 when distrust of financial system shifted consumer preferences towards precious metals. Even though e-gold was never shut down by the government, absence of AML and KYC rules resulted into legal issues that caused the company to miss out this spike in demand that accompanied the crisis.

Formation of WebMoney was a great example of the importance of good timing. The company was founded in 1998 in Russia at the time of “ruble crisis”. Not only did the national currency get devalued, but the Russian government also defaulted on domestic debt. Several large Russian banks closed down and those that remained functional were not deemed trustworthy and safe for deposits. People stopped using banks and cash took over. As WebMoney allowed for sending and receiving cash via postal services which was indeed very convenient for millions of Russians with no access to electronic money. This situation contributed significantly to the tremendous growth the company has been experienced since then up until these days. By early 2020, WebMoney is a multi-billion company with roughly 200 000 transactions per day, and through its services offers several national currencies, gold, as well as cryptocurrencies such as Bitcoin, Litecoin or Bitcoin Cash.

Liberty Dollar, E-Bullion and others

Liberty Dollar was a private currency project launched by Bernard von NotHaus the late 1990s. Like many others in the digital currency space he disagreed with some aspects of the monetary system of the US, and decided to take action in the form of entrepreneurial venture. The company issued currency in the form of coins, gold and silver certificates as well as electronic currency. The US government seized the company assets in 2007 and convicted the founder of conspiracy and counterfeiting, four years later. Eventually, despite of the requests of the prosecutors, he was sentenced to six months of home detention and three years of probation.

E-bullion was another gold-backed digital currency service, similar to e-gold, that operated between 2001 and 2008. It was founded by James M. Fayed. Perhaps most notably, one innovation the company came up with was allowing to withdraw value of their digital tokens through ATM debit cards in cash. Even though the company was one of those more popular one in the field its fate was similar to the rest of the companies. It received also some negative media attention as its founder, James Fayed, was convicted of serious charges and eventually sentenced to death for murder.

There were a few other similar companies with smaller volumes and fewer customers such as IntGold or OSGold. IntGold was a similar service that served roughly 300 000 accounts by the time it was shut down. In the case of OSGold there were supposedly no proofs that the company ever had gold reserves, whatsoever.

In 2001, George W. Bush signed the Patriot Act which was amongst other things focused on implementing techniques and measures in order to obstruct money transfers that could be funding terrorist activities. This was also related to Hawala transfer systems that operated outside of traditional banking or even telegraph or computer networks. In some of the developing countries Hawala has been a popular transfer system based on honor and performance of a massive network of money brokers called hawaladars. It has been following Islamic traditions but it is not limited only to Muslims. While the network spans all over the world it is most dense in the Middle East, North Africa and India. In this trait, Hawala transfers have operated similarly to digital currencies. Moreover, as a result of the act, violations related to unlicensed money transmitting were to be prosecuted by the federal government, instead of state one as it was the case beforehand.

The year 2006 was a turning point that ended the decade in which digital currencies went unnoticed by regulators and law enforcement agencies. From that point onward, starting with e-gold case, many other companies operating their own digital currency in the United States, usually backed by gold, were prosecuted and essentially sidelined by the government for violating laws related to Money Transmitter Licensing and Money Service Business. The only exception to this was GoldMoney and WebMoney which decided to voluntarily implement internal rules of adhering to KYC and AML. But at some point, in 2009, when FinCEN (Financial Crimes Enforcement Network) introduced new set of regulations, even these two large companies decided to step back from the US market as compliance costs were just enormous. This fact just underlined that for a true digital currency to prosper decentralization is an inevitable prerequisite.

Building The Chain Of Blocks

As described in the previous paragraphs cryptocurrencies emerged as a next (r)evolutionary step building up on the efforts in computer science spanning through many decades. Indeed, development of cryptography primitives was essential not only in efforts to design electronic cash but to build secure computer systems in general. By the 1990s all crucial building blocks were created, and the contours of “chain” could start to form up.

“The prospect of a world in which all text, audio, picture, and video documents are in digital form on easily modi able media. raises the issue of how to certify when a document was created or last changed. The problem is to timestamp the data, not the medium. We propose computationally practical procedures for digital time-stamping of such documents so that it is infeasible for user either to back-date or to forward-date. his document, even with the collusion of a time-stamping service. Our procedures maintain complete privacy of the documents themselves, and require no record-keeping by the time-stamping service.”

This way introduced Scott Stornetta and Stuart Haber their paper “How to Time-Stamp a Digital Document” in 1991. The two had met and worked together at Bell Communications Research, or Bellcore, and they aimed to design a solution that would allow time stamping of documents that could not be tampered with. As an improvement over what they called naive solution utilising “digital safety-deposit box” where a document is simply transmitted to a time-stamping service (TSS), they came up with a more sophisticated solution that would not compromise document’s privacy, save the bandwidth and storage and mitigate a possibility of fault at TSS’s side (even though TSS was still trusted). Utilising secure collision-free hash functions and digital signatures they assembled a data structure simulating a chain of blocks. A year later, the two were joined by Dave Bayer and improved their concept by incorporating Merkle trees into their design in a paper called “Improving the efficiency and reliability of digital time-stamping”. Little did they know what for buzz such a data structure will cause two decades later. Both of the papers are referenced by Satoshi Nakamoto in Bitcoin’s white paper, and both Stornetta and Haber have been often labeled as the “fathers of blockchain”. In our conversation Stuart Haber reminisced the beginnings of their work wit Stornetta:

I was a young cryptography researcher at Bellcore, when Scott arrived I'd been there for a couple of years maybe. Scott was a new arrival at the lab, he had just finished his PhD and this was fall of '89, and he came to me with what he thought was a very important problem, and it was in fact the title of our first paper -- how to timestamp a digital document. And by a digital document we meant, of course, any bit-string whatsoever - digital record of any kind. We weren't limiting ourselves at all to particular kinds of records. It was clear that all of the world's records were going online from the physical world. We weren't there yet, of course, back in the '89; but it was clear that was the direction things were going quickly. Scott was especially worried about being able to verify the integrity of digital records. So we came up with a reasonable solution that is the data structure, now commonly called the blockchain.

From today's perspective, many Bitcoin aficionados would likely argue that blockchain has become much more than just a data structure and Proof-of-Work is an inevitable part of what we call blockchain in 2020. Other tribes in the crypto community would not necessarily agree with this statement in their conviction that PoW will be replaced by something more efficient and, hopefully secure as well. It is safe to state that when we talk about blockchain we mean more than just data linked in a particular way as the term implies presence of a robust consensus mechanism that accommodates thousands of nodes. Indeed, Stornetta acknowledges this too:

Well, I am happy to take credit for being the co-inventor of the early blockchain, but I am a little reluctant to call myself the father of blockchain. Simply because blockchain has come to mean a lot more than it originally did. Just due to the many contributions that others have made. What we did create, Stuart Haber and I, was an attempt to create an immutable record. And we did it by cryptographically linking blocks of records together in a chain and then widely distributing the information, so that there was no ability for a central party to corrupt the record. Now, that sounds like what you'd call a blockchain, and we certainly invented that. The only reason I am hesitant, is that for some people, blockchain has come to mean everything that was done by Satoshi as well as Vitalik (Buterin), as well as other people.

The two managed to convince the Bellcore management to spin out a commercial enterprise to offer timestamping services in the form of Surety which was deployed commercially in 1995. The service utilized a technology of linked Time-Stamping Authority (TSA), but most interestingly, instead of a global distributed ledger that we know from blockchain-based technologies today, the first and and longest running blockchain in the world utilized a newspaper, as Haber explains:

Now, in order to enable worldwide agreement on values of our chain, remember, this is 1995, when the internet was relatively new and there was much less interest in there than there is now in cryptographic verifiability of authentication of records. What we did, we'd once a week build another Merkle tree out of all the hash, the block hash values, and publish that hash value as a classified ad in the national edition of the Sunday New York Times.

Haber and Stornetta are not the only cryptographers that today enjoy “popularity” of being cited by Satoshi. As we will discuss in the next paragraphs Satoshi could have easily mentioned more name sin the bibliography of Bitcoin White paper. The lack of thereof is commonly assigned to the fact that Nakamoto was not an academic and did not know about all the work done in the area of cryptography and distributed systems.

Jean-Jacques Quisquater is one of the few other names that do appear in Bitcoin's bibliography and that are sometimes associated with the origins of blockchain. In the early 1990s Quisquater had been working for Philips Research Lab in Brussels where amongst others he and the team worked on producing a system where the digital signatures of notaries were used to timestamp documents that were communicated across a distributed network. In 1996 he started to work on a project called Timesec that aimed to introduce standards of secure digital timestamping for the International Organization for Standardization (ISO) and Internet Engineering Task-Force (IETF). As he commented for Cointelegraph in May 2020:

The first blockchain, by Stuart, was using NYTimes to publish hash values ( It still exists. We used blocks (the real idea of Merkle) chaining with 2 secure hash functions (in case one is broken) and a secure pseudo-random generator.

Quisquater and his colleagues wrote five papers related to the project. Eventually, one of them called "Design of a secure timestamping service with minimal trust requirements" ended up referenced in the Bitcoin white paper.

All of the blockchain "fathers" are still active in the industry in 2020. While Stornetta is a chief scientist at a venture capital firm focused on the blockchain technologies, Haber has advised to several projects not only in the blockchain space but also in in the area of multi-party computation, Quisquater has been appointed as an advisor of for a company manufacturing hardware wallets.

It is important to mention that none of the work of the aforementioned gentlemen included aspects of Proof-of-Work as we know it in Bitcoin. This piece of the great crypto puzzle was yet to appear.


Another concept that would later turned out to be of elementary importance for the inception of Bitcoin (and referenced by Satoshi) — Hashcash — was proposed in 1997 by Adam Back, even though he released the paper only in 2002. He proposed it as a “non-interactive, publicly audible, trapdoor-free cost function with unbounded probabilistic cost”. It was a cost-function designed to deter undesired emails, such as spam, as well as to limit denial-of-service attacks. In simple words, it was meant to allow the sender of an email to prove to the receiver that when sending the email he took a certain amount of CPU time to perform some work on a cryptographic puzzle, and thus indicate that the email is not a spam. The idea was that while such CPU work performance is negligible for users sending a regular email, a spammer sending a vast amount of such emails would exhaust a significant time and resources of his CPU. The sender proved his “honesty” by working on a puzzle. Hence inception of Proof-of-Work. One of the conditions for such a system was that while the computed puzzle is moderately hard to produce, it is easy to verify for the sender (or anyone else). In the case of emails, a hashcash stamp would be added to the header of an email.

Worth noting that a similar idea was proposed by Cynthia Dwork and Moni Naor already in 1992 in their paper “Pricing via Processing or Combatting Junk Mail”. Over the time, Proof-of-Work construction turned out to be quite effective mitigation and prevention when it comes to denial-of-service attacks and the Sybil attack (essentially performed by a large amount of malicious nodes) which was formalised in 2002 by John Doucer.


As one of the potential applications Back stated in his Hashcash paper referred to an electronic cash scheme called b-money proposed by Wei Dai in 1998. In a quite short post Dai proposed two protocols that shares some similarities such as the notion of shared ledger as well as pseudonymous identities based on public key infrastructure:

In the first protocol, every participant maintains a (separate) database of how much money belongs to each pseudonym. These accounts collectively define the ownership of money, and how these accounts are updated is the subject of this protocol. 1. The creation of money. Anyone can create money by broadcasting the solution to a previously unsolved computational problem. The only conditions are that it must be easy to determine how much computing effort it took to solve the problem and the solution must otherwise have no value, either practical or intellectual. The number of monetary units created is equal to the cost of the computing effort in terms of a standard basket of commodities. For example if a problem takes 100 hours to solve on the computer that solves it most economically, and it takes 3 standard baskets to purchase 100 hours of computing time on that computer on the open market, then upon the broadcast of the solution to that problem everyone credits the broadcaster's account by 3 units. 2. The transfer of money. If Alice (owner of pseudonym KA) wishes to transfer X units of money to Bob (owner of pseudonym KB), she broadcasts the message "I give X units of money to KB" signed by KA. Upon the broadcast of this message, everyone debits KA's account by X units and credits KB's account by X units, unless this would create a negative balance in KA's account in which case the message is ignored.

Dai had a clever idea of turning electricity spent on computing into the function of money creation. Indeed, the same feature will later on be revolutionary breakthrough in Satoshi’s brainchild. The difference between the two is that Wei’s intention was to keep creation of monetary units directly proportional to the costs of computing. As he admitted in the appendix of the same paper, this was rather problematic is it implied that peers would need to agree on the cost of particular computations which is an ever-changing variable of knowledge which is asymmetric in nature across the spectrum of market/network participants. Satoshi solved this problem by hardcoding the unit emission rate whatever the costs of production of blocks, and thus coins, are. The same appendix proposes, however, an alternative protocol for money creation which consists of periods divided in fours phases:

1. Planning. The account keepers compute and negotiate with each other to determine an optimal increase in the money supply for the next period. Whether or not the account keepers can reach a consensus, they each broadcast their money creation quota and any macroeconomic calculations done to support the figures. 2. Bidding. Anyone who wants to create b-money broadcasts a bid in the form of <x, y> where x is the amount of b-money he wants to create, and y is an unsolved problem from a predetermined problem class. Each problem in this class should have a nominal cost (in MIPS-years say) which is publicly agreed on. 3. Computation. After seeing the bids, the ones who placed bids in the bidding phase may now solve the problems in their bids and broadcast the solutions. 4. Money creation. Each account keeper accepts the highest bids (among those who actually broadcasted solutions) in terms of nominal cost per unit of b-money created and credits the bidders' accounts accordingly.

This Dai’s notion of explicit declaration of miners regarding their willingness to mine (and thus participate in the system) at given costs of production of unit, turns into an organic ecosystem of miners constantly joining and leaving the network, and thus demonstrating their economic calculations inherently. Worth noting that as much as b-money looks like a blueprint for Bitcoin’s design, according the email conversations that are available on the Internet, Satoshi was not aware of Wei’s work until shortly before publishing the white paper, when being notified of similarities by Adam Back.

Also, interestingly, Wei in his second protocol proposed a tweak in the system’s architecture, while introducing subsets of partially trusted nodes that keep copies of the ledger. Perhaps analogously to what happens to be a custom trust assumption model in many cryptocurrencies using Delegated Proof-of-Stake, this could be described as Delegated Proof-of-Work system. Furthermore, he brings the idea of the validating nodes having to deposit some amount of money in special accounts for fines in case they misbehave. This might be considered very similar to “slashing” conditions being implemented in Proof-of-Stake models in some networks after 2014.

Nonetheless, Wei Dai left B-money on a paper, and did not pursue implementation of his ingenious idea. He has not been active in the crypto sphere ever since, even though some theories suggest there might be certain overlap in his identity with the one of Satoshi. And their proficiency in C++ is not the only indication of that. On the other hand there are contraindications too. In another forum, LESSWRONG, Dai conveyed his conviction that Bitcoin has “failed with regard to its monetary policy” as well as regret that he had not dissuaded Satoshi from implementing deflationary policy when Nakamoto reached out to him for comments.

Bit Gold

Very similar legends are narrated also about Wei’s friend — Nick Szabo. While in media he is often portrayed as inventor of smart contracts, in addition to that, in 1998 he came up with the concept he named Bit Gold. Already from the time he worked along with David Chaum he was skeptical of the centralised nature of money systems, including Digicash. He elaborated on pitfalls related to trusted third parties on his essay “Trusted Third Parties are Security Holes”. Bit Gold was Szabo’s endeavour to get rid of them. He worked on the concept over the years and released the fully fledged version of the paper in 2005. As it is a custom, proponents of the Austrian School of Economics are often gold aficionados, and Szabo too contemplated a monetary system based on digital currency that would imitate properties of gold, mainly scarcity, and was not dependent on any single third party. General sympathies towards gold have been shared by most of the libertarian folks. They did not generally support decoupling dollars from gold. From their perspective, perhaps gold standard prevented governments from responding quickly to monetary crises, its abolition, though, allowed governments to create them.

Thus, it would be very nice if there were a protocol whereby unforgeably costly bits could be created online with minimal dependence on trusted third parties, and then securely stored, transferred, and assayed with similar minimal trust. Bit gold.

Note of a beautiful and key expression Szabo used — costly bits. He envisioned the system based on the following steps:

1. A public string of bits, the "challenge string," is created (see step 5). 2. Alice on her computer generates the proof of work string from the challenge bits using a benchmark function. 3. The proof of work is securely timestamped. This should work in a distributed fashion, with several different timestamp services so that no particular timestamp service need be substantially relied on. 4. Alice adds the challenge string and the timestamped proof of work string to a distributed property title registry for bit gold. Here, too, no single server is substantially relied on to properly operate the registry. 5. The last-created string of bit gold provides the challenge bits for the next-created string. 6. To verify that Alice is the owner of a particular string of bit gold, Bob checks the unforgeable chain of title in the bit gold title registry. 7. To assay the value of a string of bit gold, Bob checks and verifies the challenge bits, the proof of work string, and the timestamp.

Szabo essentially conceives a chain of digital signatures where any user that wants to claim new units of the costly bits needs to put some work into finding it and compute a hash which is sent to timestamping services thereafter. One’s ownership of newly acquired golden bits is recorded on a distributed ledger that Szabo named property title registry. Subsequently, a new round of rush for bit gold mining starts over again. This time with the cryptographic puzzle derived from the latest hash added to the chain of signatures. He also noted on fungibility provided of such a system:

Thus, bit gold will not be fungible based on a simple function of, for example, the length of the string. Instead, to create fungible units dealers will have to combine different-valued pieces of bitgold into larger units of approximately equal value. This is analogous to what many commodity dealers do today to make commodity markets possible. Trust is still distributed because the estimated values of such bundles can be independently verified by many other parties in a largely or entirely automated fashion.

Szabo is a prolific thinker and writer which he demonstrated many times over in a number of his essays. One of the most famous of his works includes the essay named “Schelling Out: The Origins of Money” and can be found on his personal blog named Unenumerated, along with all his other work. It is worth to mention that Bitcoin’s creator himself acknowledges Szabo’s contribution in one of Satoshi’s post on Bitcointalk forum in 2010:

Bitcoin is an implementation of Wei Dai’s b-money proposal […] on Cypherpunks […] in 1998 and Nick Szabo’s Bitgold proposal,


In the light of a new millennium a new phenomenon was onto taking the internet by storm — peer-to-peer file sharing. With the outburst of file sharing services, Napster, Gnutella and alike were hitting the mainstream and started to write their own chapter for the Internet. Despite their rising popularity there has been always a great asymmetry between the two main user groups of these services, givers and takers. While plenty of people were enjoying the privilege to easily download virtually anything that the Internet has ever produced, merely a handful were willing to contribute to the network and hosting the files themselves.

In 2002 a group of three students from Cornell University attempted to design a system that would incentivize people to contribute to the ecosystem and do good. They named it Karma. Their goal was to avoid freeloaders. In their system, a peer's activity — the amount of resources contributed and consumed — was tracked, and resulted in a single scalar value called, like the system itself, karma. Upon joining the network, everyone was assigned a default amount of karma which was further adjusted reflecting the peer’s activity, downwards when consuming data, and upwards when contributing resources. If one’s karma sank too much, below the amount of karma needed to perform a transaction, the transaction would not happen. That way, users were incentivized to maintain proportionality between consuming and contributing. The records of everyone’s karma balance were kept by a group of nodes called “bank-sets”. Each peer had assigned multiple nodes that maintained its karma balance as well as the transaction log. The system used a peer-to-peer distributed hash table (DHT) to map nodes and bank-sets. As each node within a bank-set acted independently, and no Byzantine consensus protocols were implemented, the system allowed for temporary inconsistencies such as negative karma balance. The risk of Sybil attacks, the attack where adversary creates a large number of pseudonymous identities to gain disproportionally large influence in the network, was mitigated through a feature that forced every new node to join the network to solve a cryptographic puzzle. Karma eventually did not gain much traction. Although one of the protocol co-creators, Emin Gün Sirer would later make waves by contributing to both Bitcoin and Ethereum, and by founding the company named AVA Labs that designed protocols that went under the name Snowflake, Snowball and Avalanche. In our interview, almost two decades after the attempt, Sirer looked back to evaluate why Karma did not take off:

I did not have an extended vision like Satoshi did. Karma was designed for facilitating resource sharing and peer-to-peer networks. It's incredibly well-cited academically; it's foundational material for a lot of other people who tried to build on it, but compared to let's say Bitcoin, it was too small a vision, so there's that. The second and biggest issue is I didn't push it. I didn't push it because everybody counseled me and said, look, the entire world in 2002 is united against terrorists. Everybody is concerned about terrorists financing and you will never find any funding for this. They were right. I would not have been able to find any source for funding peer-to-peer cash at the time, so I in fact gave up on the idea. I said this is not going to go anywhere. Banks are not going to want this, and regular people are not going to fund its development, and they didn't at the time. It took the 2008 crash for people to realize that we need alternatives, and Satoshi's timing was impeccable.


Between the time Szabo thought of Bit Gold for the first time in late 1990s and published elaborated description of the system in 2005, Karma was not the only new piece added to the mosaic of digital cash attempts. RPOW was another one. The author was yet another terrific coder and engineer whose significant contribution to the development of Bitcoin is not questioned by virtually anyone — Hal Finney. Finney was a member of the Cypherpunks mailing list from very early. He worked for PGP Corporation along with Phill Zimmermann and was a noted cryptographic activist. In August of 2004 at the time when the heyday of Cypherpunks was long gone he posted to the mailing list a message with an invitation to the project he has been working on for last months:

I’d like to invite members of this list to try out my new hashcash-based server, This system receives hashcash as a Proof of Work (POW) token, and in exchange creates RSA-signed tokens which I call Reusable Proof of Work (RPOW) tokens. RPOWs can then be transferred from person to person and exchanged for new RPOWs at each step. Each RPOW or POW token can only be used once but since it gives birth to a new one, it is as though the same token can be handed from person to person. Because RPOWs are only created from equal-value POWs or RPOWs, they are as rare and valuable as the hashcash that was used to create them. But they are reusable, unlike hashcash. The new concept in the server is the security model. The RPOW server is running on a high-security processor card, the IBM 4758 Secure Cryptographic Coprocessor, validated to FIPS-140 level 4. This card has the capability to deliver a signed attestation of the software configuration on the board, which any (sufficiently motivated) user can verify against the published source code of the system. This lets everyone see that the system has no back doors and will only create RPOW tokens when supplied with POW/RPOW tokens of equal value.

Like many of the early Cypherpunks members, he was too inspired by the work of David Chaum and the idea of Mixnet, and thanks to his efforts a similar system was integrated into the remailers in the early 90s. Over a decade later, he had made himself familiar with the work of Adam Back as well as Nick Szabo. While one of the disadvantages of Back’s Hascash was that computer Proof-of-Work token could be used only once. Building on his idea, Finney designed a system — RPOW — where it could be reusable. Or that is at least how it appeared from the user’s perspective. Technically, every time such a token was transferred from one person to another, it was exchanged for a newly created RPOW token. Therefore, even though a token was used only once, the user’s experience was equal to simply just passing it to another party. Though from the system architecture perspective we could distinguish between POW and RPOW tokens. In this fashion, records of transactions formed up a chain of RPOWs. They were, however, stored on a central server that kept track that no one cheats and no RPOW token was exchanged twice, effectively being double-spent. While the word “centralized” would naturally trigger alert on every Cypherpunk radar, there was a mitigation in place that would make it almost impossible to tamper with data even for the server’s owner. This was due to a special high-security server utilizing secure cryptographic IBM 4758 processor cards. These servers had embedded systems that prevented any change of their content to be made by anyone, including the owner.

As Finney explained the security features of the server on the project’s website, it contained several classes of memory. While some of them were cleared upon reboot, there was a dedicated region of flash memory and battery-backed up RAM (BBRAM) that preserved persistent data across reboot. This feature was useful as it allowed for ability to reload a program and retain persistent data. Not for RPOW system though. As Finney’s goal was to eliminate any need to place trust in him as the developer, operator and owner the program, it was crucial that no one, especially the server’s owner had access to the persistent memory of the program, because that was where the signing keys and other sensitive data was stored.

Fortunately, the IBM 4758 processor had defined also a class of data within persistent memory which were not preserved upon certain circumstances. Among these were RSA secret configuration keys generated on the machine. The configuration keys were guaranteed to be cleared upon any change being made to the software configuration on the processor card. It was exploitation of this feature that significantly reduced trust in the central server. Any private data were encrypted by the secret keys before being stored in flash memory, and decrypted by the same keys upon reboot. If the owner of the processor attempt to tamper the data, reload the operational system or the application, the secret keys would be deleted, and thus the data retained made unaccessible.

Even though tampering with data was mitigated by the utilisation of the secure processor, and resistance to token forgeability was achieved by the system design, the system failure could still erase the account balances, and Finney stated this disclaimer straight away in his initial message announcing the system:

This system is in early beta right now so I'd appreciate any feedback if anyone has a chance to try it out. Please keep in mind that if there are problems I may need to reload the server code, which will invalidate any RPOW tokens which people have previously created. So don't go too crazy hoarding up RPOWs quite yet.

Finney, of course, was foreseeing that the system architecture will have to become more robust, should it be successful and become popular in the future, and design it with this in mind. He anticipated that multiple servers will need to host the RPOW system, and elaborates on it the “Clustering” section of the project’s website. He mentions also a challenge to synchronise all the servers so they could prevent double spending, and suggests a database that would be shared between the servers as a possible solution to that. He rejected such a solution eventually because it would “add tremendous complexity” to the RPOW system. Instead, he proposed an approach where each of the servers maintain its own copy of database with “seen” RPOW tokens. This eliminated necessity for a server to synchronise with other peers, and ensured that each token cannot be exchanged more than once as there was just one server where it could be done. The RPOW network would be effectively divided into shards performing record-keeping independently. This would be done via matching of “cardid” parameter which was unique to each server. Whereas tokens had this parameter embedded in them, generated by the client software based at exchange time. So both POW and RPOW tokens could be spent only at one particular server whose “cardid” parameter corresponded with the value embedded in tokens.

While the system was not intended to function as money, rather than just transferrable representation of computational work, Finney imagined it could serve as “play money” for online games or Peer-to-peer file exchange systems. Nonetheless, Finney had been contemplating money in electronic space for many years at the time. Already in 1994, he wrote about monetisation of remailers and examined which payment mechanism would be the best solution for that, including Digicash. Over the years, he kept track of development in the space, and as it happened, four years later from publication of RPOW he would run into Satoshi in 2008 and become very supportive of his idea of an electronic cash system. He would eventually become one of the first persons to download the software, play around with it and mine, as well as the very first person who received transaction on the Bitcoin network, from Satoshi himself.


Even though the word “Ripple” has become highly unpopular within the Bitcoin world, I’d argue it often has not been receiving a just evaluation from Bitcoiners. Ripplepay was a company founded in 2004 by Ryan Fugger who was a web and decentralised system developer from Vancouver. The company started to offer “a financial service that allows you to extend credit lines to your friends, family, and associates and make secure payments in traditional and online currencies” in 2005. It essentially created a network of nodes transferring IOUs between each other. The Ripple service tracked obligations between individuals and a social network while using a distributed infrastructure. It was inspired by LETS - local exchange trading systems that were flourishing in the 1990s but waned afterwards. In an email exchange with one of the early Bitcoin developers Mike Hearn, Satoshi Nakamoto himself acknowledged the system’s proposition:

Ripple is interesting in that it’s the only other system that does something with trust besides concentrate it into a central server.

The project was later on passed over to Jed McCaleb, Chris Larsen, Arthur Britto and David Schwartz who built up on the work of Fugger, now under different branding — OpenCoin. They worked on a protocol that would allow for instant P2P transfers, and attracted investors such as Andreessen Horowitz, Roger Ver, Google Ventures and Bitcoin Opportunity Fund (later rebranded to Digital Currency Group). OpenCoin later rebranded to Ripple Labs in 2013, and just to Ripple in 2015. The branding as well as product names has been a source of confusion for long. While the company had rebranded from Ripplepay, through Ripple Labs to just Ripple. The international payment system it develops is called RippleNet, and it utilises XRP as a settlement asset. RippleNet also consists of a number of different products such as xCurrent, xRapid or xVia. While XRP may be used for settlement within RippleNet it does not necessarily have to.

The XRP Ledger, an open source public ledger, and XRP as an asset operate independently of RippleNet or even the company itself — Ripple. The XRP token came into existence in 2013 and was used for a number of giveaways and community airdrops. Over time, Ripple has attained a reputation of “bankers coin” as it focuses on integration and partnerships with a number of banks worldwide. Also, it has been criticised as it operates with a different architecture model that is much more centralised compare to other cryptocurrencies — even though the plan is to gradually decentralise it further.

Mike Hearn would later in 2017 compare the original Ripple to an attempt to create something similar to the Lightning Network as a decentralised netting of debts. Debts could be denominated in any currency. As he noted, when implemented, the attempt turned into an ordinary centralised web application. Despite the system turned out to be very different from the original idea, he too acknowledged its innovative potential at the time:

Before Bitcoin, Ryan’s Ripple was really the only project trying to do anything innovative with money on the internet. I first found Ripple in 2006 and had significant email communications with Ryan starting around 2007. Satoshi was obviously well aware of it, which did not surprise me. It was a tiny community back then. My interest in digital money goes back a lot further than most people’s does.

Liberty Reserve

Perhaps the latest notable attempt for creation of digital currency in pre-Bitcoin era was Liberty Reserve. The company was established in 2006 in Costa Rica by Arthur Budovsky. He fled to the country after being indicted in the United States for operating illegal financial business with this company Gold Age which was one of the first independent E-gold exchanges, operating from 1999. Liberty Reserve was founded as centralised digital currency service that at its peak had over a million users. The company got under the radar of Costa Rican authorities around 2009 when being informed they were operating unlicensed money transmitting business. Their application for the license was denied in 2011 due to lack of transparency about company’s funding. The authorities launched a criminal investigation against company the very same year, and throughout the time it spread to 17 countries. Eventually, U.S. prosecutors filed a case against Liberty Reserve in 2013 accusing it of money laundering activities resulting in multi-billion fraud.

The company allowed only for deposits in its own currency, also called Liberty Reserve. To do so only a (possibly fake) name and email was required. On-ramps were provided by the layer of intermediaries called “exchangers” which were typically unlicensed money transmitters in countries like Vietnam, Nigeria, or Malaysia. A user could bought Liberty Reserves from them for dollars, and they would credit his account. The process worked in reverse as well. This scheme resulted in situation when Liberty Reserve did not have no identifying data of its customers. Reportedly, a vast amount of company’s volume was from hacking activities, credit card frauds and Ponzi schemes. The currency itself was pegged to US dollar even though there was no legal binding that guaranteed the exchange rate. Naturally, with no licenses and not following any regulations related to financial world, the company operated in the grey area. And eventually, in 2016, Budovsky pleaded guilty to laundering more than $250 million dollars and was sentenced to 20 years of prison.

Other Virtual Economies and Currencies

It is important to say that there were multiple other instances of digital money, or credits as they were often dubbed, that appeared in the beginning of this millennium and were run by different companies. These include e.g. Flooz which raised $35 million in venture capital, operated for around three years and closed down shortly after it was revealed that the currency was used for frauds to launder illicit funds. Around the same time, another company named Beenz was raising even more money, approximately $80 million for their digital currency that served as a reward mechanism for online behaviour. Despite of the company’s partnership with MasterCard, it was forced to cut costs in the light of the bursted tech bubble, and eventually to shut down. Facebook's experiment with Facebook Credits could also be included in the category of virtual currencies. The project's short lifespan and restrictive design did not allow it to develop into something beyond the Facebook's walled garden. There are, though, instances of virtual currencies that had embarked on different trajectories than initially they were designed for.

In early 2000s, Tencent, a Chinese conglomerate launched a messaging app Tencent QQ with its own virtual currency as well — Q coin. Each QQ Coin was equal to 1 yuan, or approximately $0.15, and was designed to pay for online services and games within the Tencent ecosystem. Every user could customize their avatar by purchasing various accessories which was driving demand for the Q coin significantly. As the currency became more popular it started to be accepted by many other services mainly from gaming, gambling and adult industry that were not affiliated with Tencent. By 2010, the system claimed to have more than 600 million active users. For quite a portion of these users Q coins effectively had worked as money as they could purchase a wide spectrum of goods.

This resulted in fierce tension between the company and China’s central bank that imposed restrictions and limits on the volume of coins transacted in commercial interactions, and eventually ordered that Q coin may be used only for purchase of virtual goods. Despite these restrictions the commerce powered by Q coins was booming as users found clever way to circumvent these restrictions by exchanging account credentials instead of coins. The virtual currency is still being used in 2020 even though the authorities' crackdown prevented it from being adopted by the mainstream.

The case of Q coins and emergence of a new currency in the form of accounts is by far not the only example how virtual assets can diverge from the projected trajectories of its designers. A popular messenger ICQ that launched in 1996 may serve as demonstration of this as well. In ICQ every user had an unique number. Early users of the messenger had been assigned five-digit numbers. As the popularity of the service grew so did the number of people using it. Later on the company had to introduce six-digit, seven-digit, eight-digit, and even nine-digit numbers. As the original five-digit numbers became very rare, they naturally became the subject of trading, and some of them got listed on eBay for hundreds of dollars. As the demand grew, people started to produce -- create accounts -- and hoard them even more. ICQ accounts too had become valuable assets within its own economy.

While the fact that similar trends are present in the gaming worlds might no be surprising, the scale on which it happens may very well be. As most of the literature related to cryptocurrency ignores virtual economies and currencies in various kinds of games for a good reason, it is my objective to provide readers with as big picture as possible. As Edward Castronova, an economist focused on the research of virtual economies, stated in many of his books related to this topic, understanding virtual economies is important to economists, social scientist, business people as well as policymakers. Exclusion of virtual gaming currencies from cryptocurrencies is justifiable since they all were created with a different vision, purpose, and design. Yet, some games managed to gain a tremendous amount of popularity, and thus users, that in some cases it is very accurate to say they created parallel economies. This is especially true when it comes to the world of Massively multiplayer online role-playing games (MMORPGs).

This genre, as defined today, was popularized by games such as Ultima Online or EverQuest in the late 1990s. The games and their economies thrived already in the days when the Internet was just on its way to the masses. Millions of players participated in these early virtual economies. And indeed they were very vital and massive. In fact, according to Castronova's research, EverQuest and its fictional country of Norrath reached Gross National Product of $135 million in the early 2000s. Calculated proportionally to the number of users, which was roughly one million, the value resulted in $ 2266 per capita. This made Norrath richer than some of the real countries as it ranked on the 77th place globally at the time.

The successful titles that appeared later could boast with even more impressive numbers. Eve Online, published in 2003, was famous for its very libertarian philosophy stemmed from the work of Ayn Rand. This space-based persistent world has allowed hundreds of thousands of players to engage in massive commerce interactions trading all kinds of commodities on highly sophisticated in-game marketplaces. Players could even choose to optimize their skillset in a way that allowed them to exploit market inefficiencies via arbitrage on the commodity markets. More importantly, epic battles among thousands of user-generated battleships happen in a virtual world designed to maximize play-to-player interactions. Eve Online, developed by CCP Games, a company based in Iceland, uses currency called InterStellar Kredits with a ticker ISK. Similarity with the Iceland's national currency is of course purely coincidental. In 2020, after 17 years since its launch, the game still has tens of thousands daily active players.

This number is similar to the active daily players of Second Life -- another popular virtual world that was released in the early 2000s. Second Life was based on similar principles of open and market-driven economy where users are free to create and monetize their content in P2P interactions. This was the main driving force behind the success of Second Life that a few years after launch hosted millions of users in an environment very much resembling the real life. Unlike in real life, in Second Life residents have utilized Linden Dollars as the currency of choice in countless of commercial transactions conducted over the course of almost two decades.

There have been multiple other massive multiplayer online games (MMOs) such as World of Warcraft or Minecraft that were able to amass even greater amounts of players that have been using in-game virtual currencies daily. These virtual currencies were centralized in terms of architecture, and did not contribute significantly to the evolution of the technological stack behind Bitcoin and cryptocurrencies. However, there is a lot to learn from them when it comes to designing virtual economies. The art of designing scarce systems later evolved in the realm of cryptocurrencies into a subfield called tokenomics, and subsequently accelerated the market with non-fungible tokens and crypto collectibles.

Getting back to the discussion about “real” virtual currencies one may wonder about differences between the virtual money and economies and the physical one. There is not that much of a difference buying a t-shirt for your avatar from a vendor in Second Life using Linden Dollars versus buying yourself a t-shirt using american dollars. Both transactions happen in a similar frameworks perhaps governed by slightly different rules. The goal of designers of these worlds, often because of the governments, was to keep these worlds separate. The fact is that cryptocurrencies allow for permissionless bridge between the two. Instead of thousands of walled gardens, Bitcoin, Ethereum, and other cryptocurrencies bring foundational protocols that allow for frictionless communication across the whole digital realm.

Centralized nature of digital currency projects turned out to be a major issue as it was too easy for regulators to step in and restrict these services. The same problem, though, applied to file sharing systems as well. While File Transfer Protocol (FTP) emerged around the same time Usenet did, the first decentralized file sharing protocols emerged and were actively developed in the 1990s. Instances include Napster, Gnutella, eDonkey2000 and later also BitTorrent and others. Initially, even though their users interacted in a peer-to-peer manner the network architecture was in some parts centralized as much of the data was stored on local servers of the companies behind the networks. Naturally, they were too subjects of the regulators’ crackdowns, Napster being the most known example, but other had similar problems as well. To many it was clear, that an absolute freedom, when it comes to data transmission or currency transactions, will be possible only in a truly distributed network that will be resistant to pressure and censorship efforts of governments.

A lot of people automatically dismiss e-currency as a lost cause because of all the companies that failed since the 1990's. I hope it's obvious it was only the centrally controlled nature of those systems that doomed them. I think this is the first time we're trying a decentralized, non-trust-based system.

Wrote Satoshi Nakamoto as a reply to the comments on his announcement of the new project he had been thinking about for quite some time and finally had decided to release to the world on P2P Foundation website to fulfil the prophecy Milton Friedman conveyed years ago:

The one thing that’s missing, but that will soon be developed, is a reliable e-cash, a method whereby on the Internet you can transfer funds from A to B, without A knowing B or B knowing A.
The Hunt For E-money
00 — Intro