In November of 2008, I did a code review and security audit for the block chain portion of the Bitcoin source code. The late Hal Finney did code review and audit for the scripting language, and we both looked at the accounting code. Satoshi Nakamoto, the pseudonymous architect and author of the code, alternated between answering questions and asking them.
Much later, I released the archive of code that I had reviewed. However, it's not the complete sources for that version, and it looks like Hal never released his.
There was a specific reason why I was interested in the block chain code. In May of 1995, as a research paper in a graduate networking class, I had created what I believe is the first digital-cash protocol ever to use block chains in any form - though it used them in a way very different than Bitcoin and its descendants. In that protocol each 'coin' had its own little chain that grew by one link each time it was transferred from one owner to the next. Seeing the idea come around again, in a very different form, was fascinating for me.
For whatever it's worth, I found Satoshi's cryptographic code tight, and had two main critiques of the protocol. First, for as long as the network was too small there was a likelihood that an early attack by some troll with a powerful network could take over the chain and roll it back, so it was necessary to spend significant compute power making sure the chain was secured for as long as such an attack was possible. Satoshi hashed like crazy at the beginning, and that didn't happen. Second, if the network grew too big, I worried about scale and bandwidth. That one I'm actually still worried about.
But I reviewed Bitcoin the same way my professor had reviewed my academic paper, without any genuine expectation that it was going to mean anything to any large number of people but in the hopes that it would incrementally advance knowledge and awareness of the issues involved. A few weeks later Satoshi, with Hal's help, actually launched it, and they set about recruiting more people for long-term support of the project, and I stepped aside.
There were several reasons why. The main one though, is that I've been interested in digital cash protocols since before 1995. I was more aware than anyone (except maybe Satoshi and Hal) that literally scores of digital-cash systems had attempted to launch before then. And the road to progress, as Chuck Yeager observed, is marked by great smoking holes in the ground. The fact that you have probably never heard of any of those scores of launches should tell you how successful they were. I saw no reason to expect a nonzero valuation.
In fact, if you go searching in the news archives for those early launches now, you'll probably only find about twenty of them. They'll be those like E-gold that wound up in criminal court and thus, in the news, and those whose failures brought about or resulted from the end of a business, such as digicash and the Mark Twain Bank.
Most of the people involved in early digital-cash systems who had done outright criminal things and went to jail, had done them by abusing their position of being Trusted.
In security contexts - and especially in cryptography - Trusted is an epithet. In fact it's almost an obscenity. Trusted means something or someone has the power to break your security by acting in bad faith. Every Trusted role is, by definition, a weakness in security. You can see why security professionals are aghast when people talk about "Trusted Computing Modules" becoming a standard part of computers.
Good security means trying to limit the damage a Trusted role can do, even if you can't completely eliminate the Trusted role. And up until that point, limiting the damage had been the best that any digital-cash system had been able to do. But Satoshi had developed, as far as I'm aware, the first digital cash system with no Trusted role at all and thus, no way to abuse a Trusted position.
And the Trustless nature of Bitcoin was the main thing that convinced me Satoshi wasn't scamming. He built a highway with no toll bridge. People could use Bitcoin without creating any obligation to pay him anything ever. He wasn't selling coins, he was giving them away for solving hashes. He reserved nothing for himself.
He wasn't trying to line his own pockets at the expense of others. In fact I don't think I've ever encountered someone so completely uninterested in personal wealth. You know the old saw about being able to get a lot done if you don't care who gets the credit? Satoshi doesn't want the credit. Two years later he walked away and left the pseudonym behind. And hard as this may be to believe, it looks like he doesn't even want to be paid for it. As far as we can tell he mined approximately a million Bitcoins and has never sold a single one of them.
The first anonymous multibillionaire is being absolutely hardcore about demonstrating to the world that he is not ripping anybody off. He is not even using his privileged early-miner position for personal gain. Just stop and think about that for a minute, before you go on.
Once Bitcoin became successful, there were copycats. More than three thousand short-lived cryptocurrencies using the same protocol have been launched. At this date most are no longer extant. For a while I tried to keep track of them as they passed, and tried to record at least a few words about how and why each one failed. But I couldn't keep up, and besides, it was too depressing.
The standard of behavior that installs no toll booths and no Trusted roles - leaving the creator with the same opportunity to mine coins as anyone else - is seldom seen among altcoin creators. The standard of behavior set by Satoshi - not even taking any personal wealth from his creation - has not appeared again as far as I know.
Sadly, many of the people who launched these alternates don't know what they're doing. Even more sadly, most of them do know what they're doing, and at least three quarters know that what they're doing is ripping people off. They strive to do it as well as they possibly can, usually by means that I can't really distinguish from blatant stock price manipulation and insider trading.
They have created code with Trusted roles intended specifically to make the kind of toll bridges that Satoshi convinced me he wasn't a scammer by leaving out. They've even taken to selling all the coins, just like e-gold or a bunch of other digital-cash launches from previous decades that wound up with people going to jail - except now they're calling them ICO's.
New language, same game.
What ticks me off about this, is that somewhere in the middle of all these scammers and flakes, there are some genuinely good ideas that are going to get caught in the fire and burned when the whole thing comes apart with scandals and prosecutions and so on.
What else ticks me off about this, is that there is absolutely nothing wrong with issuing stock in your company as tokens on a block chain instead of through brokers on a standard exchange. Just do it legally, for Pete's sake! Go to the SEC, or whoever the appropriate regulatory authority in your jurisdiction is, and get authorization to issue stock! Hire somebody to implement shareholder voting as block chain transactions. If the law in your area doesn't allow anonymous stockholders, then you need identified participants (and, inevitably, a Trusted system to assign or match IDs). It can work. It has advantages even. But after the meltdown that the scammers are bringing down on this whole form, it's going to be anathema, or even illegal.
Most of the people doing ICO's don't have real business plans. They're not explaining that they're going to make money by providing a service or selling a product at a profit. Instead, they're telling me how they plan to promote their coins.
Let's think about that for a minute. Would you buy stock in a business whose business plan was a giant marketing campaign to promote the value of the stock? If they create nothing of value and spend money from sale of stock for their promotion (and other) expenses, then there is no business model. With no other income, remaining in business will always require further rounds of funding which will always continue to dilute the value of any stock you hold. That isn't a real business plan. I would advise against buying it.
Investors are accustomed to being protected by regulatory authorities, and "due diligence" for many of them is perfunctory at best. This attitude is not at all appropriate for block chain technologies right now. In many jurisdictions, the relationship between the law and people doing things with block chain technology is characterized by ignorance, hostility, instability, or misunderstanding. Protection of investors by regulatory authorities may not exist. These conditions can undermine the value of legitimate investments as well.
Learn where in the world the company is and where the principals are located. Learn what regulatory authorities ought to have jurisdiction. Find out whether those authorities recognize block chain technology as part of their remit, and make sure they're aware of the thing you're considering buying into. Make sure that the people involved are who they say they are (no, I'm not kidding!) and that you have legal recourse if they fail to perform. Make sure they have the appropriate business licenses, incorporation papers, authority to issue stock (yes, that's what the coins on the block chain legally are, if they're selling them at launch), and so on. If that much comes up rosy, then you're at least dealing with real businesspeople. And if you're dealing with real businesspeople, then you can ask for the business plan and do what you usually think of as due diligence.
Satoshi held - and is holding, I suppose - himself to a nearly inhuman standard of behavior in terms of refusing to give any remotest hint of possibly scamming anybody. I'm glad to have had the chance to work with him and Hal on what became a very significant project. I believe that block chain technology, once the current state of confusion is over, will contribute vastly more to the world than all the scams put together have taken or destroyed.
But good lord, what we started. I hate to even imagine how many billions of dollars of scams and failures and thefts have been perpetrated by abusing people's faith in and enthusiasm for that technology by now. And I have no idea how we could possibly have prevented it.