AMA with

Jameson Lopp

Professional Cypherpunk, Creator of Statoshi & Infrastructure Engineer at Casa

11th October 2018, 9:00 pm

This AMA is over!

Thank the host

‪We all need to run full validating nodes, no working implementation of spv, not able to prove a block is invalid and even if, not sufficient bc of valid-but-unknown blocks. Could you go into detail why blowback would be huge and it’s likely the community would just decide to tolerate a invalid block and try to ‘patch up’ the ill effects reactively ? Thank you.

This question was a bit difficult to parse, but if I understand correctly you are asking what would happen if someone exploited a bug that even fully validating nodes accepted, such as the inflation bug that was exploited in 2010 or the inflation bug that was found but not exploited on the main network this year.

Ultimately it comes down to how much damage was done by the exploit weighed against how much disruption it could cause the ecosystem to reorganize the chain to a point before the exploit occurred. There are no real rules here because now we are no longer in the realm of machine consensus, but rather in the realm of human consensus. The longer such a bug goes unnoticed after being exploited, the greater disruption a reorganization would cause and the greater the amount of proof of work would have to be expended by miners to forge a new chain fork with more proof of work than the existing chain.

In general it's probably only likely for a bug to be reorganized away if it's caught within the first few hours; if it's caught days or weeks later then it would be incredibly difficult to reorganize away and a sufficiently severe exploit would probably bring up conversations around whether or not a hard fork would be appropriate. But it's hard to talk about such a scenario in general terms because the devil is in the details.

I meant simpler, if ppl would just use SPV, and only miners, merchants, exchanges etc would run FVN. Example: if someone hides invalid transaction in a valid block. It can’t be the main chain and would not be accepted by FVN. I wanted you to describe why SPV are not sufficient for majority and what the impacts would be

Well in such a situation a block would never be created with an invalid transaction because miners are (generally) going to be running fully validating nodes. As such, SPV clients would at worst only see it as an /unconfirmed/ transaction. Though a slightly similar situation occurred a couple years ago with the BIP66 soft fork where some miners were NOT running full nodes and they created an invalid fork that was 3 or 4 blocks long. But they realized pretty quickly that they were never going to be able to claim the block rewards from that chain and they switch backed to the valid chain out of economic interest.

With regard to SPV I have a few articles that are relevant. One on the security model of full nodes:

And one on the scalability issues inherent to SPV:

Okay thx for ref. articles, but I meant if miners for what ever reason would do on purpose....

I have three questions :)

  1. How do you handle information overload? How do you keep work and life balance and stay content?

  2. Do you think AI plays role in Blockchain in near future?

  3. What do you think are some problems in computing that needs to be solved?

  1. It's very hard because I'm constantly monitoring a dozen or so different communications channels. This is the nature of trying to keep track of what's happening in such a distributed ecosystem! I have to greatly limit what news sources I pay attention to and only select the ones with the highest signal to noise. For me, Bitcoin is my life and I've been working for startups my entire career, so I'd never claim that my work and non-work life is "balanced" - it's heavily skewed toward work. Even when I'm not "working" I'm probably "playing" with some Bitcoin related side project :-)

  2. I could see it playing a role with stuff such as analytics or running dapps, though I'd have great skepticism if someone tries to merge AI with consensus algorithms.

  3. I think that computing hardware and software should be designed with privacy and security front and foremost as the default, rather than as an afterthought. This is less of a technical problem and more of a social one; users aren't demanding these things and thus companies aren't prioritizing them.

Thanks Jameson :)

How do you think software updates to blockchain apps will work in the future? Given there is no easy way to enforce individual nodes to run a newer version.

There are a multitude of ways that developers could go about it, and they should really make it clear when users are downloading the software for the first time. You could build the app with built-in versioning that detects when other apps no longer speak the same "language" and then old versions would organically become less and less useful as most of the users upgraded. More drastic measures such as a kill switch that disables the app could also be written, though of course any such open source dapps could be altered by another developer to disable it.

In general, it's like consensus upgrades - if a new version offers a better experience then a lot of people will upgrade to it and this will likely then incentivize the laggards to upgrade as well.

Hey Jameson, Thanks for the AMA!

What Bitcoin would be in 2030? Will it be the next-gen digital gold? What are your thoughts?

Bitcoin has made it really far in 10 years - if we make it another 12 years then I expect that the rate of innovation will continue to accelerate and we'll continue to benefit from network effects that incentivize more and more people to join the revolution and contribute resources to building out the ecosystem. This also means that Bitcoin will become more and more complicated as we'll likely see even more layers of infrastructure and applications built on top of the base protocol. Remember that the Internet itself is comprised of 7 layers; it's hard to say what Bitcoin's final form will be...

Do you think that cryptocurrencies such as stablecoins will become something we'll be able to use in regular stores, or will they remain as a proxy to FIAT?

I don't really see the value in using stablecoins for retail purchases; their primary value seems to be for moving money between exchanges or as a short term hedge against the volatility of crypto assets. Credit cards, for example, are likely going to provide a better user experience for payments while being much more scalable. Stablecoins could potentially provide better privacy, though it really depends upon the stablecoin. I'm also generally skeptical of the long-term viability of any stablecoin that it will remain functional and be able to hold its fiat peg.

When do you expect Bitcoin to become an exchange-traded fund?

Then when is impossible to say because we're talking about government bureaucracy... but it seems clear that it's only a matter of time. Now there are so many entities dedicating resources towards bringing and ETF to market - they are going to keep banging on the door of the SEC until they are let in. Hopefully next year!

Jameson, Thank you again for doing the AMA.

If Bitcoin were to fail, would be the most likely reason for it's demise?Protocol bug?

If a critical protocol bug was exploited and not found for a long time after being exploited (weeks or more) then it would cause a huge loss of confidence.

I still believe that the most likely cause of Bitcoin's death would be apathy. Everyone has to agree to stop supporting the project in order for it to die.

Will sidechains be able to compete with altcoins for developer mindshare? Do you have an idea what scaling will look like beyond lightning? What roles do you see for prediction markets? Thanks!

It's probably going to boil down to the incentives issue - I'd bet it will be harder to become rich overnight by launching a sidechain that is pegged to bitcoin than to launch a new altcoin from scratch (especially if it's funded by an ICO.) On the flip side, hopefully that means that developers who are more inspired by building ideas than by the prospect of overnight wealth will end up experimenting with sidechains tech because there's ALSO less downside if you fail.

With regard to lightning we're already seeing some "layer 1.5" solutions such as eltoo that are trying to make channel opens and closes more scalable. I've also heard of some folks working on "layer 3" infrastructure though it's too early to tell what the time frame is to see working software.

Prediction markets, or more generally, information markets, have long been theorized and in my opinion are sorely needed if we want to build truly free markets. Theoretically we should be able to make better collective decisions if we just enable people to put their money where their mouth is... of course, there are also a number of negative consequences that can result. It seems like the "wisdom of the crowd" can work in many cases, but not all... and such markets can create perverse incentives that lead to things such as assassination markets. But you have to take the good with the bad, when you're building new tools - it's difficult if not impossible to build a useful tool that can't be abused.

Bandwidth and CPU time has historically improved on average approx. 17% per year. Since block size wasn't reduced, and in fact was increased, we have a LOT of catch-up to do if we ever want Bitcoin to be safely decentralised again. Do u think we need to reduce block size to keep bitcoin safe ?

I mean at least 80% of economic activity should be verified (users verify own incoming tx), anything less means there is a real risk an invalid chain will prevail over a valid one. Any block size larger than 300k increases the cost FASTER than technology becomes cheaper. Do you agree?

It's basically impossible to quantify "safely decentralized" though we seem to be doing fine lately - the ecosystem at large has become much more efficient in its use of block space. We aren't maxing out block weight by any means yet and great strides are occurring with Lightning Network, so I think we're in a pretty good position.

I doubt we will ever have a significant portion of bitcoin holders that verify everything, but then again everyone has the freedom to choose their own security model. So long as it's possible for users who WANT to have the strongest security model to afford the hardware required to run a full node, I think we're in a healthy state.

Thank you for your time Mr. Jameson and giving us a chance to have an AMA with you. I would ask some questions to you :

As a web developer :

  1. Why should I invest my time learning blockchain technologies ?
  2. Does blockchain have a secure future?
  1. If you're interested in issue of trust then you should look more into these technologies, as they enable you to build systems that greatly minimize the trust between users.
  2. Even as nothing more than an audit log with tamper evidence, it's clear that there are a variety of applications for this data structure. All the other functionality that folks are building on top is just gravy.

How do I build a DAPP if I know web technologies like HTML, CSS, JavaScript, Node JS and react js? Any resources you can point me to?

DAPP is a very broad term so it really depends upon the functionality you want. But in general it's going to require learning how to interface with a new network such as Bitcoin / Lightning / Ethereum. There are Lightning resources at

For Ethereum you'd likely end up writing a smart contract so you'd need to learn Solidity - take care that it's easy to write a "working" solidity app that is insecure!

What's your opinion on decentralized communities? Do you think future communities are going to be built this way?

In a sense I'd argue that this has been happening ever since the advent of the Internet. It's just becoming easier to coordinate as hardware and software continues to improve. For example, I haven't worked from an office in 4 years and my current company is about 80% remote and distributed all around the world. I consider myself a member of dozens of different communities that are running on different platforms. With the advent of virtual reality and projects like Decentraland, visualizing these communities may be taken to the next level.

If Bitcoin fails does every other cryptocurrency fail? Or can Bitcoin fail and we still see a cryptocurrency we have today succeed?

Not necessarily, though it really depends. Rather than trying to speculate as to what might cause it to fail, I'd first define "failure." Bitcoin can only fail if there is consensus that is has failed. By which I mean that pretty much everyone who is involved in Bitcoin needs to stop being involved. This could happen due to some critical flaw in the underlying technology that hasn't yet be found and can't be fixed (pretty unlikely) or it could be because another project comes along that is an order of magnitude improvement upon Bitcoin (more likely.)

What are some of your favorite Blockchain projects?





What's the biggest threat to Bitcoin, in your opinion... Or is there one?

The biggest threat to Bitcoin is apathy. The only way that Bitcoin can stall and then wither and die is if no new people becomes interested in it and the currently interested people become more interested in something else.

Hi Jameson! What is your biggest concern about the current state of the cryptosphere?

Too many people worrying about what others (both inside and outside crypto) think or say about the cryptosphere. I find that a lot of stuff on social media simply isn't worth spending time responding to because it wouldn't make much of a difference in the long run. I think being constructive and collaborating with others to build things is the most effective use of one's resources.

How are you able to kill it on Twitter and still find time to kill it at work?

It's all interrelated - sometimes stuff I tweet comes from work conversations while some of the stuff I find on twitter helps me suggest new things for us to implement at work!

huge fan here :) thank you for your contributions to bitcoin


Thank you for doing the AMA. My question is in regard to security. Do you believe that the Bitcoin protocol or a traditional US bank is more secure? Given both the fractional reserve banking and potential for the US dollar to hyper-inflate and then the recent CVE-2018-17144 bug. Where would money be more secure on a ten year time horizon?

It's an apples and oranges type of comparision, but in general open systems are going to be more secure because they have more eyes on them, probing for vulnerabilities. Note that banks get hacked all of the time...

At a very high level, money you keep in the bank for the next ten years is GUARANTEED to be worth less than when you deposited it. Bitcoin offers no guarantees either way, but it has a huge upside potential.

How would you explain Statoshi to a noob? 😀

Thanks for the AMA, btw.

Statoshi is Bitcoin Core plus a few hundred lines of code that track events and metrics. It basically enables developers to better understand how the node is performing; I then put some nice dashboards on top of the raw metrics that are collected by my personal statoshi node and make them available on

Will you be making fine bathroom wine again? I would like some more.

Sadly the winery has shut down and all equipment has been sold off!

Can you assess the current and future threats to bitcoin from state or central banking actors? What counterrevolutionary moves could we see against the Bitcoin protocol in the future?

While some nations such as China and India have cracked down a lot on crypto, others like Japan have become much more risk averse and want to protect users, while some such as the US seem to be generally embracing it. From what I hear, a number of politicians already own bitcoin, so hopefully that number continues to rise to disincentivize them from legislating such counterrevolutionary moves... but I do think that the most devious thing nation states could be doing is working to pit us against each other in order to distract us and slow down the pace of innovation.

Could you respond to this article on the limitations of smart contracts?

"There is an intractable problem in linking a digital to a physical asset. Physical assets are regulated by the jurisdiction you happen to be in. This means that possession in a smart contract doesn’t necessarily mean possession in the real world and suffers from the same trust problem as normal contracts." [edited down]

"Smart contracts are simply too easy to screw up, too difficult to secure, too hard to make trustless and have too many external dependencies to work for most things. The only real place where smart contracts actually add trustlessness is with digital bearer instruments on decentralized platforms like Bitcoin."

Right, so the fundamental problem of linking digital assets to physical assets (tokenization, if you will) is that you then have to involve yet another layer of human consensus. You have /not only/ the human consensus required to form the protocol that automates the rules via machine consensus, but you also have to achieve consensus from whatever humans write the rules for the physical space in which the physical assets reside. AKA the local government. This adds a ton of complexity and unpredictability and if I might reference Nick Szabo, seems like it also disrupts the social scalability of any such protocol.

Smart contracts are currently too insecure and can suffer from things such as the oracle problem, though I fully expect that this space will continue to evolve and that over time the smart contract space will become better understood and adopt standards and best practices that will make them safer to use. I do think that using any of these crypto network protocols makes the most sense when you can keep their effects completely contained to the digital realm.

Do you think that BitCoin will still be the predominant cryptocurrency 10 years from now? Which other projects do you look at and think 'wow, really clever!'.

Hard to say without defining "predominant" - many of the metrics being used such as "market cap" are highly flawed. Also, it's easy to envision a future where say, Facebook or Amazon creates a "cryptocurrency" that all of their users are incentivized to adopt, which could easily result in a cryptocurrency with far greater adoption than any currently in existence. But would that cryptocurrency have the same properties as Bitcoin? Highly unlikely...

With regard to clever new projects I'm keeping an eye on Grin.

Why do we need Bitcoin?

To show the world that the very concept of money itself belongs to humanity, not to a few bankers, politicians, and economists.

What technical contributions are currently missing in the Bitcoin development space?

Documentation and education! That's why I really like the idea of

There's a ton of "lore" and historical information that long-time devs have soaked up over the years but isn't clearly written down in a digestible format. When I've done some spelunking through Bitcoin history for articles I've written in the past I often end up having to sift through tons of mailing list archives and IRC logs which is quite grueling. It would be nice to have some technical writers take a stab at conveying more of this information to newcomers.

Is Blockchain gonna work as a standard in future for existing systems like banking,marketing,trading etc. I guess the tech is great but dont know why still not evolving or proving. As per development question how the datas are going to be stored in the network . And also when we can expect stable or standard version of any blockchain (not specific to ethereum ) for development as the existing is limited to scalibity and other limitation?

Standards is a tough problem because once again, they have to be formed via consensus. In general I think that standards in this space will take many years to be settled upon because a lot of the current experiments are going to fail. It's only after many of the current networks have failed will there be sufficient faith in the robustness of those that survived that we can then expect them to become standards.

When do you think banks will stop blocking crypto-related transactions? Also, do you think Bitcoin will be legal everywhere in the world in the following years?

I think banks will continue to become more and more desperate; it will get worse before it gets better. Eventually I hope it will turn into a "if you can't beat them, join them" situation where they find that it makes more financial sense for them to support customers who use crypto.

Similar thing with legality - I'd bet that more nation states clamp down on it before eventually conceding defeat. I wouldn't expect it to be explicitly legal in all countries for a long time, if ever.

If you could go back in time and do 1 thing differently when and what would it be?

Enacted my privacy measures a year earlier before I got swatted!

Hey Jameson, thanks for the AMA!

What is your advice for a beginner Bitcoin-holder regarding wallet security? What are the best practices that anyone can follow?

If you have more than a few hundred dollars in bitcoin, buy a trezor - it's the best combination of user experience and security that you can get with such little effort. As for best practices, paranoia helps - assume that everyone wants to steal your bitcoin and assume that anything that can go wrong will go wrong. Eliminate all single points of failure by keeping multiple redundant backups of your private keys in geographically separated, access-controlled locations.

Is there any hope for me getting back the 45 BTC that were stolen from me in the SourceForge trojan attack?

Additionally, will bitcoin ever actually be a viable currency for day-to-day use? Or will the political infighting and greed surrounding it forever prevent the adoption of realistic technical solutions to its scaling problems?

Basically no hope, I'm afraid.

Politics and greed can't stop the builders from building; most of the vitriol you see online is not coming from the folks who have their heads down solving the hard problems.

Many highly-anticipated protocols will need to host hundreds if not thousands of developers to get traction. Many protocol leads are beginning to host incubators, sponsor university conferences and even acquihire to seed their protocol. Which approaches do you think are overhyped? Which are underestimated?

I think it will generally come down to incentives. If you're paying a bunch of devs to work on such a project and they're mainly in it for the paycheck, they probably won't stick with it for the long term and become deep experts. While it's often lamented that there aren't a /ton/ of devs working on Bitcoin and related protocols, I'd note that pretty much all of those who are working on them are doing so because they are philosophically / ideologically motivated to contribute to the project, and these motivations are less likely to change than financial motivations.


What domain will host the first mainstream Dapp? Gaming, gambling, financial services or other?

Gambling and porn. They're always on the forefront of cutting edge tech!

What do you think about the risks associated with quantum computers having the encryption used in bitcoin?

It's extremely low risk and we'll likely have years of lead time with seeing that quantum computing is evolving to the point that it becomes a risk. This is something that the entire digital security space will be keeping an eye on, because the ramifications are far greater than just bitcoin. From a technical level, even if quantum computers were deployed tomorrow that could break some encryption algorithms, it's unlikely they would be able to break the multiple ciphers used in the Bitcoin protocol.

What do you think about Tendermint consensus?

One of my main issues with proof of stake is the nobility problem - the rich get richer without having to expend significant resources. I prefer proof of work because it's more dynamic - new participants can enter the network without having to "buy out" existing participants. It seems more like a competitive free market.

What do you think 2019 will bring to the crypto market?

Some ups, some downs, and some sideways. There will be no shortage of drama and fud as folks jockey for relevance.

Hi JL. l lost my phone so temporarily suspended my account until I was able to setup 2FA again. During this time 3 btc were taken from my account.

  1. Seems cut and dry, localbitcoins are at fault. Yes?
  2. Is it worth me trying to get this money back?
  3. Are there professionals that I can pay to help me?
  1. If you had 2FA enabled and they disabled it without your permission then I'd place them at fault.
  2. You might want to spend an hour discussing that with an attorney to figure out if proceeding with more billable hours is likely to have a positive return on your investment. It sounds like a matter for small claims court (though I don't know your jurisdiction so it's hard to say)
  3. Basically any attorney who deals with financial matters? I wouldn't pursue trying to get the money back by finding the attacker; that's generally a lost cause.