“Staking” is a loosely defined term in the cryptocurrency ecosystem. Use (perhaps overuse) of the term to describe a variety of activities has resulted in confusion over the term’s meaning and makes it difficult for newcomers to cryptocurrency technologies to get up to speed.
At least two distinct activities are variously described as staking (and thus sometimes conflated):
- participation in a proof-of-stake consensus mechanism for a cryptocurrency network, and
- participating in a rewards program offered by a custodial cryptocurrency exchange.
In this backgrounder, we will factually describe each of these activities in plain English, explain why they might be useful or necessary for cryptocurrency technologies, and we’ll offer a cursory description of how each activity may or may not be subject to regulation. A third activity, voting with tokens within a “decentralized autonomous organization” (a “DAO”) is sometimes referred to as stake-voting and may also be confused with staking activities discussed herein, however that activity will be the subject of a future backgrounder.
Participation in a proof-of-stake consensus mechanism
Before we can describe proof-of-stake, we must first review how consensus mechanisms work. A consensus mechanism is the set of software-based rules that enable individual participants in a cryptocurrency network to reach a common agreement over the ongoing state of a distributed ledger of cryptocurrency transactions and associated data.
The earliest consensus mechanisms predate cryptocurrency and were (and still are) used to synchronize data between a number of computers all under the common control of one person or corporation. In those early consensus mechanisms every computer connected to the network must be identified and set up with credentials that will allow it to prove to the other computers in the network that it is authorized to participate in the consensus mechanism, rather than being some rouge unidentified computer attempting to corrupt the consensus by injecting bogus or malevolent data (called a “sybil attack” by computer scientists).
Once the computers are identified by the owner of the network then consensus can easily be achieved by, for example, allowing each computer to take a turn announcing the new updated state of the data periodically. Rules can be established for what will happen if the computer expected to announce the updated data at a specified turn fails to do so. For example, the remaining computers can log that failure and move on to the next computer in the pre-arranged sequence. This has come to be known as a “permissioned” consensus mechanism because it requires that each participating computer be granted permission to join the network.
Bitcoin and other cryptocurrencies use “permissionless” rather than permissioned consensus mechanisms to reach agreement over the shared data that comprises their transaction history. Bitcoin’s core computer science breakthrough was developing a consensus mechanism that did not require pre-identification and permissioning of new computers on the network and yet still achieved useful and corruption-resistant consensus over shared data. Many computer scientists before Bitcoin actually believed that permissionless consensus was an impossibility and even published papers arguing that to be a fact.
We now know that permissionless consensus is possible and is, in fact, very useful for certain applications where we do not want users of the network to rely upon, and be beholden to, a single party or corporation that would otherwise perform the identification and permissioning role on the network. For example, if we want a digital cash system that would guarantee persons will always be able to make payments with their digital cash even if a malicious person, state, or corporation wished to censor those transactions, then we need a network for digital cash transaction data that reliably reaches agreement without empowering any particular participant in that network with the ability to control who can and cannot participate. Similarly, if we want users of a computing system to truly “own” or “control” their personal data on that network, then we do not want some participant on that network to have unchecked power to unilaterally co-opt their data and use it against their will.
Bitcoin’s permissionless consensus mechanism uses a carrot and stick approach to promote honest participation without identification. Rather than requiring participants to be pre-identified, the Bitcoin protocol requires that participants conduct a costly proof-of-work calculations in order to participate (costly in the form of required computing hardware and electricity to perform the computation). Transaction data is considered valid if it matches (mathematically thanks to digital signatures) the data of the majority of other participants (measured in terms of work that each has provided). An attempt to commit fraud would be quickly detected because the fraudulent data would not match data held by the rest of the network and the work that must be provided to join the consensus would have been performed for nothing. Only if the attacker can provide several proofs of work that are more costly than every other member of the network combined would the fraudulent data become the consensus. This extreme cost is a stick that effectively disincentives participants from committing fraud even when they are otherwise unidentified strangers on the network.
The Bitcoin protocol also provides a reward for honest participation in the form of new cryptocurrency or fees that were attached to cryptocurrency transactions. This is the carrot. Given these incentives and penalties, the Bitcoin network achieves a game-theoretical equilibrium where rational participants will always choose honest participation rather than fraud because only such honest participation will grant rewards (in the form of mining rewards) and avoid penalties (in the form of wasted proof-of-work computation).
Proof-of-stake cryptocurrencies change the nature of the stick. Instead of requiring participants to risk losing costly effort measured as computing cycles, these networks require that participants open themselves up to potential losses of cryptocurrencies that they provably control on the network. Rather than buying computing hardware and using electricity (all of which would be wasted if you tried to cheat and were discovered) you must own an amount of cryptocurrency and put that at risk by “staking” it. Exactly how the penalty is extracted in the event of fraud varies depending on the particulars of any proof-of-stake consensus mechanism (and there are several different mechanisms that have been designed and are being implemented). It could be merely that you lose the time value of your stake while it was locked up because you could not spend it while staking it, or it could be an actual destruction of your stake by the protocol rules as penalty for some provable attempt at corrupting consensus data (this is generally called “slashing”).
The specifics of these various mechanisms are not particularly relevant from a policy perspective. At the end of the day the economic activity that stakers are performing is not functionally different from proof-of-work miners: both are making a verifiable economic sacrifice in order to participate in the validation of consensus data and to potentially create the reward inherent in that validation. Even though they help maintain a public and verifiable list of monetary-like transactions, miners and stakers are not like banks or money transmitters or other financial intermediaries because they cannot misdirect or redirect the transactions they put into blocks. They perform a more modest function: merely communicating to the rest of the network that these valid transactions have occurred by placing them in blocks alongside proofs of work or proofs of stake.
Despite the similarity of the term “staking” to “stakeholding” or even “shareholding,” stakers are no more like shareholders of a company than are proof-of-work miners. Nor should the particular choice of consensus mechanism have any bearing on whether sales of tokens on that network are classified as regulated sales of securities. The fact that stakers risk their staked cryptocurrency is little different than miners risking the cost of their mining hardware and electrical consumption. Both miners and stakers earn rewards in some proportion to the amount they risk.
Newer proof-of-stake networks may have more concentrated ownership of the tokens, a smaller developer team, or more aggressive marketing than older proof-of-work networks like Bitcoin, and these factors could influence the outcome of the Howey test for classification as a security. In particular, these facts may bear on whether there is a common enterprise and whether profits are substantially dependent on the efforts of others. However, these are factors independent of the particular fact that a proof-of-stake rather than proof-of-work mechanism happens to be used by a protocol. Securities laws are technology neutral and more concerned with the economic realities of arrangements. A proof-of-stake network may incidentally promote greater consolidation of token ownership because those who have a larger stake are those who will receive greater rewards. However, to the extent that this concentration triggers securities law scrutiny it is the concentration itself, the economic realities of the arrangement, and not its technological cause that should be relevant to the policy inquiry.
That said, proof-of-work and proof-of-stake consensus mechanisms are not perfect substitutes, much the same way that electric vehicles are not perfect substitutes for gasoline-powered cars. While they may both functionally get one from point A to point B, they are different (e.g. driving range, acceleration, relative safety, etc.) and people will have reasons to choose one over the other to satisfy their own needs and desires. PoW and PoS systems in many cases functionally accomplish similar ends but with different relevant trade-offs. Those trade-offs, however, are not relevant to law concerning their economic realities.
Readers should also be cautious about prematurely judging the relative costs and benefits of each mechanism. These technologies are very young; claiming that one or another mechanism is obviously superior (either from an environmental perspective or a censorship-resistance perspective) could be like claiming, in the 1970s, that the x.25 packet switching standard (now essentially defunct and unknown) was obviously superior to TCP/IP (the standard that powers the Internet to this day). This is especially important in the context of public policy. Technology neutral laws are important because they avoid the problem where laws rapidly become anachronistic or obsolete as technologies inevitably change, and also because we shouldn’t use politics to put a finger on the scales and prematurely favor some new invention that might turn out to be grossly inferior to a presently unpopular or controversial alternative.
Staking services
Similar to mining, participating in a proof-of-stake network (i.e. “staking”) is not a particularly easy thing to do. It’s true that the participant does not need to purchase and maintain costly computer hardware or pay for electricity as would a miner. However, most proof-of-stake protocols do demand that the staker have continuous high-bandwidth connection to the rest of the network so that transactions continue to be relayed and verified at all hours of the day. To ensure this availability, the protocol may be designed to penalize a staker that is frequently offline just as they are designed to penalize participants who attempt to add invalid transactions to the blockchain.
Because of the difficulty inherent in keeping a computer reliably online, many companies now offer staking services. In these relationships, a company maintains the computers that communicate with the blockchain, but the user of the service retains control over the staked cryptocurrency used to prove stake. Generally speaking, the provider is paid a small fee by the user for this service, but protocol rewards still go directly from the protocol to an address that is controlled solely by the user herself and the service provider never has any control over rewards or staked cryptocurrency that belongs to the user.
Participating in a rewards program offered by a custodial cryptocurrency exchange
The word “staking” is also used by many custodial cryptocurrency exchanges to describe rewards that their customers can receive by keeping their cryptocurrency at the exchange. Sometimes these rewards may be derived from profits that the exchange makes by using the customer’s cryptocurrency to participate in a proof-of-stake consensus mechanism (assuming, of course, that the particular cryptocurrency in question uses that sort of mechanism rather than proof of work or something else). This explains why these rewards are often called “staking rewards” even though they are only indirectly the rewards from a protocol.
Alternatively, these rewards may be derived from profits that the exchange earns participating in some kind of DAO or smart contract arrangement using the customer’s funds. These rewards, however, could also be derived from profits the exchange makes by lending out the cryptocurrency to other persons through traditional legal agreements, or they could be any other profits made by the exchange.
In short, when a custodial exchange offers customers “staking” rewards it is the exchange itself that is paying the customer at a rate determined by the exchange rather than the rewards being the natural products of participation in a PoS consensus mechanism. This difference is important because unlike the rules of a proof-of-stake protocol, the rules that govern payments to exchange customers are not inherently public and software-based; they will be the legal terms-of-service offered by the exchange at customer sign-up or subsequently amended. Merely being software-based does not inherently mean that legal consequences do not attach (e.g. token issuance can be securities issuance even if it is executed on a blockchain). However, in the absence of any software-based rules for an agreement, it is likely that legal rules apply. As such, the promises of an exchange that chooses to pay its customers rewards for “staking” may be subject to regulations even if staking one’s own cryptocurrency as part of a proof-of-stake network is not.
Nor should these rewards programs be confused with staking services which we described earlier. In the case of a custodial exchange, the customer’s cryptocurrency is held by the exchange while being staked and the exchange has discretion as to how to generate profits with that stake and how much of those profits to relay to their customers. In the case of staking as a service, the service provider never has control over the user’s cryptocurrency and the protocol determines the size of the rewards rather than any policy internal to the provider. Custodial exchanges may separately offer staking services, but this should be a distinct product offering clearly differentiated from mere rewards available to customers who custody their cryptocurrency with the exchange.