13 MIN
Oct 27, 2022

Transcript: Crypto Q&A with Coinchange's Research Team and Paul McCaffery from KBW

Share on social media

In this episode we have a very special guest Paul McCaffery from KBW who will talk to us about the institutional adoption and regulations in crypto, then we will cover 2 important twitter threads on that our users need to be aware of, one related to Coinbase and Google partnership and the other related to Polygon partnering with Indian Police System and we’ll finally analyze the Mango markets DeFi exploit. In summary, here is what you will be learning about:

What the video here

Question 1. Tell us about yourself, your newsletter and what you do in crypto.

Question 2. You being so involved with the institutional players, what are some of the most impactful events that are happening in the Institutional space that we must be aware of? 

Question 3. What is the current progress on the regulatory front globally? And which sectors in crypto do you see being regulated first? And if you could touch upon the impact that could have as well. 

Twitter Thread #1: Google Cloud has selected Coinbase to expand their crypto offerings. 

Twitter Thread #2: Police Complaints in India will be powered by Polygon Blockchain to ensure immutability and reduce corruption.

DeFi Exploit Analyzed: Mango Markets on Solana Blockchain were exploited for over $100 M. 

Transcript from the interview with Paul McCaffery from KBW


Hey Paul, thanks for joining us today. So I wanna start off first with, tell us a little bit about what you do, about your newsletter and how are you involved in crypto.


Sure, Jerome and Pratik, thanks for having me today. Really looking forward to our conversation. Sort of got into crypto by accident. I work for KBW, Keefe, Bruyette & Woods. It's a financial services firm, really focused on TradFi for the last 60 years, and that was the direction of travel for the firm.

Obviously we're doing a little bit more in FinTech cuz the digitization of traditional financials has always been happening. So we've been doing FinTech, but crypto was by accident and I actually have to credit Alan Lane, the CEO of SilverGate back in 2014 and 2015. His obsession with digital assets led him to decide he wanted to transition his sleepy commercial bank into a digital asset focused bank. And so back in 2016, we worked closely with him and went out and educated ourselves, educated other investors, and raised private capital for him to do that transition. And then the crypto winter happened in 2018, so, really put it on hold in terms of our public launch.

But when the market opened back up in 2020 we led the IPO for SilverGate and have done all of the capital raises with them since and remain very close to that institution which has really been a pioneer in the space. We also are very fortunate because our parent company has rolled up some boutiques in the space in different areas, and we were one focused on traditional financials.

Another one that they acquired was a company which was First Energy and GMP up in Canada. So, as you can tell, First Energy focused on energy, and then GMP focused on a lot of tech space areas. Having that focus on energy and then having tech led them to be pioneers in the mining capital raises. Some of the actual companies that are out there in public now, a lot of the folks actually came from their company and then they also rolled up the space and helped capitalize some of the Canadian companies like Galaxy and what not. So we've been working very close with our partners up north on anything in the digital asset space  and the collaboration's been great.

But I've been here 20 years and I'd say the last three or four years I've had a focus on digital assets, but really it's picked up and then some during the Covid lockdown. 


Great. Paul, you being so involved in the institutional space, Could you give us a your thoughts about the institutional space and the adoption of those institutions?


Yeah. So in addition to being involved both on the, the equity side, the capital raising side for KBW I actually am on a four person working group team for Stifel Financial, and it's a bank, a $35 billion bank. And so we are also trying to figure out what our own digital strategy is. So we've been going through that same process of trying to figure out who's our custodian gonna be, what are the different services we're gonna offer and it's been very difficult because we're a regulated bank, so we've had to press the pause button. And that's predominantly because of the SEC continues to come out with rules or set precedence through rule by enforcement and it makes it extremely difficult for an institution to get involved.

Essentially there's two that I'm talking about. One is SAB 121, which was announced in the spring of this year, which essentially says that every SEC registered institution has to treat all customer digital assets as their own assets and liabilities, which actually creates some problems for the balance sheet.

The other thing that they have done is without consulting with any other global or domestic accounting agency, they gave a unilateral ruling that all the SEC and corporates that actually list their stocks have to only mark the assets down and can't mark 'em up. And so they did not allow for fair value accounting and that's creating some issues.

So everybody got excited last year when Tesla came out, announced that they were putting some crypto on balance sheet, and that was short-lived and there wasn't any follow through because a lot of institutions, even the ones who wanna allow their customers to transact in digital assets in turn decided not to actually balance sheet anything.

Think Block, which is formerly Square, who's working on remittances through the Lightning Network, think Chipotle, who might wanna allow their customers to buy burritos through Bitcoin. None of those companies really would be willing to actually hold any of the assets on their balance sheet because of those really restrictive rules.

So it's great to see that FASB just came out this past week and announced the change of the rules there. And so I wanna thank the folks at FASB, including former director of research from KBW. Fred Cannon, who's one of the, the board members who is instrumental in pushing that through. So that is actually a very big change.

And I think it's of interest because 44 of the hundred biggest corporates in the US are actually using blockchain at this point. A lot of 'em are private permissioned blockchains, like JP Morgan is using Onyx. And Jamie Diamon's been in the press, so he will basically praise blockchain, but he will at the same time criticize public blockchains in crypto. But this FASB ruling does open up the optionality, which is great. And then some of the other things that folks look for they really wanna have rules and regulation in place. And so we've been waiting for those data points to happen.


So Paul, just to touch on that FASB update that you just mentioned, basically if you hold Bitcoin on your balance sheet, and let's say in that quarter, it drops down to $20 K, the company has to report losses. If they bought it at let's say $40 K and it drops down to $20 K, they have to report losses.

But if in the next quarter it went to $60 K, they still have to put it at the $40 K, right? They can't say they have a good worth, $60 K. 


That's right. And it's even worse than that. It's actually the lowest point it touched during your ownership. So it's not even where it closed.

If at one point Bitcoin hit 16,000 and was just there for a day, you still have to mark it there and you could never mark it up according to the SEC rule. Whereas with FASB now, it's up and down, so you have that optionality. So some companies think that there's a positive reason for owning Bitcoin at this point as well in the balance sheet. 

They'll be less likely to have an issue because at least they get the benefits if it does go up. In addition to having to deal with, the balance sheet marks if it goes down the other way. 


And is it in effect? 


That's what happened last week. That was the ruling that was announced last week. It's supposed to go into effect. In this calendar year. 


And then will this only be in effect for Bitcoin or will it be in effect also for Ethereum? 


It will be in effect for Ethereum as well. That's right. It is a game changer in the sense. And I don't expect S&P 500 companies to come out and just start buying Bitcoin and having it part of their corporate treasury strategy like Tesla did.

But it just allows the optionality because beforehand it was a game changer. None of the companies that even traffic and allow their customers to actually buy or sell their products through Bitcoin or Ethereum, for example, they wouldn't retain the balances. They would instantaneously either turn 'em into stables and then go ahead and turn 'em into fiat.

But it was really just non-existent, the adoption of putting 'em on balance sheet, even for the companies that have been very proactive about wanting to get into the space. But even think about PayPal, right? You could buy and sell through PayPal. All that they would be willing to do is essentially through APIs, allow other institutions to be the the means to do so.

But they wouldn't balance sheet it. They would never warehouse anything. This FASB rule creates some optionality. If they wanna actually create tighter markets for their clients, there's other ways to do it now. So again, I don't expect there to be a massive amount of buying from corporations, but this at least cleans up an impediment that was in the space. 


Great. And then on a similar level, where are we with global regulations in this space? Which sub-sector within crypto is likely to get regulated at first? And what do you think would be the impact once the regulations come in?


Yeah, that's a great question and it's a frustrating question because it's clear that the US were way behind. Over in Europe, the Markets In Crypto Assets regulation or MICA has basically firmed up all of the rules. It was passed last week. It will be implemented over the course of later this year or next year, but at least they're laying out the rules.

And you have the German regulator, Bafin, they're tough regulator, but they at least are open-armed in the sense that they are welcoming the innovators to have a discussion. And actually work collaboratively to figure out what the rule should be. Now sometimes those rules are stringent, but at least they actually welcome in and try to figure things out as opposed to the SEC's Gary Gensler, who basically has been reiterating, ‘Oh, come on in and talk to us. We'll, help you figure it out’. But it's clearly disingenuous. They're just continuing with their rule by enforcement as they try to do the power grab. Even the Kim Kardashian settlement two weeks ago was a joke to me because he broke protocol internally, he created a video which probably cost him hundreds of thousands of dollars, to send out promotional video about how influencers shouldn't be taking on crypto assignments. And went on CNBC before the announcement even was made public. So we're operating in a different regime here. Now, the good thing is that Biden actually opened the doors for collaborative approach with the executive order earlier this year where he basically was asking all of the different areas of Congress, Senate, all the different regularatory bodies to basically do the research and report back and create suggestions. So we're still in that phase of trying to find out what the right rules are going to be, but most of the reports that are coming back are basically just talking about roadmaps and ‘templates for creating templates’ as opposed to actually coming back with the tangible rules. So the only area that I see near term answers for is Stablecoins. The rest, even though we have bipartisan suggestions from Cynthia Lummis, Republican from Wyoming and, and the Democrat from New York Kirsten Gillibrand, I don't expect a full bill to, to pass anytime in the near term. It's gonna take at least a year in my view. The stablecoin side though has bipartisan support. That'll probably be early 2023 but nothing will happen before the midterms clearly. But on the stablecoin side, I think the answer's gonna be that they're gonna pull 'em in underneath the banking supervision.

And what they're just gonna do is they're gonna establish clear reserves audit policies, and just better oversight. So for the likes of Tether, it won't be easy for those types of institutions to get away with not having clear asset disclosure.


Interesting. Do you think the banks themselves will be allowed to issue their own stablecoins, or is it just gonna be these private companies like Circle and Tether that do the job of issuing or minting stable coins? 


That's a great question. And I've kind of bounced back and forth. I think it's an eventuality. Yes. But I don't know if you saw last week, the acting Chief of the OCC who oversees the banks, that was the most open-arms to some of the banks getting into the digital assets under Brian Brooks, who left a year ago. But OCC director Michael Sue has basically reversed some of those steps and his policy and a report he just wrote last week at a conference was ‘Don't Chase’. And basically what he's saying is, ‘Listen, let's be methodical. Let's be patient. Let's make sure all of the controls are in place for these banks to get involved before they can actually touch the digital assets themselves’.

So I do think it's an eventuality. I just think that it's gonna take a while. And so SilverGate has the first mover advantage on that front, because as you know, they bought the Diem project from Facebook Meta when it was abundantly clear that no one was gonna allow Zuckerberg to try to create ‘Zuck money’.

And so I do think that Silver Gate has the the first mover advantage. And then it's eventuality. I just think that the regulator's are gonna be as super patient and pump the brakes in terms of when they're gonna allow it. But yes, I do think that banks will be allowed to issue stablecoins. 


Leading on to institutional adoption, on top of all the different requirements that those institutions have, would you say that the regulatory one is the most pressing at the moment or the most important for them? Or are there other requirement that they do have which they're looking at and expecting to have a clear answer for as well? 


I think they just want answers on the regulatory front. And there's gonna be a stale mate in terms of true institutional adoption. I would even point to last week's splashy announcement by Bank of New York, a bank that Alexander Hamilton founded. They announced that they were gonna allow crypto and the thing that I wonder, however, is, the SAB 121 rule that I alluded to before, which basically creates a situation where any of your clients' digital assets have to be treated as your own assets and liabilities.

Did Bank of New York really solve that? I don't think they did yet. And so the problem is, this is a splashy announcement near term where they will be willing to just have some of their clients' assets on their own balance sheet and treat it as their own assets and liabilities. But we're not gonna see full fledged adoption.

Because if you read the fine print of that report, it says ‘for selected institutional investors’ it's not broad based. And so we need to solve the SAB 121. We need to solve the accounting issues. We need to solve the questions of what we as regulated institutions can do with the assets the regulators would be very, very slow to allow institutions to touch digital assets directly without proper controls in place.


Well, Paul, I think within the short time that we have today, that was very, very insightful and power packed. Really appreciate you stopping by and you just told me before we started recording, you're joining us from the trading floor, right? You're live on the trading floor. 


That's right. I'm on the trading floor. Sorry for some background sound here cuz, in my day job  I'm the co-head of equity, so in addition to doing private capital solutions for companies before they go public I also work with the companies once they do go public.

And so we work with traditional mutual funds, sovereign wealth funds, hedge funds on that side, as well as working with VCs on companies in the earlier stage. And on that note, I'm actually heading both to the Coin Desk Ideas conference this week and to the Money 2020 event next week. We'll meet with a lot of really interesting, innovative companies, and if any of you would like to meet up with me, just reach out.


Perfect. Awesome. Thanks Paul for joining us today. 


Thanks, Paul. We look forward to having you on the podcast again. 


All right, great. Thanks again, Jerome. Thanks Pratik. 


Two Twitter Threads You Need To Be Aware Of

Twitter Thread #1

There are four important pieces of information in this partnership:

  1. Starting with the customers in the Web3 ecosystem, Google Cloud will offer select cryptocurrencies through Coinbase Commerce as a way to pay for its cloud services.
  2. The second feature is that web3 developers will be able to access blockchain data from Google Cloud through BigQuery- and this offering will be powered by Coinbase Cloud's Node service (node infrastructure provider).
  3. Coinbase Prime will provide secure custody and reporting services to Google for institutional crypto accounts.
  4. And finally the company will also leverage Google's fiber-optic network and the power of Google Cloud to process blockchain data at scale.

Coinchange Take:  The key takeaway here is that the Google Cloud team recognizes the importance of expanding crypto services and building in Web3. With Google getting into crypto, I think every company and developer will be building on Web3 over the next few years, to a point where Web3 will become synonymous with the internet itself or be so commoditized that nobody will know if a platform runs on blockchain or not. 

Twitter Thread #2 

Polygon's co-founder Sandeep Nailwal tweeted recently that police complaints (FIR) in one district in India will be powered by Polygon Blockchain, an initiative that will put public complaints on a blockchain. The platform is called and it will not charge users to file grievances or complaints and will offer both Hindi and English languages. It allows complainants to check on the status of their cases, find out who the assigned officer is, and receive alerts regarding their complaints. Basically, once the complaint has been filed, it cannot be removed or changed, it will be immutable. Firozabad Police Superintendent said, "We felt the need for this technology. Police stations in the area will have QR codes to scan to complete the form to register a complaint.". 

Coinchange Take: India has a historically messy process for registering police complaints marred by corruption, bureaucratic delays, and retractions by complainants themselves. Officers are known to cut their caseloads by refusing to register crime complaints, and there have been instances where complainants were either forced or intimidated into altering their original complaints. This could be a game-changer in ensuring right to justice. 

Mango Lending Market Exploit on Solana

What is Mango Markets?

It is a Decentralized spot margin, perpetual futures markets, borrowing and lending protocol on Solana. It is permissionless, all on-chain and all markets are collateralized. Sounds like a perfect Web3 protocol with plenty of functionality. So what could possibly go wrong? 

There are two things here that were key for this exploit to happen:

  1. Health factor
  2. Too many feature packaged for “maximum capital efficiency”

Jerome, Coinchange’ Head of Research put together a thread explaining the exploit and remediation to it.

Lets unpack the first one:

A health factor represents the status of a position based on the collateral value against its liquidation threshold. Generally health factor below 1 mean liquidation in MMP. Health factor above 1 mean no liquidation and head room to borrow more since collateral value is superior than borrowed value. This is the mechanism that was exploited.

Going onto second aspect:

While Mango Market pushed the boundary of product combination (lending/borrowing + perpetual futures markets and spot margin) this is where the issue came from. Indeed the health factor take into consideration all those components (as it should be) to calculate the position eligibility to borrow more or if it should be liquidated. In this case the exploiter team (Avraham Eisenberg + others) leveraged the mechanism of unrealized profit on a perpetual position on MNGO to inflate their health factor, allowing them to borrow (withdraw) all crypto from Mango Markets worth around $116M at the time. 

In details here is what happened: 

Two accounts were used to conduct the exploit. On account “A,” the team initially used 5 million USD Coin (USDC) to purchase 483 million MNGO and go short, or bet against, the asset. Then on account “B,” the team used another 5 million USDC to buy the short position opened by Account A, to effectively hedge the position (short + long position of same amount). 

The group then used more funds to buy up spot MNGO tokens, taking its price from just 2 cents to as much as 91 cents within a ten-minute span. This was only possible as spot MNGO was a thinly-traded token with low liquidity, which allowed the group to manipulate the prices.

As spot MNGO prices increased, the account “B” quickly gained around $420 million in unrealized profits which was used in the account health factor calculation. Because of that prop up health factor, the exploiter was then able to borrow (i.e withdraw) around $116 million in liquidity from all tokens available on Mango, which effectively wiped out the protocol and made it insolvent. (only $116 M borrowed because MNGO has a collateral factor of 20%.)

Here oracle providers had no faults. The oracle price reporting worked as it should have," Mango wrote on Twitter.

On October 12th, the exploiter team made a proposal on Mango Governance to try and negotiate for a bounty and to be clear of legal investigations. It failed to meet the quorum.

As of october 18th, another vote has passed where the Mango team asked the exploiter team to reimburse the funds to the treasury. 

The exploiter team reimbursed the funds while keeping around $50M as a “bounty”. 

Coinchange take: This is the first situation of  its kind: economic exploit with doxxing of the exploiter and usage of a portion of the exploited fund as bounty. But there are three ways in which we can reduce the occurence of such issues:

  1. Quadratic voting: essentially allows a voter to signal how deeply they care about an issue by making it costly to only vote for it (either with credits or with real token). This protects DAO governance from attacks of voter that don’t feel like spending the credit. 
  2. Threshold for “NO” votes could be implemented. On top of quorum threshold (minimum number of vote both “YES” & “NO” to consider the vote valid) this could help sort the issue of the “NO” vote not considered in case of attacks or high concentration of voting in selected users.
  3. Strong Due Diligence on the liquidity of the governance token. Understand the attack vector that long-tail asset creates for MMP and model the risk. We saw a similar situation in Venus hack. 

This concludes our 3-2-1 Q&A Blog. We’ll see you in the next one, two weeks from now. Meanwhile, kick back and earn passive income using Coinchange. Sign up today!

Stay informed - Subscribe today!

Receive monthly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.