The snow is falling hard in the second crypto winter. Without the hype and optimism of a bull market, many tokens have turned out to be near-worthless, and many formerly valuable projects have turned out to be scams. Rug-pulls, hacks, opaque “foundations” managing funds on behalf of “the community”, even some honest-to-goodness Ponzi schemes.
The correct attitude may well be one of total cynicism: of course a market predicated on skirting regulations turned out to have more than its share of fraudsters, cowboys, and incompetents. But cynicism is boring, and we want to learn something. Having been around two crypto booms and their subsequent crashes, I think there are some lessons we can draw. In particular, we can say something about how due diligence works, and how we might be able to use technology to make it work better.
In a nutshell, the problem is with the economics of due diligence. It costs time and money to do research, and it’s only worth doing that if you can get some special advantage from doing so. In regulated private markets, this advantage comes from the fact that regulations prevent mass participation: a restricted club of VC funds and angel investors can invest in due diligence, knowing that they will capture all of the upside from their investments. In regulated public markets, the companies that issue the stock are required, in effect, to publish research on themselves, lowering the risk for individuals to participate in the market.
Crypto markets have some features of both: the public is allowed to participate in the market, but without the requirement for the token-issuers to publish the kind of information that would be required in a public stock market. Since most investors cannot afford to do the kinds of due diligence required in an information-asymmetric private market, they end up taking risks with much greater uncertainty than is typical in either public or private regulated markets.
If you can buy shares in a company on a public stock market, we say that the company is “publicly-traded”. In order for the company to sell shares to the public, it must comply with a broad set of rules:
- it must publish financial information at regular intervals
- it must have certain governance arrangements in place
- it must agree to tell the shareholders if certain things happen which might affect the price of the shares
- it must also agree to share information with the markets before telling anyone else, so that well-connected insiders can’t make money by buying or selling on the basis of secret information
These rules aren’t always perfectly enforced, but there are plenty of cases of firms and individuals being sued for breaking them, and some go to jail on criminal charges too.
The burden of compliance is significant. Publicly-traded firms have to spend more on legal, compliance, and financial personnel, and have to publish information that they may prefer to keep private. Mistakes can be costly. But, for large firms, the price is often worth paying. Access to the stock market means cheaper financing for the company. It also means a chance to sell valuable shares for the founders, employees and investors. Publicly-traded firms are also typically large enough to bear the cost of compliance.
A privately-held company is one whose shares can’t be sold to the general public (outside of certain exemptions for crowd-funding). Because of this, they do not incur the costs of complying with the rules that bind publicly-traded firms. This is good, because small firms can’t afford those costs! Even fast-growing startups would generally prefer to direct resources toward more growth.
Even so, privately-held firms do require investment, and they can get it from venture capital funds, angel investors, private equity, and so on. They just can’t get it from the general public.
Due diligence is “performing a reasonable amount of investigation into something before buying it”. This means that before invest in something, you should take a close enough look at it to persuade yourself that the risk is acceptable.
A typical VC investment, and even some angel investments, can involve multiple rounds of pitching and negotiation, and often some kind of background check on the founders via informal networks. Early-stage startups don’t have lots of metrics to share—perhaps there’s a growth figure, but revenue is a lagging indicator and churn will not have become apparent yet. Investors will want to know what the founders are like as people, since that’s often the best guide to where the company is going.
This kind of personal due diligence is expensive for both the investors and the founders. For this reason, VC investors put a high value on personal recommendations, and often employ analysts to sift through the deals that don’t come with a strong referral. Angel investors team up into syndicates, so that if one member has done due diligence on a startup, the others will not need to repeat it. The whole process is designed to manage the high cost of due diligence.
Private equity investments involve even more due diligence, because the deal size is larger and the firm being invested in has much more data about its performance. Since that data is not public, it will have to be gathered together and examined by the investor’s own team. This is a very intense process involving many lawyers, accountants, and other specialists. It is common for deals to collapse during the due diligence process, when the buyer discovers information that lowers their estimate of the firm’s value.
It’s worth noting that participation in private markets is restricted by law: VC or PE funds are regulated, and even private individuals must meet some “accredited investor” criteria in most countries.
If you’re investing in a crypto token, you probably want to be doing VC-level due diligence. Who are the people behind the token? What is their track record? Do they even exist? Are their claims about their technology correct, or even plausible? If they have on-chain metrics showing growing adoption of their token, how do we know that these metrics are not being manipulated?
If you’re a personal friend of the founders, you can probably get answers to these questions. If you know someone who is a personal friend of the founders, you probably get the answers too. But if you don’t have that kind of access, you simply don’t know. In order to find out, you would have to spend time and money on due diligence. Sometimes this due diligence will tell you not to invest, so you will have to do due diligence on tokens for which you make no money.
This is simply too expensive for the individual investor. It’s a full-time job in itself. And so people look for signals that they hope will correlate to underlying qualities of the token: how much buzz does it have, are other people buying it, are there big-name investors on board? Hopefully the big-name investors have done due diligence on it, and you can just free-ride on their work. This makes little sense, since successful investors are not the kinds of people who let other people capture the upside from their work, but there are few other options.
The end result is that public investors are taking far more risk than they can understand. Rug-pulls are very difficult to execute on people who have done due diligence, but become possible when none of your investors can afford to ask the kinds of questions that would reveal the risk. Technically absurd projects would not get anywhere if the investors were asking serious questions or consulting with specialists, but when the investors can’t afford to do that, such a project might gain enough momentum to appear credible.
What can be done about this? One option is to become more like the private markets: restrict early-stage investment to people who are part of a select club of people who accept the need for due diligence and are willing to pay for it, either alone or in syndicates, and reward them with some degree of exclusive access to invest for a period of time. Another option is to become like public markets: require token-issuers to publish credible data about themselves, with serious mechanisms for punishing false or misleading statements.
Perhaps there are other options. Crypto “ratings agencies” which are designed specifically to target the worst cases of fraud and incompetence could improve the overall quality of the market. But either the token issues pay for this themselves, which creates some tricky incentive problems for the rating agency, or the investors pay, which creates a free-rider problem—why should I pay for a token to be rated if other people who haven’t paid will be able to invest in it?
I don’t see any easy solution. The most likely outcome is gradual assimilation of crypto into the regulated financial sphere, with a shift toward existing norms of securities offerings. This will mitigate many of the frauds, but will also throw up barriers to participation.