pith. sign in

arxiv: 2605.15934 · v1 · pith:AQ6KVILEnew · submitted 2026-05-15 · 💻 cs.CR · cs.CY

Privacy is Fungibility: Why Endogenous Tokens Are Not Money

Alex Lynham , Geoffrey Goodell This is my paper

Pith reviewed 2026-05-20 18:09 UTC · model grok-4.3

classification 💻 cs.CR cs.CY
keywords privacyfungibilityendogenous tokensblockchainstablecoinsmoneypermissionless ledgerscash
0
0 comments X

The pith

Endogenous tokens on public ledgers are not money because account-based models tie all assets to the security token's risks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper argues that cryptoassets and other endogenous tokens fail to function as money on public permissionless ledgers. It builds on prior analysis of cash versus credit to show that account-based balance abstractions create default interaction states equivalent to the most privacy-eroding forms of simplified credit. This establishes three linked points: blockchain economies generally lack any cash-like primitive, stablecoins do not supply one by default, and privacy-preserving assets on the same ledger inherit the fungibility and exposure problems of the endogenous token that secures the network.

Core claim

Endogenous tokens such as cryptoassets are not money. Public permissionless ledgers typically rely on an account-based abstraction for balances that maps onto the most harmful models of agent interaction identified in work contrasting cash with simplified credit. As a result, most blockchain economies lack a cash-like primitive, stablecoins do not intrinsically fulfil this role, and reliance on an endogenous token for network security exposes holders of any privacy-preserving asset to equivalent risks whenever that asset shares the same global ledger state.

What carries the argument

The account-based abstraction for balances on permissionless ledgers, which produces a default state that aligns with the least private models of credit and thereby prevents cash-like properties from attaching to any asset on the shared ledger.

If this is right

  • Most blockchain economies lack a cash-like primitive.
  • Stablecoins do not intrinsically fulfil the role of cash.
  • Reliance on an endogenous token for security exposes holders even of a privacy-preserving asset to the same risk if that asset relies on the same global ledger state.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Designers would need separate ledger states or independent security mechanisms to isolate privacy assets from the endogenous token's visibility and price risks.
  • This raises the question of whether any token used for consensus can coexist with cash-like assets on one global state without compromising the latter.
  • Alternative architectures such as layered or off-chain primitives might be required to introduce true fungibility without shared exposure.

Load-bearing premise

That many public permissionless ledgers use an account-based abstraction for balances that creates a default state mapping onto the most harmful models of agent interaction from the cash-versus-credit analysis.

What would settle it

An empirical demonstration that a privacy-preserving asset on the same ledger as an endogenous security token maintains independent fungibility and anonymity even when the token's price or consensus participation changes.

read the original abstract

In this paper, we make a case that endogenous tokens such as cryptoassets are not money. First, we define and classify tokens found on public, permissionless ledgers, contrasting them with privately issued stablecoins and proposed CBDC designs. We then discuss the work of Kahn et al in Money is Privacy on cash versus simplified credit, and we extend their analysis to the situation found on most public, permissionless ledgers. Many public, permissionless ledgers utilize an account-based abstraction for balances, resulting in a default state that maps onto the most harmful models of agent interaction enumerated in Money is Privacy. The conclusion is threefold: that most blockchain economies lack a cash-like primitive; that stablecoins do not intrinsically fulfil this role; and that the reliance of a network on an endogenous token for security exposes holders even of a privacy-preserving asset to the same risk, if that asset relies on the same global ledger state as the endogenous token.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper claims that endogenous tokens (cryptoassets) on public permissionless ledgers are not money. It classifies such tokens against privately issued stablecoins and proposed CBDC designs, extends the cash-versus-simplified-credit framework of Kahn et al. (Money is Privacy) to blockchain settings, and concludes that most blockchain economies lack a cash-like primitive, that stablecoins do not intrinsically supply one, and that privacy-preserving assets remain exposed to the same risks when they share global ledger state with an endogenous security token.

Significance. If the mapping to Kahn et al.'s harmful models holds, the work identifies a structural limitation in current ledger designs that affects both privacy and the fungibility of assets, with potential implications for protocol-level choices between account-based and UTXO models as well as for the design of privacy layers. The paper's value lies in its explicit classification of token types and in drawing attention to the interaction between consensus security and information partitions; however, because the argument is purely conceptual with no new formal model, empirical test, or machine-checked property, its significance remains conditional on the rigor of the claimed equivalence.

major comments (1)
  1. [Extension of Kahn et al. analysis to public ledgers] The central extension of Kahn et al.'s framework (the section contrasting cash and credit models with ledger state) asserts that the default account-based abstraction on permissionless ledgers produces agent interactions equivalent to the most harmful enumerated models, yet supplies no derivation, transaction trace, or property-by-property comparison of observability, timing, and cryptographic guarantees. This equivalence is load-bearing for the threefold conclusion and is not reduced to parameters or axioms internal to the paper.
minor comments (1)
  1. [Abstract and introduction] The abstract and introduction use the phrase 'maps onto' without a preceding definition or table that enumerates the relevant information partitions from Kahn et al.; a short explicit table would improve readability.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive and detailed comments on our manuscript. We address the major comment below, providing a point-by-point response while remaining faithful to the conceptual nature of the work. Revisions have been made to enhance clarity where the feedback identifies a genuine gap in explicitness.

read point-by-point responses

  1. Referee: [Extension of Kahn et al. analysis to public ledgers] The central extension of Kahn et al.'s framework (the section contrasting cash and credit models with ledger state) asserts that the default account-based abstraction on permissionless ledgers produces agent interactions equivalent to the most harmful enumerated models, yet supplies no derivation, transaction trace, or property-by-property comparison of observability, timing, and cryptographic guarantees. This equivalence is load-bearing for the threefold conclusion and is not reduced to parameters or axioms internal to the paper.

    Authors: We agree that the manuscript would benefit from greater explicitness in the mapping. The extension is grounded in the public visibility of all account updates and transaction metadata on permissionless ledgers, which directly parallels the full observability by the intermediary in Kahn et al.'s simplified credit models. No new axioms are introduced because the properties (global state observability, lack of native privacy primitives, and shared security exposure) follow from the standard definitions of account-based blockchain ledgers. To address the concern, we have added a dedicated subsection with a property-by-property table comparing observability, timing of state updates, and cryptographic privacy guarantees across cash, simplified credit, and the default ledger state. This table references the specific models from Kahn et al. and shows the equivalence without altering the paper's conceptual scope or adding formal proofs. revision: yes

Circularity Check

0 steps flagged

No circularity: external framework applied to new domain

full rationale

The paper's central derivation classifies endogenous tokens on permissionless ledgers, contrasts them with stablecoins and CBDCs, then invokes the external Kahn et al. framework from Money is Privacy to classify account-based balance abstractions as mapping onto the most harmful credit models. This mapping is presented as an extension of the cited work rather than a self-contained derivation, with no equations, fitted parameters, or self-citations that reduce the conclusion to the paper's own inputs by construction. The three conclusions follow from the external analysis plus the factual observation about ledger state, without tautological redefinition or load-bearing self-reference.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The paper depends on prior definitions of token types and the direct applicability of the Kahn et al interaction models to blockchain abstractions without introducing new fitted parameters or invented entities.

axioms (2)
  • domain assumption The account-based abstraction used on most public permissionless ledgers produces a default state equivalent to the most harmful agent-interaction models in Kahn et al.
    This premise is invoked to conclude that blockchain economies lack a cash-like primitive.
  • domain assumption Stablecoins do not intrinsically supply the missing cash-like privacy primitive on the same ledger.
    Stated as part of the threefold conclusion.

pith-pipeline@v0.9.0 · 5686 in / 1142 out tokens · 72397 ms · 2026-05-20T18:09:43.924331+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

30 extracted references · 30 canonical work pages

  1. [1]

    Binance: Crypto Trader Loses $220,764 In MEV Bot Attack, https://www.binanc e.com/en/square/post/03-13-2025-crypto-trader-loses-220-764-in-mev-bot-attac k-21471548687129 [Accessed: 04.03.2026]

    work page 2025

  2. [2]

    Binance: Historical Snapshot - 25 July 2016, https://coinmarketcap.com/historic al/20160725/ [Accessed: 04.03.2026]

    work page arXiv 2016

  3. [3]

    Finance Research Letters51, 103358 (2023)

    Briola, A., Vidal-Tomás, D., Wang, Y., Aste, T.: Anatomy of a Stablecoin’s failure: The Terra-Luna case. Finance Research Letters51, 103358 (2023). https://doi.or g/https://doi.org/10.1016/j.frl.2022.103358, https://www.sciencedirect.com/scie nce/article/pii/S1544612322005359

    work page doi:10.1016/j.frl.2022.103358 2023

  4. [4]

    The Quarterly Journal of Economics140(1), 1–62 (10 2024)

    Budish, E.: Trust at Scale: The Economic Limits of Cryptocurrencies and Blockchains. The Quarterly Journal of Economics140(1), 1–62 (10 2024). https: //doi.org/10.1093/qje/qjae033, https://doi.org/10.1093/qje/qjae033

    work page doi:10.1093/qje/qjae033 2024

  5. [5]

    Budish, E., Lewis-Pye, A., Roughgarden, T.: The Economic Limits of Permission- less Consensus (2024), https://arxiv.org/abs/2405.09173

    work page arXiv 2024

  6. [6]

    Buterin, V.: On Settlement Finality, https://blog.ethereum.org/2016/05/09/on-s ettlement-finality [Accessed: 01.09.2024]

    work page 2016

  7. [7]

    Chainalysis: Funds Stolen from Crypto Platforms Fall More Than 50% in 2023, but Hacking Remains a Significant Threat as Number of Incidents Rises, https: //www.chainalysis.com/blog/crypto-hacking-stolen-funds-2024/ [Accessed: 17.06.2025]

    work page 2023

  8. [8]

    Journal of Institutional Economics14(4), 639–658 (2018)

    Davidson, S., De Filippi, P., Potts, J.: Blockchains and the economic institutions of capitalism. Journal of Institutional Economics14(4), 639–658 (2018). https: //doi.org/10.1017/S1744137417000200 Privacy is Fungibility: Why Endogenous Tokens Are Not Money 19

    work page doi:10.1017/s1744137417000200 2018

  9. [9]

    Technology in Society62, 101284 (2020)

    De Filippi, P., Mannan, M., Reijers, W.: Blockchain as a confidence machine: The problem of trust & challenges of governance. Technology in Society62, 101284 (2020). https://doi.org/https://doi.org/10.1016/j.techsoc.2020.101284, https: //www.sciencedirect.com/science/article/pii/S0160791X20303067

    work page doi:10.1016/j.techsoc.2020.101284 2020

  10. [10]

    Ethereum Foundation: Validator Checklist, https://launchpad.ethereum.org/en/ checklist [Accessed: 01.09.2024]

    work page 2024

  11. [11]

    Economics of Innovation eJournal (2014), https://api.semanticscholar.org/Corpus ID:153917729

    Houy, N.: It Will Cost You Nothing to ’Kill’ a Proof-of-Stake Crypto-Currency. Economics of Innovation eJournal (2014), https://api.semanticscholar.org/Corpus ID:153917729

    work page 2014

  12. [12]

    International Economic Review - INT ECON REV46, 377–399 (05 2005)

    Kahn, C., McAndrews, J., Roberds, W.: Money Is Privacy. International Economic Review - INT ECON REV46, 377–399 (05 2005). https://doi.org/10.1111/j.1468 -2354.2005.00323.x

    work page doi:10.1111/j.1468 2005

  13. [15]

    Kessler, S.: Cosmos-Based Juno Blockchain Pushed Offline in Apparent Attack, https://www.coindesk.com/tech/2022/04/06/cosmos-based-juno-blockchain-pus hed-offline-in-apparent-attack/ [Accessed: 01.09.2024]

    work page 2022

  14. [16]

    In: 2022 IEEE/ACIS 7th International Conference on Big Data, Cloud Computing, and Data Science (BCD)

    Kim, M., Suh, J., Kwon, H.: A study of the emerging trends in sim swapping crime and effective countermeasures. In: 2022 IEEE/ACIS 7th International Conference on Big Data, Cloud Computing, and Data Science (BCD). pp. 240–245 (2022). https://doi.org/10.1109/BCD54882.2022.9900510

    work page doi:10.1109/bcd54882.2022.9900510 2022

  15. [17]

    Journal of Economic Theory81(2), 232– 251 (1998)

    Kocherlakota, N.R.: Money is memory. Journal of Economic Theory81(2), 232– 251 (1998). https://doi.org/https://doi.org/10.1006/jeth.1997.2357, https: //www.sciencedirect.com/science/article/pii/S0022053197923577

    work page doi:10.1006/jeth.1997.2357 1998

  16. [18]

    Electronics12, 4417 (10 2023)

    Liang, Y., Wang, X., Wu, Y., Fu, H., Zhou, M.: A Study on Blockchain Sandwich Attack Strategies Based on Mechanism Design Game Theory. Electronics12, 4417 (10 2023). https://doi.org/10.3390/electronics12214417

    work page doi:10.3390/electronics12214417 2023

  17. [19]

    Tor, New York (2015)

    Liu, C.: The Dark Forest. Tor, New York (2015)

    work page 2015

  18. [20]

    Lopp, J.: Known Physical Bitcoin Attacks, https://github.com/jlopp/physical-bit coin-attacks [Accessed: 17.06.2025]

    work page 2025

  19. [21]

    Lynham, A., Goodell, G.: Decentralization: A qualitative survey of node operators (2025), https://arxiv.org/abs/2503.17246

    work page arXiv 2025

  20. [22]

    Lynham, A., Goodell, G.: Defining dlt immutability: A qualitative survey of node operators (2025), https://arxiv.org/abs/2507.02413

    work page arXiv 2025

  21. [23]

    Business and Politics23(4), 439–455 (2021)

    Marple, T.: Bigger than Bitcoin: A Theoretical Typology and Research Agenda for Digital Currencies. Business and Politics23(4), 439–455 (2021). https://doi.org/ 10.1017/bap.2021.12

    work page doi:10.1017/bap.2021.12 2021

  22. [24]

    Mintscan: Juno Proposal 16: Correcting the gamed stakedrop, https://www.mint scan.io/juno/proposals/16 [Accessed: 01.09.2024]

    work page 2024

  23. [25]

    Morris, D.: Juno’s Proposal 16 Vote is a Watershed for Blockchain Governance, for Better or Worse, https://www.coindesk.com/layer2/2022/03/16/junos-proposal-1 6-vote-is-a-watershed-for-blockchain-governance-for-better-or-worse/ [Accessed: 01.09.2024]

    work page 2022

  24. [26]

    Munroe, R.: XKCD 538: Security, https://xkcd.com/538/ [Accessed: 17.06.2025]

    work page 2025

  25. [27]

    Cryptography Mail- ing list at https://metzdowd.com (03 2009) 20 A

    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Cryptography Mail- ing list at https://metzdowd.com (03 2009) 20 A. Lynham and G. Goodell

    work page 2009

  26. [28]

    In: A Trea- tise on Altcoins (2015), https://api.semanticscholar.org/CorpusID:53311056

    Poelstra, A.: Distributed Consensus from Proof of Stake is Impossible. In: A Trea- tise on Altcoins (2015), https://api.semanticscholar.org/CorpusID:53311056

    work page 2015

  27. [29]

    Reuters: Chainalysis raises $170 mln in 6th funding round with $8.6 bln valuation, https://www.reuters.com/technology/chainalysis-raises-170-mln-6th-funding-rou nd-with-86-bln-valuation-2022-05-12/ [Accessed: 17.06.2025]

    work page 2022

  28. [30]

    Sun, Z.: $5 wrench attacks appear to be on the rise in the crypto community , https://cointelegraph.com/news/5-wrench-attacks-appear-to-be-on-the-rise-in-t he-crypto-community [Accessed: 17.06.2025]

    work page 2025

  29. [31]

    UK Financial Conduct Authority: Research Note: Review of Maximal Extractable Value and Blockchain Oracles, https://www.fca.org.uk/publications/research-n otes/research-note-review-maximal-extractable-value-and-blockchain-oracles [Accessed: 24.04.2026]

    work page 2026

  30. [34]

    Wright, T.: Two defendants plead not guilty in crypto kidnapping and torture case, https://web.archive.org/web/20250624140256/https://cointelegraph.com/news/c rypto-suspects-not-guilty-plea-kidnapping-torture [Accessed: 17.06.2025]

    work page arXiv 2025