Fungibility of Bitcoin

Original archived

As bitcoin matures, it encounters increasing debate about its monetary attributes. Of course, the most frequently discussed is scarcity, because bitcoin's greatest characteristic is its fixed supply. A close second is fungibility, along with the closely related topic of privacy, which is the subject of this post.

Below, I will show that bitcoin is fungible and how common arguments against it are often based on logical fallacies.

Characteristics of Money

First, let's list the characteristics of money, so we can all start on the same page. People tend to be more familiar with the functions of money (store of value, medium of exchange and unit of account) but are unfamiliar with the characteristics of an asset that make it well-suited to be money. These characteristics differ slightly depending on who you ask. The Federal Reserve says money must be: durable, portable, divisible, uniform, scarce, and widely accepted. The Mises Institute says money must be: scarce, durable, divisible, recognizable, homogeneous through space and time, malleable, and beautiful. Nick Szabo adds to this "unforgeable costliness" meaning money must be something that is very difficult to create but easy to verify authenticity.

None of the above sources cite "fungibility" directly, but the Fed says "uniform" which is essentially the same thing, and Mises Institute via Jörg Guido Hülsmann says "homogeneity". However, within bitcoin there is a keen awareness of fungibility being a necessary characteristic of good money.

Fungibility boils down to uniformity between units in a broad sense. If you have one unit of a good, you can replace it 1:1 with another unit of that good, each unit is a substitute for another. For example, units of No. 2 yellow corn are fungible, they are traded as if they are all the same, despite the fact that some individual bushels might be rotten, the traded units are 1,000 miles away, or not even grown yet. Gold itself is fungible, despite the fact that some bars or coins might be fake or of different qualities.

Non-fungible goods are goods whose units are distinct by definition. Examples of non-fungible goods are real estate or owned cars.

We can think of it this way. If I borrow a fungible good, like money, it doesn't matter if I return the exact same units of that good, any satoshis or dollars will do. However, if I borrow a non-fungible good, like my friend's car, it does matter that I return the exact same unit of that good. If I rent a car, I must return the exact same car (non-fungible) but the gas in the tank will be different (fungible).

Bitcoin is fungible according to this simple logic. Now, let's dive into some common objections to bitcoin's fungibility.

Common arguments against bitcoin's fungibility

#1: "The fact a UTXO can be clean or tainted means all bitcoin are non-fungible."

This argument is invalid because it describes the subjective interpretation (clean or tainted) of specific UTXOs (unspent transaction outputs), not the actual substance of bitcoin itself. There are many subjective reasons people might view money as tainted or refuse to accept it in payment. They might be prejudiced against you personally, your gold coin could have a dent but is otherwise the same, or a merchant might not accept gold coins from a particular country. These factors affect a coin's liquidity, but not its fungibility. The ability to discriminate against a bitcoin UTXO does not make bitcoin itself non-fungible.

For the above argument to be true, fungibility would require discrimination to be impossible, which simply cannot be the case. Nothing would ever be fungible. Humans discriminate for countless reasons. A shop owner might refuse a customer's money because they don't like their red hat, but that doesn't mean the money is non-fungible.

Monero

Nothing is entirely immune to discrimination or liquidity differences, not even privacy coins like Monero. Monero advocates criticize bitcoin's transparency as a death knell for its fungibility, without realizing Monero faces the same issue with a slight variation.

The only difference between Monero and bitcoin is that Monero’s history is limited to the current holder. This reduces the potential for discrimination but only by a small margin. People can still find infinite reasons to discriminate against transactions. The current spender can be discriminated against, even if they are anonymous, or specifically because they are anonymous. Anonymity can be a basis for discrimination, as we’ve seen with some exchanges refusing to trade Monero.

Just as a red-hat-wearing customer’s money is still fungible despite being rejected, it’s an equivocation fallacy to use fungibility to describe liquidity.

#2: "Every Bitcoin has its own provenance or history, its chain of title, making it a Non-Fungible Token."

It is true that the history of each bitcoin record or UTXO must have a public history, that's what is stored in the block chain and what enables a fixed supply. But it is also not enough to define the entire history or provenance, or even necessarily the significant portion of that history.

While it's true that each bitcoin record or UTXO has a public history, this is simply how bitcoin maintains its fixed supply. The argument suggests that because bitcoin can be counted and tracked, it is non-fungible. But provenance doesn’t make a unit non-fungible. Does it matter if gold came from a mine in California or Venezuela? How about if the gold passed through organized crime two transactions ago? No—gold is still fungible.

Satoshis versus UTXOs

In Bitcoin, satoshis are the unit with which the network is concerned. Amounts are measured in satoshis, not whole bitcoins. A balance of 1 btc is recorded as 100,000,000 units. The term “taint” is used because the taint is not precise. Coins tied to illicit activity are tainted, but only in a general sense, much like “one bad apple spoils the bunch.” Advanced algorithms can track "tainted" bitcoin through multiple transactions, but it remains an inexact process.

CoinJoin technology complicates tracking further. Europol's 2020 investigation into Wasabi (a CoinJoin wallet) concluded that if used wisely, Wasabi prevents successful tracking.

Below is a sample transaction. Notice, we can't tell which output comes from which input. They are all considered "tainted." Now, imagine a complicated transaction with hundreds of inputs and outputs, leading to multiple other transactions specifically designed to break the trace. It becomes extremely difficult, if not impossible, to follow provenance. Which input(s) contain the history of the 0.04 BTC output in this transaction?

On chain data is incomplete and getting worse

Today, and even more so in the future, we will not receive bitcoin on-chain, meaning we won't see the complete bitcoin transaction on the network. Instead, we will receive everyday payments via a service layer known as Layer 2. These transactions don't necessarily include provenance data. While some transactions will always occur on the transparent base layer—mainly large sums, like $100 million transfers—99% of people will not use this method.

Layer 2 is becoming more viable each day. I'd estimate it's at the development level that bitcoin was in 2013. In the next 5-10 years, Layer 2 services will likely be extremely robust. For example, bitcoin can already be sent today via a Lightning Network transaction, where individual transactions do not appear on the main network. With modern and future upgrades, you may be able to transact entirely within the Lightning Network, conducting multiple transactions daily without ever leaving provenance data on-chain.

Centralized Layer 2 platforms also do not leak provenance data to the network. For example, you can keep coins on Cash App and send or receive payments between other Cash App customers without revealing on-chain provenance. A centralized Layer 2 will also interact with decentralized versions; for example, exchanges today are beginning to offer Lightning Network deposits and withdrawals.

Lastly, and most overlooked, are hardware sticks for bitcoin, such as Opendime. These USB sticks securely hold bitcoin, with no one knowing the private key. They are designed in such a way that the private key is only revealed when a visible, physical part of the chip is broken. These sticks can hold any amount of bitcoin and physically change hands like bills or coins—no repeating transaction fees, no provenance data leaked. In the future, we may even see common denominations emerge, such as 0.001 BTC (~$50 today).

This #2 argument falls short for the same reason—the false equivalence of liquidity with fungibility—and the incorrect assumption that provenance data on-chain is sufficient to render satoshis non-fungible.

Conclusion

Bitcoin’s fungibility is often misunderstood, with critics conflating liquidity issues with the core concept of fungibility. While tracking and taint can affect the liquidity or usability of specific UTXOs, these factors do not alter the fundamental interchangeability of satoshis. Bitcoin, by design, remains fungible in the same way gold or cash are—where the asset itself is uniform, even if its history is scrutinized by some. As the ecosystem evolves, especially with the growth of Layer 2 solutions and privacy tools, concerns about fungibility will diminish further. The ability to track or trace bitcoin does not negate its status as fungible money, and the arguments against its fungibility are built on flawed assumptions. In short, bitcoin is fungible.