arrow-left arrow-right brightness-2 chevron-left chevron-right circle-half-full dots-horizontal facebook-box facebook loader magnify menu-down rss-box star twitter-box twitter white-balance-sunny window-close
Fungibility of Bitcoin
7 min read

Fungibility of Bitcoin

This is a detailed look at fungibility as a concept, how it applies to bitcoin, and debunking some of the common arguments against it.
Fungibility of Bitcoin

As bitcoin matures, it runs into periods of greater debate about its monetary attributes. Of course, the most often discussed is scarcity because bitcoin's greatest characteristic is its fixed supply. A close second most popular attribute is fungibility and the closely related topic of privacy, which is the subject of this post.

Below, I show that bitcoin is fungible and how common arguments against it are usually the result of a logical fallacy.

Characteristics of Money

First, let's list the characteristics of money, so we can all start on the same page. People tend to be more familiar with the functions of money (store of value, medium of exchange and unit of account) but are unfamiliar with the characteristics of an asset that make it well-suited to be money. They differ slightly depending on who you ask. The Federal Reserve says money must be: durable, portable, divisible, uniform, scarce, and widely accepted. The Mises Institute says money must be: scarce, durable, divisible, recognizable, homogeneous through space and time, malleable, and beautiful. Nick Szabo adds to this "unforgeable costliness" meaning money must be something that is very difficult to create but easy to verify authenticity.

None of the above sources cite "fungibility" directly, but the Fed says "uniform" which is almost the same thing, and Mises Institute via Jörg Guido Hülsmann says "homogeneity". However, within bitcoin there is a keen awareness of fungibility being a necessary characteristic of good money. In the Bitcoin Dictionary, I list the characteristics of money and define fungible as follows:

The characteristics of money used to rate its fitness are scarcity, durability, portability, fungibility, divisibility, and recognizability. If a good has a relative abundance of these characteristics it will tend to be used in a monetary role. (p. 47)
Fungible: Every unit of a good being indistinguishable from any other unit of the good.

Discussion: Traditionally, fungibility was a concern of the metal content of coins. Money issuers often collected old coins in the form of taxes and minted new coins of lower precious metal content. The fraudulent practice of clipping coins, cutting a small part of the edge of the coin off and trying to pass off the smaller coins at face value, was also common. This creates a situation where coins are fundamentally different and not fungible.

The more fungible a good the better it will perform the functions of money. Digital money has the benefit that every digital unit is identical, however, concerns of fungibility now center around tracking the use of the money. Unapproved transaction history is know as taint. Money used in unapproved activity is often marked and discriminated against, frozen or seized. Fungibility has switched from being evaluated by the market to being evaluated by the State.

Bitcoin is technically fungible in the sense of its composition, but bitcoins can be tracked, creating a situation of possible nonfungibility based on taint. Therefore, a natural incentive exists for the use of privacy enhancing tools. (p. 30-31)

Fungibility boils down to uniformity between units in a broad sense. If you have one unit of a good, you can replace it 1:1 with another unit of that good, each unit is a substitute for another. For example, units of No. 2 yellow corn are fungible, they are traded as if they are all the same, despite the fact that some individual bushels might be rotten, the traded units are 1,000 miles away, or not even grown yet. Gold itself is fungible, despite the fact that some bars or coins might be fake or of different qualities.

Non-fungible goods are goods whose units are different by definition. Examples of non-fungible goods are real estate or owned cars.

We can think of it this way. If I borrow a fungible good, like money, it doesn't matter if I return the exact same units of that good, any satoshis or dollars will do. However, if I borrow a non-fungible good, like my friend's car, it does matter that I return the exact same unit of that good. If I rent a car, I must return the exact same car (non-fungible) but the gas in the tank will be different (fungible).

Bitcoin is fungible according to this simple logic. Let's dive into a some common objections to bitcoin's fungibility.

Common arguments against bitcoin's fungibility

#1:  "The fact a UTXO can be clean or tainted means all bitcoin are non-fungible."

This argument is invalid because it is not characterizing bitcoin, it is characterizing the subjective interpretation (clean or tainted) of specific UTXOs (unspent transaction outputs). There are many subjective reasons people might view your money as tainted, or not accept your money in form of payment. It could be that they are prejudiced against you personally, or your gold coin has a dent but otherwise is essentially the same, or perhaps a merchant does not accept gold coins from country X. These things affect the liquidity of a coin, but not the fungibility of gold itself. The ability to discriminate against a bitcoin UTXO does not mean the substance of bitcoin is non-fungible.

For the above argument to be true, in order for a good to be fungible discrimination must be impossible. That simply cannot be the case, nothing would ever be fungible. We are humans after all. We can discriminate against other people for infinite reasons, e.g. a shop owner might not like a customer because of their red cap, all of a sudden their money is no good there.


Nothing is completely immune to discrimination or liquidity differences, this includes privacy coins like Monero. Monero promoters cry foul on bitcoin's transparency as a death knell for its fungibility, not realizing Monero has the same problem with a small difference.

The only difference between Monero and bitcoin is its history is limited to the current holder for Monero. In other words, its surface area for discrimination is smaller, but what is a fraction of infinity? People can still find infinite reasons to discriminate against certain transactions as tainted. The current spender can be discriminated against, even if they are anonymous; or specifically because they are anonymous. Monero coins can still be tainted by their owners. Anonymity can also be the basis for discrimination as we've seen by some exchanges refusing to service Monero trading.

Not accepting money from a red hat wearing customer does not mean his money is non-fungible. It is a equivocation fallacy to use fungibility to describe liquidity.

#2:  "Every Bitcoin has its own provenance or history, its chain of title, making it a Non-Fungible Token."

It is true that the history of each bitcoin record or UTXO must have a public history, that's what is stored in the block chain and what enables a fixed supply. But it is also not enough to define the entire history or provenance, or even necessarily the significant portion of that history.

This argument is trying to say that because bitcoin can be counted it is non-fungible. My first thought is "so what?" History is not a meaningful differentiating factor with which to make them non-fungible. Does it matter if gold came from a gold mine in California or Venezuela? How about if gold passed through the hands of organized crime two transactions ago? No, gold is still fungible.

Satoshis versus UTXOs

In Bitcoin, satoshis are the unit with which the network is concerned. Amounts are measured in satoshis, not whole bitcoins. A balance of 1 btc is recorded as 100,000,000 units. We use the term taint, because it is not exact. A pool of satoshis linked to a certain illicit activity is all tainted, like "one bad apple spoils the bunch". Coins can be followed through a process called chain analysis, and advanced algorithms can be designed to track "tainted" bitcoin through many transactions. But it comes down to taint, once again it is not exact.

Coinjoin technology can also be used to complicate matters for those attempting to track coins. Europol published their findings in 2020 after investigating Wasabi, a coinjoin wallet. Their conclusion was if the person-of-interest used Wasabi wisely, they couldn't be tracked.

Below is a sample transaction. Notice, we can't tell which output comes from which input. They are all "tainted". Imagine a complicated transaction with hundreds of inputs and outputs, leading to multiple other transactions specifically designed to break the trace. It becomes very hard, effectively impossible to follow provenance. Which input/s contain the history of the 0.04 btc output in this transaction?

On chain data is incomplete and getting worse

Today, and much more so in the future, we will not receive bitcoin on chain, meaning we won't get a full bitcoin transaction on the network. We will recieve everyday payments on a service layer we call Layer 2. These transactions don't necessarily have provenance data. Yes, some transactions will always occur on the transparent base layer, specifically the big money, who send $100 million in a single transaction, but 99% of people will not.

Layer 2 is becoming more viable by the day. I'd put it around bitcoin 2013 level of development and awareness. In 5-10 years time, layer 2 services will be extremely robust. Bitcoin can be sent via a lightning network transaction today, where individual transactions do not show up on the network. With modern and future upgrades, you will likely be able to stay in the lightning network indefinitely, transacting multiple times a day and never once leaving provenance data on chain.

Centralized layer 2's as well do not leak provenance data to the network. For example, you can keep coins on Cash App, send and receive, to and from other Cash App customers and not leak data to on chain provenance. A centralized layer 2 will also interact with decentralized versions, e.g. exchanges today are beginning to offer lightning network deposits and withdrawals.

Lastly, and most overlooked, is hardware sticks for bitcoin, like Opendime. These are USB sticks that can securely hold bitcoin where no one knows the private key. They are manufactured in a way to only reveal the private key, when a visible and physical part of the chip is broken. These sticks can hold any amount and physically change hands like bills or coins. No repeating transaction fee, no provenance data leaked. Perhaps, common denominations will emerge in the future, like 0.001 btc (~$50 today).

This #2 argument, falls short for the same equivocation of liquidity with fungibility, as well as the false assumption that provenance data on chain is sufficient to make satoshis non-fungible.


Bitcoin is fungible. The common arguments against its fungibility center around the equivocation of liquidity of individual units with fungibility of the broader asset. I demonstrated the sloppiness using the non-specific taint to condemn all UTXOs and its inadequacy to label all satoshis. Provenance data from chain analysis has also been debunked by showing it is limited and of questionable usefulness.

Enjoying these posts? Subscribe for more

Subscribe now
Already have an account? Sign in
You've successfully subscribed to Bitcoin & Markets Research.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.