The Bearer Share Is Dead. Long Live Proof of Stake.
How a century of financial governance reform was quietly undone by people who think “decentralisation” is a technical property rather than a measurable outcome
There is a particular kind of fraud that does not announce itself. It does not forge signatures or fabricate transactions. It simply arranges the world so that the question “who is in charge?” cannot be answered — and then proceeds to be in charge.
The bearer share was the original technology for this arrangement. For roughly two centuries, it was the instrument of choice for anyone who wanted to control a corporation without anyone knowing they controlled it. You held the certificate; you voted the shares; nobody recorded your name. If you wanted to own 60 per cent of a company while appearing to own nothing at all, you distributed your certificates across intermediaries, associates, and safe-deposit boxes in three jurisdictions, and you voted them in concert while each position appeared independent.
It took the global regulatory community the better part of a century to kill this instrument. The process was slow, unglamorous, and fought at every stage by the people who benefited from opacity. But by 2022, the FATF — the closest thing international finance has to a legislative body — required all member jurisdictions to prohibit the issuance of new bearer shares and mandate conversion or immobilisation of existing ones. Over 200 jurisdictions. Total prohibition. The UK had already done it in 2015 with 100 per cent compliance. Switzerland in 2019 with criminal sanctions.
The reason was not obscure. The reason was that bearer shares were instruments of fraud. Not exclusively — there were legitimate uses, as there are legitimate uses for cash, offshore trusts, and Tor — but the governance pathology they enabled was judged, after decades of evidence, to be intolerable. The pathology was this: a person could exercise control over an economically significant institution without any other participant in the institution, any regulator, or any court being able to identify who they were.
That pathology has been recreated, in technically more sophisticated form, by Proof of Stake.
What bearer shares actually did
Let me be precise about what made bearer shares dangerous, because the usual summary — “anonymous shares, bad for AML” — misses the governance dimension entirely.
A bearer share was not merely an anonymous financial instrument. It was an anonymous governance instrument. The holder voted. The holder determined board composition, approved related-party transactions, authorised mergers, and controlled the distribution of corporate resources. And the holder was invisible.
The consequences were predictable and extensively documented. Hidden concentration: a single economic actor could accumulate a controlling position in a corporation — 40, 50, 60 per cent — while appearing on no register, triggering no disclosure obligation, and remaining entirely unknown to the minority shareholders whose interests they were now in a position to expropriate. Self-dealing: the invisible controller could set executive compensation, approve sweetheart contracts with related parties, direct corporate opportunities to private vehicles, and extract value through a thousand mechanisms that fiduciary duty was designed to prevent — except that fiduciary duty requires knowing who the fiduciary is. Regulatory evasion: the invisible controller could evade tax, circumvent sanctions, and frustrate every AML regime that depends on knowing who owns what.
None of this was theoretical. The FATF spent years documenting it. Nougayrède showed that even in registered intermediated systems — where bearer shares had supposedly been tamed through custodial deposit — the opacity persisted. In the Clearstream case, Iranian central bank assets were hidden in an omnibus account for years. If registered intermediation couldn’t solve the problem, pure bearer instruments were hopeless.
But here is the point that matters for the present argument: bearer shares were not abolished primarily because they facilitated money laundering. They were abolished because they undermined governance. They made it impossible to know who controlled the institution. They made accountability impossible. They made democratic corporate governance — the principle that shareholders should be able to identify who holds power over them and hold that power to account — structurally unachievable. The UK post-implementation review said it plainly: the potential for lawful use “did not outweigh the benefits of entirely preventing the potential for misuse.”
The international community looked at a governance instrument that permitted anonymous control of economically significant institutions and concluded: this cannot be tolerated in a well-functioning financial system.
Proof of Stake as bearer governance, rebuilt from scratch
Now consider a Cosmos Hub governance vote. A proposal is submitted — perhaps to change staking parameters, perhaps to allocate millions of dollars from the community treasury, perhaps to adopt a protocol upgrade that will affect every participant in the ecosystem. Voting opens for two weeks. Every bonded ATOM holder can vote: one bonded ATOM, one vote. Delegators inherit the vote of their chosen validator unless they actively override.
Who is voting? Nobody knows.
More precisely: the addresses voting are visible on-chain. The voting power of each address is visible. The outcome is visible. But the beneficial owners — the natural persons or entities that ultimately control the governance power — are unknown. A validator with 5 per cent of staked ATOM has no obligation to disclose that position. A person controlling ten validators through ten separate legal entities in ten jurisdictions, collectively holding 30 per cent of staked ATOM, has no obligation to disclose the common ownership. The governance system does not ask “who are you?” It asks “do you control a private key associated with sufficient stake?” That is a bearer instrument. That is the precise configuration the international community spent decades abolishing.
And here is where it gets worse than bearer shares.
The Sybil attack on governance: why PoS is more dangerous than paper certificates
A bearer share had a physical cost. The certificate had to be printed, numbered, stored, transported. If you wanted to fragment your position across fifty identities, you needed fifty certificates, fifty safe-deposit boxes, fifty nominee arrangements — each with non-trivial cost. The marginal cost of the next fake identity was positive. Not high, but positive.
In Proof of Stake, the marginal cost of the next pseudonymous identity is effectively zero. Creating a new Ethereum address takes milliseconds. Creating a new Cosmos validator address is trivial. The cost of fragmenting a 51 per cent position across 51 seemingly independent 1 per cent positions is: some gas fees for distributing tokens, some operational complexity in managing wallets, and nothing else. No incorporation fees. No nominee fees. No physical storage. No jurisdictional diversification costs. Just... more private keys.
Think carefully about what this means. An actor controlling 51 per cent of staked tokens on a PoS chain can present themselves to the governance system — and to every on-chain analytics tool, every researcher, every regulator — as 51 separate, independent, apparently unrelated minority holders. Each holds 1 per cent. Each appears to vote independently. Each comes and goes, accumulates and reduces, delegates and re-delegates, in patterns that look like the organic behaviour of a decentralised community of independent actors.
But they are not independent. They are one actor. And that one actor controls the chain.
They can pass any governance proposal. They can block any governance proposal. They can direct treasury allocations to their own addresses (spread across 51 ostensibly unrelated wallets, naturally). They can adopt protocol upgrades that benefit their positions and reject upgrades that threaten them. They can set staking parameters to entrench their dominance. And they can do all of this while the community, the researchers, and the regulators see nothing but a healthy, decentralised, widely-distributed governance process.
This is not a 51 per cent attack in the traditional sense. A traditional 51 per cent attack is a consensus-level assault — double-spending, chain reorganisation — that is detectable and punishable. This is a governance 51 per cent attack, and it is undetectable by design. The attacker does not need to disrupt consensus. They simply govern. They pass proposals. They allocate resources. They determine protocol direction. Everything looks normal. Everything looks like democracy. It is, in fact, autocracy cosplaying as decentralisation.
The Nakamoto coefficient — the minimum number of validators that must collude to control the network — is measured at the address level. On Cosmos Hub, it was 6–7 as of late 2022. But what is the beneficial-ownership Nakamoto coefficient? It could be 1. We would not know. The system does not — cannot — tell us.
The proxy-voting parallel that nobody wants to acknowledge
Consider Cosmos delegation. When you stake ATOM and delegate to a validator, that validator inherits your vote on every governance proposal unless you actively override. This is structurally identical to proxy voting in corporate governance. Your capital is at stake; someone else votes it.
In traditional finance, proxy voting is the most heavily regulated corner of corporate governance. In the United States alone: proxy solicitation is regulated under Section 14(a) of the Exchange Act. Proxy statements must disclose who is soliciting, what they want, and why. Proxy advisory firms (ISS, Glass Lewis) are subject to SEC oversight. Institutional investors have fiduciary duties in how they cast proxy votes. The entire apparatus exists because the delegation of governance power from beneficial owner to intermediary is recognised as a locus of agency risk — the intermediary may not act in the beneficial owner’s interest.
In Cosmos governance, none of this exists. The validator votes your ATOM. They have no fiduciary duty to you on governance matters. They have no obligation to disclose how they will vote, why they voted that way, or whether they have conflicts of interest. They have no obligation to offer you a mechanism for instructing your vote. The delegation-inheritance feature is presented as a convenience (”you don’t have to vote on every proposal!”) and it is, in fact, a massive unregulated transfer of governance power from dispersed token holders to a small set of validators operating without the regulatory constraints that every developed jurisdiction imposes on proxy intermediaries.
Tezos is even more instructive. Exchange bakers — Coinbase, Binance, Kraken — hold among the largest staking balances on the network. They are delegated governance power by millions of retail token holders who chose those exchanges for convenience and yield, not for governance representation. And these exchange bakers, the governance analyses show, participate in on-chain governance votes “quite infrequently — if at all.”
Read that again. The largest aggregations of governance power on Tezos — held by the most regulated, most identifiable entities in the ecosystem — do not vote. The governance outcome is determined by the smaller set of bakers who do participate. The beneficial owners of the exchange-custodied tokens have no idea this is happening. Their tokens are staked; they are earning yield; they assume their interests are represented. They are not. Their governance power has evaporated into the possession of bakers they have never heard of, who are under no obligation to them, and who may be — for all anyone can verify — the same economic actor operating under seventeen different names.
Why “decentralisation” is not an answer
The standard defence is that PoS governance is “decentralised” and therefore does not require the governance protections of centralised systems. This defence is wrong in a way that is worth being precise about.
“Decentralisation” in the PoS context is measured by counting addresses, counting validators, and computing Nakamoto coefficients. All of these metrics operate at the address level. None of them measure beneficial-ownership distribution. A network with 10,000 validator addresses and a Nakamoto coefficient of 50 looks spectacularly decentralised — unless 5,000 of those addresses are controlled by three entities, in which case the true Nakamoto coefficient is 3 and the network is a triumvirate masquerading as a republic.
The claim that a system is “decentralised” based on address-level metrics in a system where address generation is costless and beneficial ownership is unobservable is not a factual claim. It is an unfalsifiable assertion. You cannot prove decentralisation without knowing who controls what. And the system is designed so that you cannot know who controls what. Therefore the claim “this system is decentralised” can never be verified and can never be falsified. It is a statement of faith, not a statement of fact.
Bearer-share proponents made an analogous argument in the 1990s and 2000s. They argued that bearer shares promoted liquidity, reduced transaction costs, and enabled efficient capital allocation. All true, in the same way that it is true that getaway cars promote efficient transportation. The question was never whether bearer shares had benefits. The question was whether those benefits justified a governance system in which the controllers of economic institutions were systematically invisible. The answer, after decades of deliberation across 200+ jurisdictions, was: no.
The reintroduction of fraud through technological sophistication
What Proof of Stake has accomplished is the reintroduction of the bearer-share governance structure under a different name, with better technology, and with the additional advantage that the people who benefit from it have successfully framed transparency requirements as an attack on innovation.
Bearer shares permitted: anonymous governance, hidden concentration, self-dealing without accountability, regulatory evasion through opacity. PoS governance permits: pseudonymous governance, hidden concentration (amplified by costless Sybil fragmentation), self-dealing without accountability (amplified by programmable vote delegation), regulatory evasion through cross-jurisdictional operation on permissionless networks.
The technology is different. The economic structure is identical. The governance pathology is identical. The information deficit — who controls this institution? — is identical.
The only genuine difference is the pseudonymous ledger: blockchain records every transaction to a pseudonymous address, which is more information than a paper bearer share provided. This is real. But it is entity-level tracking, not beneficial-ownership identification. On-chain analytics can tell you that Address 0x7a3B... holds 3 per cent of staked ATOM. It cannot tell you that Address 0x7a3B... and Addresses 0x4f2C..., 0x9d1E..., 0x2b8A..., and forty-seven other addresses are all controlled by the same person. And in a system where creating a new address costs nothing, the assumption should be that sophisticated actors are fragmenting their positions — because the incentive to do so is enormous and the cost is negligible.
What the international community already decided
The FATF’s 2022 revision of Recommendation 24 did not merely suggest that bearer shares be addressed. It required prohibition of new issuance and conversion or immobilisation of existing instruments. This was not a tentative, experimental regulatory response. It was the culmination of decades of evidence, analysis, and deliberation across the largest and most sophisticated financial regulatory bodies on earth. The judgment was clear: instruments that permit the exercise of governance power without beneficial-ownership transparency are incompatible with a well-functioning financial system.
That judgment did not come with an asterisk that says “unless the instrument is digital” or “unless the proponents call it decentralised” or “unless the opacity is achieved through private keys rather than physical certificates.” The regulatory principle is functional: if the governance effect is the same, the regulatory concern is the same.
MiCA — the EU’s flagship crypto regulation — does not address this problem. It regulates issuers and service providers. It does not regulate the governance relationship between token holder and protocol. Its decentralisation carve-out (Recital 22) exempts precisely the systems where the bearer-governance pathology is most acute. The gap is not accidental; it is structural. MiCA was designed to regulate the market for crypto-assets, not the governance of crypto-asset protocols. But the governance problem is where the bearer-share analogy bites hardest, and it is the problem that nobody with regulatory authority is currently addressing.
The uncomfortable conclusion
The PoS governance structure is, in all respects relevant to the regulatory concern that motivated bearer-share abolition, a bearer governance instrument. It permits the exercise of economically significant governance power by unidentified beneficial owners, with no disclosure obligation, no accountability mechanism, and no way for other governance participants to determine who is actually in control. The costless generation of pseudonymous identities makes it strictly more vulnerable to hidden concentration than paper bearer shares were. The programmable delegation of governance power through smart contracts makes collusion cheaper and more scalable than anything available to bearer-share holders. The cross-jurisdictional operation of permissionless networks makes regulatory enforcement harder than it was for instruments that existed in a single national legal system.
The question is not whether this is a problem. The international community has already answered that question, unanimously and with finality, by abolishing bearer shares. The question is when the same analysis will be applied to the digital instruments that have reproduced the same governance structure — and what will happen to the hundreds of billions of dollars governed by these systems when it is.
The answer, I suspect, is: not soon enough, and not without significant losses first. That is usually how it goes. The regulatory response to bearer shares took decades. The losses — from hidden concentration, self-dealing, money laundering, sanctions evasion, and plain old-fashioned fraud — were absorbed by shareholders, taxpayers, and the public interest before the regulatory system caught up. There is no particular reason to believe that PoS governance will be different.
The technology is new. The governance problem is ancient. And the people who profit from opacity have always been more creative than the people who regulate it.
The analysis in this post draws on a longer paper currently in preparation for peer review. The views expressed are the author’s own.