Bitcoin has a fundamental problem that’s baked into how it keeps itself secure. A new working paper (PDF) from the Bank of International Settlements (BIS), the so-called central bank for central banks, concludes that Bitcoin is limited as a payment method because of the method, called proof of work, that it uses to secure its distributed ledger.

First, as we saw recently in an attack on Ethereum Classic, if someone is able to gain more than half the mining capacity of a proof-of-work system (many other cryptocurrencies rely on the method as well), they can use it to reverse transactions and effectively spend the same cryptocurrency twice. Called a double-spend attack, it happens when an attacker pays someone in cryptocurrency before creating an alternative version of the blockchain in which the payment never happens.

The deeper a transaction is in the blockchain, the more computing power is needed to create an alternative chain that doesn’t contain that transaction, and the lower the probability that a double-spend attack will occur. That’s why merchants who accept Bitcoin as payment can’t release the purchased goods until they wait for several additional sets of transactions, or blocks, to be added to the chain after the one containing the payment.

But a transaction isn’t truly final, argues Raphael Auer, a BIS economist, until it is so deep in the blockchain that it is in fact impossible for a double-spend attacker to profit. Achieving this, which he calls “economic payment finality,” is extremely expensive to the network.

The second economic limitation pertains to the way the network pays miners to keep it secure. In Bitcoin, miners who add a new block to the chain earn a set number of bitcoins, called the “block reward.” They can also earn transaction fees, which individual Bitcoin users propose when they submit new transactions. This income is incentive for miners to act in the interest of the whole network instead of selfishly attempting double-spend attacks. In Bitcoin, however, this will shrink over time, because the system is designed to phase out the block reward.

Transaction fees alone won’t be enough to keep the security of the system from deteriorating once this happens, says Auer, meaning that achieving true payment finality will take longer and longer. When the reward reaches zero, it might even take months for a payment to become irreversible, he writes, concluding: “The only fundamental remedy would be to depart from proof-of-work.” (See also: “Bitcoin’s inherent economics could keep it from ever being very important.”)

Auer notes that making such a substantial change to a cryptocurrency network’s software “would probably require some form of social coordination or institutionalization.”

Bitcoin has historically struggled with infighting and gridlock over technical decisions, however. Meanwhile, Ethereum is trying to switch from proof of work to an alternative method called proof of stake, and its community is realizing how difficult this is from a social perspective.