As the list of casualties grows from the sudden and steep descent of crypto markets into bear territory, so does the cry to heed the no.1 rule of crypto - ‘not your keys, not your coins’. While NGRAVE wholeheartedly supports self-custody, we also appreciate that the reality isn’t quite as simple as that mantra. We can use the wisdom of Bitcoin’s creator, Satoshi Nakamoto, to help us understand the nuances of self-custody and why so many crypto owners choose not to heed crypto’s golden rule.
In the first two paragraphs of the Bitcoin Whitepaper, Satoshi Nakamoto’s blueprint for a new form of peer-to-peer cash, the word ‘trust’ appears six times. That’s because Satoshi viewed the need for trust as the biggest weakness of the traditional financial system.
The genius of Satoshi’s creation was to take inspiration from previous attempts at digital cash and then add a crucial missing piece - making it work without the need for trusted central authorities.
“While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model…….no mechanism exists to make payments over a communications channel without a trusted party. What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.” - Bitcoin Whitepaper
What’s interesting about this quote from the Bitcoin Whitepaper, and others from Satoshi’s digital footprint that we’ll use to understand the case for self-custody, is that it both captures their trust-issues with private monetary transactions, as well as their pragmatic acceptance that ‘the system works well enough for most transactions.”
Satoshi’s wisdom around trust might then be summarised to - remove the need for trust as much as possible, but accept that taking a 100% trustless approach to your finances may be impractical.
So let’s unpack that wisdom by understanding:
What Satoshi meant by replacing trust with cryptographic proof
Why do some people choose not to self-custody?
The role that trust-based institutions play in accessing crypto
The risks of not having full custody of your crypto
What are the alternatives to the trust model?
The security of cold storage
Trust, self-custody & cryptographic proof
When Satoshi talked about a ‘trust based model’ for financial transactions, he meant that for you to participate in a financial transaction, say depositing some funds with a bank in order to receive interest or taking out a loan; each has to trust the other to keep their side of the bargain and not simply run off with the money.
Both sides can take action to support that trust. The bank can follow rules and regulations imposed on financial institutions, which require you to trust those entities. At the same time, you must convince the bank to trust you by surrendering a lot of personal information.
This arrangement is sub-optimal because trust is easily broken, so Satoshi replaced trust with cryptographic proof; maths cannot be broken.
Cryptography, self-custody & responsibility
The word cryptocurrency is what is known as a portmanteau, a word that blends the meaning of two other words - cryptography and currency - explaining that it is money secured by cryptographic proof.
The mechanics of cryptographic proof are complicated but they boil down to Bitcoin - and the cryptocurrencies it inspired - functioning like digital vaults controlled by a pair of keys.
A Public Key specifies the virtual location of the vault on the blockchain - its address. A Private Key enables the vault to be opened and the funds spent.
As the name suggests, a Public Key is intended to be shared, while a Private Key - which unlocks the vault - is for your eyes only and must be protected at all costs.
You can connect to your vault on the blockchain through a digital wallet, where both the Public and Private Keys are held, and in case you cannot access that wallet, you must store a backup of those keys as a failsafe.
While storing a form of cryptographic proof might sound like a massive headache, wallet innovation has meant that Private Keys - which in raw form amount to strings of 256 ones and zeros - are magically translated into a single collection of unique words or sets of alphanumeric characters. This user-friendly catch-all for Private Keys is commonly referred to as a Seed or in NGRAVE’s case, the Perfect Key.
So Satoshi’s vision of money without trust requires individuals to store their crypto in a wallet that supports self-custody and to store that Seed securely.
Sounds simple enough but being ultimately responsible for your money via Private Keys presents a paradox.
It is nearly impossible to crack the cryptography used to generate Private Keys/Seeds. Still, if they are stolen or lost, there is no way back, which for many people is a frightening amount of responsibility when we are so used to the trust-based approach for all our online services, which comes with email/chat support.
So the first obstacle to self-custody of cryptocurrency is a behavioural one; we have to get used to taking responsibility and understanding best practices. That, however, is easier said than done and Satoshi addressed this dilemma directly in another telling quote:
“May 18, 2010: Creating an account on a website is a lot easier than installing and learning to use software, and a more familiar way of doing it for most people. The only disadvantage is that you have to trust the site, but that’s fine for pocket change amounts for micropayments and misc expenses. It’s an easy way to get started and if you get larger amounts then you can upgrade to the actual bitcoin software.”
Reading Satoshi’s post, you have to appreciate that hardware wallets like the NGRAVE ZERO didn’t even exist. Nevertheless, over a decade later those words still ring true because the path to least resistance for the majority of crypto owners is still to trust someone else with their funds. In the majority of cases, that means a centralised crypto exchange.
A pragmatic view of custody
The most obvious reason crypto users store their funds on an exchange is because that is how they acquired it in the first place. Centralised exchanges are the point of overlap between the existing financial system (aka fiat money) and the new world of decentralised money (cryptocurrency).
Because exchanges have to plug into the banking system, they still operate on the trust model Satoshi wanted to break. So the path to self-custody inevitably starts with trusting an exchange to help you acquire crypto.
Once that hurdle has been negotiated, you can exercise self-custody by transferring your funds off the exchange. So why don’t more people do just that?
The most obvious reason is that we are psychologically wired to fall back on defaults, given that 99% of crypto users start their journey with a centralised exchange that becomes their default storage system even when they don’t intend to trade actively.
Spelling out the risks of custodial services
Any centralised service that has custody of your funds - an exchange or crypto bank - operates as a black box. You cannot know how adequate their security or risk management is, forcing you to trust them to do the right thing. There’s that word again!
Though most services will likely live up to their commitments, the opaque nature of trust-based systems inevitably leads to their abuse, often through greed, opportunism, mismanagement, or some combination of all three.
There are countless examples of centralised services being hacked, both from the outside and the inside, or simply going bust. We listed ten of the biggest crypto hacks in this article, but it is worth highlighting a few examples here to show the frailties of the trust model and the dire consequences when trust is broken.
When the Japanese-based exchange went offline in February 2014 it accounted for 70% of all Bitcoin trading worldwide. 850,000 BTC were lost (750k from customers & 100k belonging to the exchange), roughly 7% of the entire supply. Ten years later, customers are still waiting for a restitution plan to be finalised.
In 2016 the Hong Kong-based exchange Bitfinex lost 120,000 BTC through a hot wallet hack. The exploit accounted for 0.75% of all bitcoin in circulation and caused the price of bitcoin to drop by 23%. To stave off insolvency Bitfinex employed a ‘bail in’ applying losses to customers with a 36% haircut and compensated with an IOU. This tradeable BFX token eventually ended as net-profitable.
Though the loss of $190million of crypto doesn’t put Quadriga in the top 10 list of biggest hacks, it has become notorious because of how the exploit was exposed.
Gerald Cotten, the CEO of what was at the time Canada’s biggest crypto exchange, died on holiday in India. It soon transpired that he had sole custody of the exchange wallets, which turned out to be empty. Cotten had been trading customer funds on other platforms with disastrous consequences.
The latest event to underline the dangers of custodial crypto services saw the freezing of withdrawals for the 1.7million customers using Celsius Network, a centralised yield generation platform.
Details are still emerging as to why Celsius cannot service withdrawals - suggestions point to a lack of liquidity or insolvency - but whatever the cause, customers have once again had their trust broken and could end up paying a heavy price.
The 2008 financial crisis was the perfect illustration of how significant the consequences can be when risk is obfuscated and becomes systematic. Satoshi gave a hat-tip to this by adding the following reference to the Bitcoin Genesis Block:
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks."
Over the last few weeks, the crypto industry has witnessed our version of the financial crisis, which is why Twitter is awash with references to Lehman Brothers, as they were the first domino to fall.
The fear now is that the sector might experience an unstoppable chain of liquidations and insolvencies spreading like the sub-prime contagion punishing those that didn’t retain control of their keys.
DEFI doesn’t have all the answers
Anyone using exchanges as more than an on-ramp can immediately migrate to a DEX (decentralised exchange) that doesn’t touch the fiat system and enables you to transact yet retain control over your keys.
This model applies to all DEFI protocols meaning that withdrawals cannot be suspended, and there are no accounts to lock. The bad news is that this doesn’t entirely shield you from risk; it just takes a different form.
Whereas centralised services require trust in people, DEFI requires trust in code, and unfortunately, bad code or bad logic expressed as code can have disastrous consequences.
The recent Terra/Luna collapse is an example of the latter, with a $40bn platform collapsing like a house of cards in a matter of days, while DEFI hacks accounted for $1.4bn in the first five months of 2022.
Subscribe To The NGRAVE Blog
Get the latest insights on crypto, security, blockchain, and more.
So it seems that crypto holders looking to trade or generate yield face risks on both sides - CEFI & DEFI - yet even with these catastrophic events reinforcing the argument for cold storage, the majority won’t heed the warning, and we shouldn’t expect them to.
People don’t always act rationally; to expect them to is unrealistic and ignores basic behavioural psychology. Heuristics aside, we need investors to take some risk; without risk-seekers Bitcoin may have never even gotten off the ground.
The problem is when our judgments are clouded by psychological biases rather than guided by logic. This can lead us to think that hacks are just headlines impacting other people or that Luna’s implosion was a one-off.
The best we can expect is that the trauma of recent events acts as a catalyst for more users to adopt the NYK/NYC mantra and actively move their funds to cold storage rather than leaving them on a CEX by default.
No one should expect or even want all crypto to be sat in cold storage because that would defeat part of its function as a medium of exchange.
June 26, 2010: Like cash, you don’t keep your entire net worth in your pocket, (you keep) walking around money for incidental expenses.
Again Satoshi hinted at the idea of striking a balance between funds kept in cold storage (savings) and funds for spending or trading; it’s up to you what that balance looks like but consider cold storage as savings and remainder as your current/checking account.
As the Lightning Network develops, it will become easier to spend Bitcoin securely, while Mastercard and Visa are moving towards integrating crypto into their vast networks.
Moving to the safety of Cold Storage
If you have funds on a centralised service, the good news is that it is easy to move them to the safety of cold storage. Check out the specifications for NGRAVE’s ZERO built to provide the highest level of offline protection for your coins.
Once you have a ZERO, we’ve got an entire article on how to move funds from hot wallets, but the tl’dr is that the process takes just a few minutes and the transaction fees are a price worth paying for peace of mind in what are turbulent times.
We are an adaptive species, so attitudes around the custody of money will gradually change. Wallet design will play a big part with NGRAVE’s mission to produce the safest and easiest way to self-custody:
No one should access your crypto except you. Own what is yours.