Self Custody in Crypto
Crypto Custodians
Centralized exchanges are generally trusted intermediaries with one job: facilitating trades as directed by their customers. Following the collapse of FTX many are left wondering how the $%!# such a highly regarded exchange can manage to lose all of its users’ deposits overnight. The unfortunate truth is that FTX users were handing over custody of their assets the second they deposited them, and, despite the balance displayed on their accounts, the funds were likely being mishandled for quite some time.
Centralized exchanges like FTX act as custodians on behalf of their clients. As custodians, CEXs handle all of the crypto users purchase and deposit on their exchanges. While this helps simplify the trading experience for new users, it requires a significant amount of trust from users.
Anyone can log into their CEX of choice and view their crypto balance at will, but that doesn’t necessarily make it real. Since crypto is simply digital units of account on a blockchain and crypto cannot ever be removed from a blockchain, the balance users see on a CEX reflects the amount of crypto the CEX holds (or claims to hold) on their behalf. Therefore any crypto a user “holds” on a centralized exchange should be thought of as an IOU issued by the CEX rather than actual crypto assets. There are several instances in which the crypto users store on centralized exchanges may be lost.
Lack of Transparency
Centralized exchanges operate opaquely which means users may not know how exchanges actually handle their assets. As businesses, exchanges are mostly focused on making money. There are certainly several opportunities for exchanges to earn interest on assets under their custody including but not limited to lending the assets to generate lending interest, locking up or “staking” the assets for some period of time to earn staking interest, or even investing in other assets.
All of these activities involve various levels of risk that exchanges may be taking without their customers’ knowledge. In FTX’s case a significant amount of risk was taken at the expense of depositors when user funds were lent cheaply to Alameda Research, a crypto VC and quantitative trading firm engaging in high risk activities. Even low-risk staking behind customers’ backs can become problematic if many customers wish to withdraw their assets at the same time thus creating a liquidity crunch.
Exploits
Centralized exchanges generally make good targets for hackers due to the large amount of crypto stored in their wallets combined with centralized points of failure. Crypto is still only in its infancy as an asset class, yet crypto exchanges have already suffered over $15B in crypto losses due to hacks. Security breaches, bugs, social engineering, and even inside jobs all contributed to these losses. While it’s in every centralized exchange’s best interest to make their customers whole when funds are lost in an exploit or hack, customers may ultimately be forced to eat the loss.
Performance Issues
Centralized exchange users also commonly encounter performance issues and downtime when trying to interact with CEX platforms. This can make it impossible for CEX users to actively manage their funds, especially during times of high market volatility. The inability to access crypto at a moment’s notice can quickly equate to a loss of the value associated with the crypto assets during market turbulence.
Not Your Keys Not Your Coins
While crypto-natives have long preached the phrase “not your keys not your coins” and encouraged crypto investors to withdraw their crypto from exchanges, their claims are often interpreted as fear mongering and ignored by newer market participants. The importance of self-custody in crypto is often learned the hard way when the assets users store with a custodian are confiscated and they’re left empty-handed.
“Not your keys” is referring to the private keys associated with crypto wallets. Private keys are randomly generated when crypto wallets are created, and act as unchangeable passwords which are needed to approve transactions originating from the corresponding wallet addresses. Similarly to how an email account can be accessed by anyone with the appropriate login credentials, the crypto associated with a wallet address can be transferred by anyone with the corresponding private keys. Unlike the credentials to an email account, private keys cannot be recovered or altered if lost or compromised.
When a crypto user purchases or deposits crypto on a centralized exchange, the centralized exchange is responsible for managing the private keys needed to access the crypto. Therefore if the centralized exchange’s keys are lost, “your” crypto is lost. If the centralized exchange’s keys are compromised, “your” crypto is compromised. If the centralized exchange undergoes maintenance or chooses to halt withdrawals, “your” crypto is stuck. If the centralized exchange chooses to lend to a high-risk borrower to gamble, you better hope they win.
Self Custody
Crypto users can ensure their assets are safe by creating a crypto wallet and withdrawing their crypto from a centralized exchange to their wallets. By storing crypto in their own crypto wallets and securing their private keys, crypto users can rest assured that their assets are safe.