If you’ve ever tried researching how to invest in Bitcoin or other crypto currencies, you may have heard the phrase “Not your keys, not your Bitcoin.” This common piece of advice encourages people to personally manage the keys to their Bitcoin and cryptocurrency wallets, because if you allow anyone else to manage them for you, for example, by using an online wallet, you don’t really “own” that cryptocurrency. As a cybersecurity and cryptocurrency expert however, I don’t think this advice is applicable to the vast majority of people investing in cryptocurrency today. In fact, I think it can be downright harmful and put novice investors at greater risk of losing their entire investment.
Now, there’s two parts to this argument: the first is philosophical while the second revolves around security. Let’s talk philosophy first. To understand the advice on manage your own keys we have to dive into the ideological underpinnings of Bitcoin, the very first cryptocurrency. Bitcoin was invented by Satoshi Nakamoto in the wake of the 2008 financial crisis to provide truly decentralized peer-to-peer exchange without the need of a third-party intermediary like a bank or the government. We know they because it’s the first sentence in Bitcoin’s whitepaper.
This idea of peer-to-peer exchange without intermediaries is a big deal because it’s the opposite of how our modern world is built. We’ve grown accustomed to the assumption that the only way to have trusted exchange between people who don’t trust each other is for both parties to have trust in a third party, like a bank or a government that verifies identities, issues the currency, and secures against fraud and abuse. Bitcoin, as it was built, is a repudiation of this entire system, because Satoshi believed the US financial system was corrupt. By replacing the financial middlemen with computer code, Bitcoin distributes trust to everyone else on the network, allowing people to transact with each other directly without having to trust a centralized entity.
In Satoshi’s utopia, there are no banks repossessing people’s houses or governments eroding the value of your savings through inflationary monetary policy, and no laws telling you where and what you can spend your money on. This can only work, however, if everyone who buys, holds, and uses Bitcoin do so without relying on third party intermediaries.
By now you may have realized the problem with this philosophy. I’d wager that most of us don’t actually want to live in a world where there are no intermediaries, because the absolute freedom to transact with one another also means we take on more responsibility. By holding your own Bitcoin, you are responsible for determining the identity of the people you’re sending money to, you are responsible for protecting yourself from fraud and theft, and you are responsible for making sure you’re not breaking the law. Most of us would rather trust the banks, credit card companies, and governments to do this for us.
Now, the second reason often used justify holding your own keys is for security. During the early days of Bitcoin, centralized exchanges and online wallets were HIGHLY insecure. Pretty much every major Bitcoin exchange in the last 10 years have been shut down, oftentimes without returning the funds that users had left there. Sometimes the exchanges were hacked, and other times they’ve fallen afoul of laws, or sometimes the site operators would shut it down and take everyone’s money, known as an exit scam. A lot of these sites were fly-by-the-night operations coded by people that may not have known the fundamentals of secure web development. Mt. Gox, for example, was originally supposed to be a trading card marketplace (it stands for Magic The Gathering Online Exchange). So during the early days of cryptocurrency it was NOT a good idea to store your crypto on an exchange account or any other online wallet. Your funds were likely to be hacked or lost, and the best way to protect your funds is to manage the keys yourself.
Now, here lies the problem. Managing cryptographic keys yourself is NOT an easy thing for most people to do. Consider how difficult it is to create strong passwords, avoid malware and protect your data in today’s digital world. As a cybersecurity consultant I’ve seen multi-billion dollar companies with huge IT teams mess this up, and I won’t expect home users to fare any better.
For long-term HODLers, even bigger concern than theft is loss of access. Maybe you experience a hard disk failure, or maybe you forget you had a crypto wallet on your hard drive when you wiped your computer to re-installed your operating system. Maybe you lose the thumb-drive you used to store your wallet file. We all know that these things happen a LOT more often then we’d like. Would you really trust a piece of consumer technology with a 5 year expected service life with storing your investments?
Next let’s discuss hardware wallets, like Trezor and Ledger. These wallets are supposed to eliminate the security risk of software wallets. But even discounting the high price of these wallets (over 100 dollars), they have their own problems stemming from the way people use them. I don’t think some people understand, for example, the importance of the recovery phrase, which is also known as a seed, that the wallet generates and tells you to “write down” when first setting it up. How many people are storing copies of that phrase and protecting it appropriately?
I don’t think some people realize that this recovery phrase IS the key to all the crypto in their hardware wallet, if someone so much as took a picture of that piece of paper they would be able to take ALL of their cryptocurrency. And again, what if that phrase and your wallet get lost or is destroyed? What if you misplace your hardware wallet and can’t find your recovery phrase? What if you passed away unexpected and didn’t tell your family or next of kin about your crypto? There is no bank or court that will help your them out here. In all of those instances your crypto is gone forever.
The point I’m getting at is that Bitcoin was designed to be a decentralized system, but most crypto investors today are accustomed to centralized systems that protect them from fraud, theft, and loss. When giving people advice about buying and storing cryptocurrency, crypto experts should give advice unbiased by their political beliefs.
My advices is that UNLESS you are a crypto-anarchist who doesn’t want anyone to know how much crypto you have, and you’re confident in your ability to protect the confidentiality, integrity and availability of your crypto wallet and recovery phrase, you should seriously consider storing your crypto in a well-established, non-custodial wallet like Coinbase. Make sure to turn on all security features such as 2 Factor authentication and the crypto vault. In the remote chance that Coinbase is breached and funds are stolen, remember that Coinbase operates as a for-profit company. Other exchances who have been breached have been able to pay back users through their operating profits. Overall, for the vast majority of users, a trusted centralized exchange is the best place to store cryptocurrency.