Let’s talk about security for a second. Specifically, how to protect your money. Whether it is cash, a bank account, crypto, or a few gold bars in your mattress, the elements are the same. You have a tradeoff of protection vs. accessibility. If you put your money in a vault within Fort Knox, it is probably very safe. However, it is not going to help you buy a cappuccino during your trip to Milan.
On the other hand, if you have a big wad of 100 Euro bills with you, buying that delicious cappuccino is no problem. However, out of the hundreds of people who saw you pull out your money, peel off one to pay for the coffee, and put the rest in your back pocket… let’s just say that at least one is going to have that money before the day is out.
For crypto, you have the same tradeoffs, and you have some key decisions to make before setting up your crypto holdings. While there are subtle variations, there are two main types of crypto wallets: custodial, and non-custodial. Let’s look at each, see where that “protection/accessibility” tradeoff is for each, and see if we can determine which is best.
The Threat
Before we tackle each type, it might be helpful to point out where some of these threats come from. At the end of the day, a crypto “wallet” is really just a set of keys, which are similar to a password. The actual funds are on the immutable blockchain, but the address of the owner is what shows that they belong to you. If someone gains access to your keys, they can change the name of the owner from you to them, which is like stealing money out of your wallet, but digitally.
So what types of issues has the crypto world seen? Unfortunately, there have been a number of big breaches or thefts. Perhaps the biggest is the famous Coincheck Hack, where approximately $534 million USD (equivalent) was stolen from the exchange in 2018. Other exchanges were robbed from the inside, and sometimes even by the owners themselves. This was the case for QuadrigaCX, where the owner Gerald Cotten held his users’ keys and stole over $200 million from several thousand wallets. Likewise, BitGrail suffered a major breach, with authorities suspecting the founder or another insider was responsible.
Even state actors can be responsible for crypto theft. There is a North Korean group known as ‘BlueNoroff’ that has been very busy attacking exchanges and even phishing crypto startups.
Bottom line, the threat is real for crypto holders. Theft can happen to any type of money you own, but there are specific threats to crypto that need to be avoided. Given you can hold your funds in a custodial or non-custodial wallet, what is the best option that balances protection and accessibility?
Non-Custodial vs. Custodial
We aren’t going to dive into the details of Non-Custodial vs. Custodial, as there are many different guides available if you’d like to learn more (like this one at Bitcoin.com). The primary difference is that for a custodial wallet, an exchange or some third party holds your private key (the only way to access funds). With a non-custodial wallet, you are the only one who holds your keys.
This has some obvious advantages. First, and most importantly, if the platforms and exchanges you use get hacked, they can’t access your wallet. This alone shows how much more secure a non-custodial vs. custodial wallet is. There isn’t a detailed back and forth between the wallets where one edges out a victory. The non-custodial wallet is much, much more secure. Why? Because in many cases where exchanges and platforms have been hit, it has been because of phishing or related attacks against the employees, and it only takes one employee to make a mistake for the entire exchange to go down. This is assuming none of the employees have been compromised, which is very difficult to tell when everything is digital, remote, and in many cases, anonymous. Crypto has as many trustworthy startups, exchanges, and platforms as other industries. However, one of its key selling points is to design an environment where your assets do not have to rely on trusting strangers to protect your valuables. This is why the term “trustless” is so important. The system exists and involves many different people. However, you are the only person who has access to your funds.
Exchanges and platforms have been moving more and more to a non-custodial stance. The Bitcoin.com platform listed above is a leader in collecting key crypto info and trends on the topic. It has learning resources and news related to crypto breaches (often directed at centralized exchanges with custodial wallets), and even its own exchange—with a non-custodial wallet, of course. Why? Because its news trends indicate that a custodial wallet is just not as safe. Moreover, in trusting someone else with your keys, you lose access unless they give you permission. Its VERSE token is used within its ecosystem and relies on the safety offered by non-custodial wallets as well.
So what’s the disadvantage here? Coming back to protection vs. accessibility, this is a rare case where one side (non-custodial) wins both. It offers more protection and is more accessible for you as the owner. The key disadvantage is that if you somehow lose the keys, there is literally no way to open the wallet, and your funds are lost forever. In this respect, you need to do WHATEVER is necessary to store those private keys in a way that they can’t be forgotten by you, but can’t be accessed by others. It might be wise (depending on the person) to write up a will for next of kin, including the private keys, and store the document in an actual vault.
In any case, it seems strange that some crypto platforms are holding on to their custodial wallet structure. We may be just a few more breaches away from that changing, for the better, permanently.