In the first installment of this two-part commentary, we’ll explain why custodian solutions are not in the spirit of the cryptocurrency revolution.
“Not Your Keys, Not Your Coins”
You should’ve already heard these words of advice from cryptocurrency veterans. Keys, i.e., private keys, sign, and confirm transactions. If you don’t own the private key, the bitcoins associated with it are not yours.
That’s why it’s not recommended to leave coins on an exchange unless you are actively trading them. While exchanges may be a straightforward way to store your coins, it doesn’t take much effort to HODL using open source software and procedures.
As an alternative to banking, Bitcoin is a peer-to-peer network that transfers value without third parties. Yet, some of the same intermediaries in the financial sector (such as custodians) are being replicated in the cryptocurrency industry.
Custodians want to keep your bitcoins safe for you, but their business model goes against the purpose of cryptocurrency. To enable individual sovereignty and financial privacy. Custodians take these away from the user.
How Does Crypto Custody Work?
The custody of crypto-assets is a unique issue as it involves both cryptography and cybersecurity. In traditional markets, central security depositories use electronic record keeping to manage assets under a bank’s custody. Once securities became dematerialized, the role of a custodian bank turned into an administrative service (rather than safeguarding a paper certificate).
But with cryptocurrencies, the problems of physical safe-keeping return. Which raises the question, what entities should assume this role, given the required expertise in public-key cryptography and blockchain technology?
Transactions on the Bitcoin network rely on public-key cryptography. Public keys generate addresses while a corresponding private key signs transactions. You must not share the private key with anyone to ensure no one else can access your funds. Possession of the private key establishes ownership of the funds that the key controls, making bitcoin a bearer asset.
The traditional definition of custody (i.e., holding something of yours, on your behalf) does not apply to crypto-assets. Once you share your private key or delegate some form of control, it means that the custodian owns that bitcoin too.
The Drawbacks of Crypto Custodians
The business of cryptocurrency custody is moving along slowly. Fidelity has shown interest in cryptocurrency for years now, but have only rolled their custody service in October 2019. Despite the care and effort put in place by custodians with passwords, vaults, and precautions, there is no way of assessing the security of private keys from internal and external threats.
Also, there is a conflict between keeping private keys secure and auditing a custodian’s crypto-assets. This is a problem unique to cryptocurrency because of its reliance on public-key cryptography to denote ownership. It remains to be seen how the regulatory requirements (such as surprise audits) and safeguarding of these assets will be reconciled. Because of the lack of regulatory oversight on cryptocurrency custodians, we do not know what the security features mean in practice or how legitimate their services are.
Why Ethereum Needs Layer 2 Solutions More Than EverGo to article >>
It is also uncertain how custodians will mitigate adviser fraud and mismanagement because of the practical complexities involved in securing bearer assets like private keys. As a result, no regulator can stamp out this type of fraud completely. The centralization of power and influence is a major concern with crypto-custody solutions, and we’ll detail this more below.
Centralization of Power
Many of the exchanges offering custody solutions already hold a significant amount of the supply of bitcoin. For example, a massive migration in December 2018 saw Coinbase move five percent of all circulating bitcoin (at the time), along with eight percent of all ether and 25 percent of all Litecoin.
Cryptocurrency custody services give exchanges even more influence over the supply of crypto-assets. Custody providers that operate other business lines may abuse their position. What’s stopping exchanges from using their own custody services to cross-subsidize their other business lines?
The threat of reputational damage, but it is not impossible that custodians may act in this way.
If we look at custodians in traditional finance, we see that some have failed before. BNY Mellon’s custodian arm failed to protect their client’s assets in 2015, mixing them with the bank’s own or borrowing money from one client’s account to pay another.
As institutional interest in cryptocurrency develops, hackers will start testing the security models of custodians. If a handful of these businesses store a large number of coins, it becomes a point of failure for Bitcoin. A breach of their security systems may mean that a group of hackers ends up having a large influence on the price of bitcoin.
No custodian will want to face being the first to deal with a hack. It will happen – it’s better that retail traders avoid this risk completely.
In the second installment, we’ll explain further how custody is opposed to the purpose of cryptocurrency and give you practical tips on an alternative to third-party custodians.