When you buy bitcoin, ether, or any other asset on an exchange, oftentimes you are not actually getting crypto.
Instead, you receive a promise or IOU. Essentially, you become a creditor to the exchange or broker. It is a similar setup to opening a savings account at a bank.
The only way to know for sure that the crypto exists is to withdraw it from the exchange and place it into a private wallet that you control. Unfortunately some investors have learned this lesson the hard way following high profile collapses and bankruptcies this year of companies such as FTX, BlockFi, CelsiusCEL
, and Voyager.
You might have heard the phrase “Not your keys, not your coins”, meaning that if you don’t personally hold your own private keys, you can’t be sure that you have full control over your cryptocurrency. This is an important phrase to remember so that you understand the fine print of buying crypto from a centralized entity.
Does It Matter?
It can. Most investors are more concerned with getting exposure to bitcoin and other digital assets than actually holding it themselves. This makes perfect sense, as it is a true bearer asset with little recourse if it goes missing. Plus, the technological hurdles to holding your own crypto, let alone getting involved in other activities such as lending and staking, can be intimidating. Anyone who has purchased shares from Grayscale, invested in SkyBridge’s BitcoinBTC
Fund or any other crypto ETP made a conscious choice to pay a fee for someone to procure and safeguard the crypto.
That said, many people have either knowingly or unknowingly adopted a similar mindset when purchasing crypto from popular exchanges and services such as Coinbase, Gemini, Kraken, Square, PayPal, eToro and a host of other services. They want convenience, value the websites and applications that look and feel like mobile banking or trading services, and trust that their regulated nature will ensure that the platforms operate honestly. They have faith that when they go to withdraw their coins, the funds will be there.
What Are The Risks To Not Controlling Your Keys?
The risks manifested themselves this year with all of the bankruptcies mentioned above. The millions of unlucky creditors to those firms may be forced to wait years for restitution, and they are likely to only get a pro-rated portion of their assets back. For a point of reference, creditors to Mt. Gox, the original crypto exchange that had 850,000 bitcoin stolen from it in 2014 before declaring bankruptcy are still waiting for their own payouts.
Additionally, exchanges do not carry FDIC or SPIC insurance, and each one has a separate restitution policy. Some have a rainy day fund created with their own assets, while others have procured private insurance policies to cover funds in cold storage. Please note that most of this will not protect you if the loss of funds comes from user error. Some firms offer services to help track down stolen funds, but a recent Forbes investigation has shown that their results do not often match their promises.
What Should You Do?
There is no universal answer, as each investor has a different level of risk tolerance, technical sophistication, and frankly, portfolio size. Like most things in life, it is an individual decision.
Ideology also matters. Crypto proponents believe in decentralization, and they feel that some of the industry’s authenticity (and long-term potential) can be compromised because of the strong reliance that many people have on centralized service providers. Most accept this deal because they recognize that these firms offer crucial onramps to the industry, but hope that over time people will take higher levels of control over their crypto.
If you have a few thousand dollars in your portfolio, it is still probably ok to keep it all on a reputable exchange. However, as your holdings continue to grow you may want to think about moving some funds onto an unhosted wallet, where you are the only person that controls the private keys that can initiate transactions. Some of the more popular manufacturers include Casa, Trezor, Ledger, ColdCard, KeepKey.