The last few weeks have been among the craziest that the crypto markets have ever seen. The once-trusted exchange FTX (and all the FTX associated companies), led by founder Sam Bankman-Fried, has filed bankruptcy after the exchange was discovered to be insolvent.
Many crypto exchanges have failed in the past, losing client funds and causing many people to lose the money they had on the exchange. Crypto exchanges failing, unfortunately, is not an uncommon event in crypto, but the scale of fraud and mismanagement with FTX is unprecedented. These recent events have caused many in traditional finance to lose faith in the future of crypto, put tremendous downward pressure on crypto prices and lead many to call for further regulation in the crypto markets.
For the crypto investor, it is important to note these failures and astronomical losses are due to fraud, mismanagement of client funds and incompetence – not the failure of the software or blockchains themselves. As the fallout from these corporate failures continues, it is important for advisors to understand best practices for themselves and their clients who continue to invest in cryptocurrencies.
Not your keys, not your coins
There’s a popular saying in crypto, “Not your keys, not your coins.” Cryptocurrency is a bearer asset. Meaning, the person or entity who controls the private keys to a crypto wallet essentially owns the coins held in that wallet.
By contrast, when a client decides to custody assets with an exchange or third party, they are trusting that party to properly secure the private keys to their holdings. Many exchanges have, unfortunately, mismanaged client assets, either by not protecting the private keys and creating an opportunity for a malicious actor to steal the funds or by blatantly misusing client deposits for their own purposes.
The safest way for anyone to hold cryptocurrency is in a wallet that they control. This can be done with a hardware wallet, such as a ledger, a paper wallet or in their own software wallet. This is called “self-custody” of assets. As long as the user does not share the private keys with anyone, no one can steal or misuse the assets without accessing the private keys. It is important to note that the cryptographic foundation that cryptocurrencies use is nearly impossible to hack, creating tremendous security for assets held in a private wallet.
For many investors, this creates an additional level of complexity when investing in cryptocurrency. There’s a certain level of technological knowledge required to use the self-custody method of storing crypto. However, in the spirit of complete security, it is worth learning how to do this.
Advisors should consider educating their clients on this method. If done correctly, it will prevent client funds from being stolen or misused by a third party.
Regulated custodians and exchanges
Not all crypto exchanges are held to the same standard. Many exchanges do hold themselves to the highest standard of protecting client deposits. Certain exchanges like Coinbase and Gemini are governed by strict regulations and are not allowed to mix client assets without user permission.
Some exchanges publish audited financials and prove that they hold client assets 1:1. They often publish reports showing “proof of reserves,” which essentially prove their solvency. This means the exchange holds all client deposits in a secure wallet and that user deposits can be withdrawn at client discretion. The exchange or custodian does not mix client assets with corporate assets or use client deposits for their own trading or market making.
While this is one measure of security better than a lot of offshore exchanges, the exchange is still holding private keys to control and own the crypto. When users elect to hold deposits with a third party, they are essentially trusting the third party to properly secure the private keys to their coins.
While using a regulated custodian and exchange is easier and more convenient than self-custody of assets, it is not as secure. Many exchanges have an impeccable track record of protecting client assets, and thus far have proven to be trustworthy. It is important to know that anytime custody is outsourced, the investor is trusting that the third party will properly hold and use client assets.
Read more: What Are 'Fully Backed' Reserves?
CeFi is not DeFi
Many “crypto banks” including Celsius Network and Voyager Digital have filed for bankruptcy in 2022. These crypto banks offered a yield-like service where users could hold crypto with the company and generate yield on assets. These companies would lend out user deposits to borrowers (many of whom were hedge funds and institutional investors), passing on the interest charged to depositors, in a bank-like fashion.
These centralized finance (CeFi) companies were not regulated like banks, and unfortunately their lending standards and practices were not adequate. Sparked by the crypto sell-off that started in the summer of 2022, many of these CeFi businesses were over leveraged and eventually lost customer funds. CeFi companies are not insured by the Federal Deposit Insurance Corporation (FDIC) and their failures will likely result in a total loss of customer funds.
While we’ve seen these CeFi companies fail, it is important to note that many of the large decentralized finance (DeFi) protocols are still fully operational and are continuing to work as designed. Interacting with a DeFi protocol is more involved than using a CeFi platform. DeFi still offers investors the ability to generate yield on their crypto positions without trusting a third party to properly manage asset security. It is important to note that many DeFi protocols are still considered risky investments and must be properly understood and analyzed before use.
Read more: CeFi Broke. But DeFi Is Not Without Blame
While the last few weeks have been difficult for many in the crypto space, it is important to note that these frauds and catastrophes are due to human and corporate failures, not a failure of the technology that powers cryptocurrencies. Blockchains including Bitcoin and Ethereum are still fully operational and secure, and they offer opportunities for those that believe in the future disruption the technology offers.
It is important for all investors to understand the risk they take when they outsource custody and it is worth learning how to self-custody assets and interact directly with DeFi protocols in order to protect their crypto investments.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.