As luck would have it, while we were trying to come up with examples to highlight the importance of having an industrial-strength custody solution, our case ended up being buttressed by the news of the unfortunate Binance hack this morning. The biggest crypto exchange in terms of trade volume, at almost $800 million daily, and widely considered reliable and trustworthy hitherto, saw hackers steal $40 million worth Bitcoins from its hot wallets. There is no better example to illustrate why crypto custody is so paramount to both individuals and institutions dealing with cryptocurrencies.
“Keep calm and control your keys” – now that should be on T-shirts and decals!
Fun fact: for a fleeting period of time, Binance was considering the possibility of a Bitcoin block re-org to recover the $40 million that was lost. DAO deja vu. All over again! Crypto twitter, expectedly has something to say about this, expectedly.
Multiple conspiracy theories exist, some of them being
– It is an inside job – plausible, and some smaller exchanges have been suspected of having pulled this off, including most recently QuadrigaCX, but we are talking about THE Binance here. Binance and CZ have far too much to lose, and too much sense to pull off any such stunt. Why rob the bank when you own it?
– It is a way to make Binance’s own soon-to-be-launched DEX more valuable – as we have shouted out from the rooftops repeatedly, DEXs are far more secure, and take advantage of the inherent programmability of blockchain protocols. Binance is soon launching its own DEX, and the theory goes that this could be a (clearly misguided) attempt to drive more traffic to the DEX. Sounds far-fetched, to be honest. It is a bit like claiming the Wright Brothers would have set their stables on fire in 1893, a good ten years prior to actually launching the first successful flight in 1903.
As is customary, it is easier to view these things through the lens of Mr Hanlon – “Never attribute to malice that which can be attributed to stupidity”. It seems like the act was one where someone made a mistake and sent a large number of BTC to the wrong address, rendering it unspendable and unretrievable!
Private key management is a complicated, esoteric task and not many users have the technical nous to manage the keys by themselves. Private keys require extreme care and consideration with regards to storage and security. A failure to maintain the utmost of care may result in loss or theft of cryptocurrency. Anyone who has been around the cryptocurrency space for some time has probably heard about cryptocurrency theft. Some unfortunate few have even experienced this first-hand. The importance of prudent private key management is further exacerbated by the fact that blockchain transactions are by default irreversible. Once your funds get hacked, it is almost next to impossible to retrieve these lost funds. Crypto custody firms use a combination of cold storage and Hardware Security Module (HSM) solutions to minimize the threat of external hacks.
The rise of custodial solutions can be traced back to the Great Depression in the 1920s as investors and regulators understood the risks of self-custody, which was the only form of custody up until that point. As investment management as a service started growing bigger in size and stature, regulators made third-party custody mandatory for all money managers. Although custody companies do not have the legal ownership, they are tasked with safekeeping and transactional responsibilities of the assets under their custody. According to the SEC regulations, any asset manager with more than $150 million under management are required to secure their assets with a qualified custodian. The four largest custody firms (SSG, BNY, JPM, and Citigroup) oversee assets roughly worth about $114 trillion.
While cryptocurrencies are not yet considered to be securities under SEC regulation, and henceforth not subject to the same qualified custodian requirements that other securities are subject to, crypto institutions and asset managers are taking a safer route by letting qualified custodians do the complicated tasks pertaining to wallet management. In fact, lack of reliable custodial solutions has been cited as one of the key reasons why institutional investors are still wary of investing in cryptocurrencies.
Centralized exchanges are a natural fit for the custodian role as they already manage the funds of their users. Therefore it is no surprise that centralized exchanges offer custody as an ancillary service for institutions. However, centralized exchanges, at least in their current avatar, have a fatal flaw – they are essentially honeypots under constant attack from a variety of motivated, unscrupulous, hackers from around the globe, 24×7; the increasing number of exchange hacks highlights the structural deficiencies in the way crypto exchanges manage private keys for their users. A massive architectural overhaul is needed to guarantee the safety of user funds. This is also the reason why multiple players – ranging from startups to traditional Wall Street institutions (JP Morgan, BNY) to crypto-native entities (such as Coinbase), are all trying to solve the problem of safe, reliable, custody.
For the moment, we recommend that you stick to your friendly, neighborhood DEX for all your crypto trading needs, wherever you are. We hear Fordex, for one, is not bad…