This article takes a deep dive into custodying your bitcoin. Don’t leave it in the hands of third parties, as it removes one of Bitcoin’s primary advantages – its sovereign nature.
“The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust.”
-Satoshi Nakamoto
Money is a social construct, where one party accepts it as payment under the assumption that other parties will also accept it as a payment going forward. Thus, money, and more specifically, fiat money, is built entirely on trust.
You would be hard-pressed to find a financial system that doesn’t rely on its users’ trust in the powers that control it. This is because trust in money allows economies to work in a coherent manner, as agreeing parties are able to trade amongst each other, banks are able to lend customers money, and companies are able to attract investors to help grow their businesses, for example.
So, what happens when the controlling parties (i.e. central banks) violate the trust their system is built on?
To provide some insight, we can look as far back as Ancient Rome, where emperors continuously debased the silver content of the denarius to fund their lavish lifestyles and war campaigns. As expected, the buying power of the denarius decreased over time, resulting in the eventual deterioration of trade networks and rampant hyperinflation.
For a more modern example, we can look at what happened in Zimbabwe in the early 2000s. Former president, Robert Mugabe, printed trillions of Zimbabwean dollars to fund expensive military ventures and pay salaries to an inflated public sector (himself included, of course).
Mugabe’s poor fiscal policy led to astronomical inflation rates — estimated to be running as high as 98% per day [1]. Needless to say, the hyperinflation had devastating impacts on the people of Zimbabwe, as their life savings became worthless in mere hours. To get a better idea of what this means, imagine your bank account losing half of its buying power every hour for weeks on end. It wouldn’t take long for all of your cash to become completely worthless. The inevitable result of this irresponsible policy was a drastic increase in poverty and unemployment rates, bringing the Zimbabwean economy to a full stop.
Red Flags Everywhere?
Former UK Prime Minister Winston Churchill is often quoted as saying “Those that fail to learn from history are doomed to repeat it.” If we take Churchill’s advice and study history and the impacts different leaders’ decisions have had on their people, we see a common theme: those who make the money make the rules.
In neither one of the above scenarios did the common person ask for their hard-earned money to be debased. The debasement occurred because of their leaders’ greed and corruption – a direct abuse of trust.
Unfortunately, this abuse of trust still occurs in today’s financial landscape, with one of the most recent examples being the FTX collapse. As one of the largest crypto firms in the world, FTX was once valued at over $40 billion. In November 2022, it was reported that up to $10 billion in customer funds were transferred by FTX CEO Sam Bankman-Fried to his trading firm Alameda Research [2].
This report, combined with Binance’s announcement that it was liquidating its stake in FTX, led to a ‘bank run’ by FTX’s customers. In response, FTX halted all withdrawals on their platform, and in their bankruptcy filings they outlined a “severe liquidity crisis”. This meant that customers no longer had any access to whatever funds they had stored on FTX as the company didn’t have the money to pay their customers for the assets they owned. In the end, it was estimated that over $8 billion in customer funds were lost [3].
Just as the average citizen trusts that their rulers will not abuse power, so too did FTX customers trust that Sam Bankman Fried would not rehypothecate their funds. Instead, Bankman-Fried and his associates were corrupt and overcome by greed, leading to one of the largest cases of fraud in recent history.
Self Custody: This Isn’t a “Crypto” Problem
While many critics (deservedly) throw FTX under the bus, if we analyze history, we note that this misallocation of funds is not necessarily unique to crypto but instead more likely indicative of a broader theme of human greed and power. As government entities lack the proper financial incentives to remain in check, they typically abuse their positions of power, resulting in consistently declining trust in institutions. This typically results in additional oversight and lack of individual privacy and freedom, evidenced by enhanced controls over consumers’ personal finances.
One such example is Justin Trudeau’s regime, who, in 2022, ordered banks to freeze the bank accounts of thousands of Canadian citizens who had any connection to the ‘Freedom Convoy’ — a peaceful protest against drastic Covid policies. We also saw European governments act in bad faith after the Great Recession in the late 2000s and early 2010s. Greece, for example, taxed their citizens at astronomical rates in order to pay off exploitative loans taken from the IMF (see Alex Gladstein’s book “Hidden Repression” for further information regarding the IMF’s lending practices).
Barney Mannerings, co-founder and CEO of Vega Protocol, explains that when governments decide “that you can’t spend [money] a certain way, or that they want to freeze your money, you suddenly discover it’s not really yours. You don’t really have that full control.” [4]
Not only does the current financial system prohibit you from truly controlling your own funds, but it also permits banks to take on excessive risk and make a profit through a mechanism known as fractional reserve banking.
In short, fractional reserve banking is a system that only requires banks to hold a fraction of your deposits on hand. They are free to use the rest of your funds to do a number of things, including but not limited to lending it out or investing it in approved securities. The actual ratio varies from country to country and can change as deemed necessary by regulatory parties. In the US, for example, the Federal Reserve completely eliminated banks’ reserve requirement in response to Covid-19. By lending out more money than they hold on their balance sheet, banks open themselves up to the possibility of a bank run. Therefore, instead of banks keeping your money safe, they are leveraging up in order to maximize profits. This remains the case today where banks show excessively high leverage ratios of up to 26.88.[5]
This system of fractional reserve banking promotes excessive risk taking and can have catastrophic impacts on consumers such as those caught up in the recent Silicon Valley Bank (SVB) collapse. SVB was using their customers’ funds to invest in US Treasury Bonds. When the US Federal Reserve started raising interest rates, however, SVB went upside down on their investment. When customers got word of this, they started to withdraw their funds, leading to a bank run. The problem with this was that SVB didn’t have enough money to fulfill the withdrawals, as most of it was lost in their investments.
Not only was this detrimental to SVB customers, but it could have also led to a contagion effect. Luckily, the Fed stepped in to help mitigate risk and stop the spread of fear across the nation. While interest rates remain high, however, the risk of a contagion effect still exists.
What history shows us is that an individual’s power over their finances has almost always been granted (or denied) at the discretion of banks, governments, and financial institutions. History also shows us that these same parties continuously put their interests above ours. If we know both of these claims to be true, then it is clear that we cannot trust our current financial system to work with our best interests in mind.
DeFi vs CeFi: A Misalignment of Incentives?
In order to avoid having your personal finances controlled by selfish institutions, it is important to first understand the difference between centralized and decentralized custody.
Currently, if you have your funds on centralized platforms like a traditional bank or Venmo, and they don’t like what you’re doing, they can cut off your access to those funds because they are centralized (CeFi). This means that all transactions must go through a central point: the provider — who has the authority to approve or deny any transaction. Contrastingly, decentralized finance (DeFi) is intended to function without the need for a central agency, as transactions are confirmed by the network itself (see image below).
There are many properties of DeFi, but some of the most prevalent include public verifiability, non-stop market hours, and custody [6].
Public verifiability refers to users having the ability to publicly verify an application’s execution and bytecode on a blockchain. In the Bitcoin community, there is a common saying: “don’t trust, verify.” This phrase reiterates this core property of DeFi, as there is no need to trust the provider if the code is publicly verifiable.
One of the most obvious differences between CeFi and DeFi is their ‘hours of operation.’ It is almost always the case that CeFi markets have at least some downtime. Look at the NYSE for example: it is only open 9:30 AM – 4:00 PM Monday through Friday. DeFi markets, however, are open 24/7 since blockchains are based on code and code never sleeps.
The main benefit of having non-stop access is that DeFi exchanges are immune to performance outages that occur on CeFi exchanges in times of overwhelming demand. For example, many exchanges halted trading on GME during the GameStop short squeeze in an effort to mitigate liquidity and solvency concerns [7]. This cannot happen in DeFi because no single entity controls it.
Of the three properties previously mentioned, the one that is most relevant to the scope of this article is custody. Contrary to CeFi, DeFi allows its users to control their assets directly and at any time. This means that users aren’t restricted to a bank’s hours of operations should they wish to manage their digital assets. Traditionally, digital asset custodians (entities responsible for holding and protecting your assets) are regulated by the Securities and Exchange Commission (SEC). But, through historical analysis, we note that during times of financial stress, these entities will put their interests above those of the masses. DeFi gives users complete control over their assets and by having complete power and authority over their own assets, users effectively become financially self-sovereign. Thus, they cannot fall victim to institutional greed and corruption as they are the ones who dictate what happens to their digital assets.
But What Exactly Is ‘Decentralization’?
It is worth mentioning that many projects in the crypto space claim to be DeFi, even though they hardly have any properties associated. In fact, it is extremely rare (if not impossible) to find any project in the space that is completely decentralized.
Decentralized blockchain networks are made up of computers (commonly referred to as nodes) that interact with each other directly, on a peer-to-peer basis, without the need for third parties. As previously mentioned, no one has to know or trust anyone else in the decentralized network because each member, or node, has a copy of the exact same data in the form of a distributed ledger. Moreover, each participating node operates independently of others, connecting using common rules as opposed to following instructions from a central authority. This allows nodes to maintain their sovereignty and manage their own privacy, keeping the network secure and ensuring relatively democratic governance [8].
Having analyzed the growing list of cryptocurrencies that have been classified as securities, we note the SEC expressly called out the high degree of centralized control associated with the issuer. This issuer manages the network and/or promotes and sells an initial offering of tokens [9]. This directly contradicts the fundamental properties of DeFi and exposes vulnerabilities for developers to exploit code via rug pulls and pump-and-dump schemes.
Bitcoin, on the other hand, has a decentralized blockchain designed in such a way that it is extremely unlikely to ever give any one person or entity control. As explained by Satoshi Nakamoto in his Bitcoin whitepaper, “[the nodes in the Bitcoin network] vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism.” [10] Effectively, Bitcoin is a trustless protocol, completely differing from the fiat system that is in place today.
In addition, the Bitcoin blockchain is immutable, meaning that transactions are irreversible and visible to anyone, further establishing the trustless nature of the protocol. Finally, there is no central issuer – as new coins are issued as rewards for miners. With nodes spread around the world that are operated by individuals and billion-dollar institutions alike, Bitcoin embodies the true meaning of decentralization that is next to impossible to identify in any other “crypto” project.
Cold Storage Enables True Self-Sovereignty
If you are utilizing decentralized assets like bitcoin because of the self-sovereign status it affords you, keeping them on a centralized platform would be contradictory to one’s goal. This is where self-custody comes into play, providing individuals with the ability to always remain in full control of their assets. However, a wallet is required to store your bitcoin.
There are two main types of wallets that can be used for self-custody: hot wallets and cold wallets. Each method has its own pros and cons as they vary in the level of security they provide as well as the ease of use they offer.
Hot wallets, which are connected to the internet, are more efficient than the other types of wallets, allowing users to quickly and easily trade their assets. One of the most well-known examples of a hot wallet is Coinbase Wallet.
Given their connection to the internet however, these wallets open themselves up to more vulnerabilities, as users’ private keys are always online and thus more directly exposed. As such, hot wallets are significantly more susceptible to hacking, theft, and phishing attacks. If a hot wallet is infected with malware, the private keys, and thus the digital assets within the wallet, could be compromised. In addition, many hot wallets, such as Coinbase Wallet, are managed by third-party providers, which means that users aren’t in complete control over their digital assets [11].
Instead, as Gemini explains, “just like you can withdraw cash from an ATM, you can send more crypto to your hot wallet when the balance gets low.” This allows users to to take advantage of the ease of use and immediacy of access that hot wallets offer, without putting their entire portfolio at risk.
Thus, if your goal is to achieve complete financial sovereignty, hot wallets are not an effective storage method.
Cold wallets, on the other hand, maximize security at the expense of speed. Contrary to hot wallets, private keys are stored offline on a device that is not connected to the internet. Because the private keys are stored completely offline, it means that human involvement is required to sign each transaction on the blockchain. The biggest advantage this provides is that the device is effectively ‘un-hackable’ as it is never in contact with any online systems. The downside is that these wallets are too slow to support frequent trading as waiting periods can take anywhere from 24-48 hours per transaction [12].
By storing your bitcoin on a cold wallet, you are eliminating the possibility of losing your funds due to the errors or greed of third parties. It doesn’t matter if an exchange like FTX pauses withdrawals to avoid a bank run because they were exposed for stealing customer funds – your bitcoin is safe because it is in your hands. You are financially sovereign.
Problems With Cold Storage Today
While being self-sovereign has many advantages, one of the biggest downsides is that the user now absorbs all technical responsibility, unless it is underwritten by an insurance agency. It is vital to understand that if you are truly self-sovereign, but you aren’t completely sure of what you are doing, you could easily lose access to all of your assets, and no one will be able to help recover them. This risk is a common reason users keep their decentralized assets on centralized exchanges.
Another significant reason digital asset owners keep their assets on exchanges is the large amount of education that is necessary to both understand and utilize cold storage; something this article hopes to shed light on.
Bitcoin analyst and Trezor spokesman Josef Tetek helps us to understand how the cold storage industry is addressing the problem of utilization, explaining that “usability is the foundation of all Trezor products.” He states that “in terms of making self-custody easier for newcomers, we are constantly improving the user experience of all processes based on ongoing user research.” For example, Trezor avoids using too many technical terms in the user interface and instead focuses on explaining critical concepts, such as “recovery seeds”, in more natural terms.
When asked about how Trezor works to make the bitcoin buying experience as simple and seamless as possible, Tetek explained that “by working with our sister company, Invity, users can buy, sell or exchange cryptocurrencies directly within the Trezor Suite environment. It’s convenient, fast and secure. In addition, users have the option to set up a DCA savings plan within Trezor Suite, which is made possible by our partners.”
Choosing The Cold Wallet That Fits Your Needs
Securing your bitcoin on cold wallets is a crucial first step in claiming your financial sovereignty, but when there are so many options out there, how do you know what the right choice is?
Everyone has different needs and thus, a wallet that may be ideal for some may not be the best option for others. Typically, there are several key properties that are important to be aware of when deciding on a cold storage method.
– Open-Source Wallets
Inevitably, many of the core properties of DeFi are also key characteristics that users look for when choosing a cold wallet. Circling back to the phrase “don’t trust, verify”, we can understand the importance of a wallet’s source code being open-source (or at least publicly verifiable). This eliminates the need for users to trust the provider when they say there’s no back door, as users can verify for themselves whether or not they are being honest.
– Air-Gapped Wallets
Standard hardware wallets, like the Trezor Model T, are isolated from networks most of the time, greatly decreasing their chances of being hacked. They do, however, require connection to another device in order to complete a transaction – meaning they must be connected to a network while the transaction is taking place. Some may consider this to be a severe vulnerability and may instead opt for cold wallets that are air-gapped.
Air-gapped is a term used to describe devices that have no direct connection to the internet or to any other device that is connected to the internet. An air-gapped device is much more secure than a device that is not, as it is 100% isolated from outside networks. These wallets work by signing transactions in an offline environment and utilizing QR codes or micro-SD cards to exchange information with online devices [13].
While air-gapped devices provide much more protection against attacks from hackers and malware, they are still susceptible to physical threats like theft and physical altercations to the hardware and software. Some air-gapped wallets like the Ellipal Titan Wallet are tamper-proof and programmed to self-destruct if malware is detected, offering a layer of physical protection as well.
– Multisig Wallets
Most hardware wallets utilize single signature setups, which means they only require one set of keys to sign a transaction. For many, this is plenty of protection as Casa co-founder Jameson Lopp has explained that if you are “storing your keys on a dedicated hardware device, then you are probably already in the top 1% in terms of your security model.” [14] However, for businesses and high-net-worth individuals who need to store large amounts of bitcoin, a single key solution may not be enough protection.
This is where multi-signature (multisig) wallets come into play. These wallets are configured so that multiple signatures from multiple devices are required to complete a transaction. Multisig offers users increased security and protection from both cyber attacks and physical attacks. For example, if someone were to break into your home and access your wallet, they would still need more than one set of keys to actually get access to your bitcoin.
Multisig is also very flexible, as app developers can choose the total number of keys (n) and the number of keys required to sign a transaction (m). The multisig configuration is known as ‘m-of-n’ or ‘quorum’. This setup may be ideal for businesses who want to protect their bitcoin from a single point of failure. For example, if a company were to distribute multisig key access across all five of its shareholders and they had a 3-of-5 configuration, that would mean at least three of the five shareholders would need to sign a transaction in order for it to be confirmed on the blockchain. Generally speaking, the greater the number of both m and n, the more secure your wallet is [15].
– Shamir Backups
Similar to multisig wallets, Shamir Backups (also known as Shamir’s Secret Sharing) allow you to produce as many as 16 different shares of your recovery phrases. Still, a minimum quorum is needed to sign transactions. So, if you were to produce five shares, for example, and you lost one and another got stolen, you could still access your bitcoin by using the other three shares.
The main difference between Shamir Backups and multisig wallets is that Shamir Backups are an off-chain scheme, meaning that there is no on-chain transaction needed or fingerprint left when you are backing up or restoring the wallet [16]. Whereas on a multisig wallet, the rules are enforced via an on-chain script.
Shamir Backups allow users to separate their seed phrases across multiple locations while still requiring only one device to sign transactions. While this offers convenience for users, the tradeoff is a lower security threshold. For example, if a user’s ‘master device’ was compromised in any way, their entire bitcoin balance would also be compromised. Compare this to a multisig setup, where even if one of the devices were compromised, the user’s bitcoin balance would still remain safe.
– Multi-Party Computation
One of the most recent developments in the wallet infrastructure landscape is Multi-Party Computation (MPC). This technology allows users to split their private keys into multiple encrypted shares that are divided amongst multiple parties. Each of these parties holds a part of the key that when joined with the others, enables transactions to be made with the wallet [17]. MPC therefore enables these parties to evaluate a computation without ever revealing any of the private data held by each party (or any otherwise related secret information) [18]. This ensures that no one user has full knowledge of (and thus access to) the wallet.
While similar in nature to a multisig wallet, a key difference here is that these shares can be dynamic. For example, one of the shares may be a single-use share with a timed expiration. You can think of this like a multi-factor authentication code that is sent to your phone – usually, these expire within a certain amount of time in order to enhance security.
In addition to increasing security by ensuring no one party has control over the wallet, MPC wallets are also extremely flexible. They can be designed to accommodate any number of signing parties, enabling a wide variety of user roles and permissions.
One of the potential drawbacks to MPC wallets, however, is that the technology is fairly new and complex, and vulnerabilities are still being found to this day. As such, there remain only a few providers who can correctly provision secure MPC wallet infrastructure which can often come at a high cost to those who wish to utilize MPC.
Cold Storage Promotes The Bitcoin Standard
If you’ve made it this far, a couple of things should be clear:
- If you own bitcoin, or any digital asset for that matter, you need to utilize cold storage;
- There are many cold storage options available — understanding the differences is an important part of keeping your bitcoin secure.
History has repeatedly shown us that those who control the money also make the rules. For example, in the early 20th century, the German mark went from 8 marks per dollar to 4.2 trillion marks per dollar in the span of six years. This was due to the German government’s decision to combat inflation through excessive printing — sound familiar, America?
Case studies like this help explain the need for a currency that cannot be readily debased by corrupt governments. As an immutable, decentralized blockchain whose supply is limited, Bitcoin is extremely expensive for any one entity to control or manipulate. This gives its users a way out from the corrupt monetary systems that are currently in place.
Given its decentralized nature though, Bitcoin cannot be stored the same way you would normally store funds. Many financial institutions have attempted to store their customers’ digital assets, but they have also proven that they are not always best suited to protect these assets. In 2014, for example, bitcoin exchange Mt. Gox was hacked and 740,000 of their customers’ bitcoin was stolen. This was possible because Mt. Gox held the private keys for their customers instead of their customers holding their own private keys – leaving their bitcoin vulnerable. In addition, numerous insiders attributed the cause to be traced back to a messy combination of poor management, neglect, and lack of experience [19].
History has shown that users who do not self-custody their bitcoin risk losing it due to greed of others (FTX), and/or incompetency (Mt. Gox). This makes a hardware wallet the most applicable solution. As Josef Tetek explains, “Fear of losing bitcoin to an inept exchange operator might be the initial impulse to buy a hardware wallet, but the long-term motivation to keep the coins in cold storage comes from the desire to keep a peace of mind that is gained from the knowledge that no-one can touch the coins secured by your [device].” If you want to be truly financially sovereign (i.e. having complete control over your money), you must utilize cold storage.
It’s clear that there are advantages and disadvantages to the different types of cold storage that are offered today. For example, a multisig wallet offers some of the best security within the cold storage space, however, it is extremely inconvenient to use in day-to-day transactions. Conversely, a standard open-source hardware wallet offers much more convenience in terms of usability but lacks the security of multisig and air-gapped wallets.
If we are going to move towards a society that utilizes bitcoin in our everyday life, it would be foolish to utilize only one type of cold storage. A similar parallel can be identified in today’s financial space as we have many different types of accounts that serve different purposes. We have checking accounts for money that we use daily, savings accounts for money that we use less often, and trusts for money that we look to pass down to future generations.
We should apply this same logic when thinking about how we store our bitcoin. For daily transactions, we can use hot wallets like bitcoin lightning addresses. These would be similar to debit cards, as they enable extremely fast transactions. Being hot wallets, these are obviously highly lacking in security, so we wouldn’t want to keep much bitcoin on there — just enough to get through the week, for example. We can utilize open-source or air-gapped wallets for more secure storage that still allows some convenience to add to your lightning address as needed. For long-term storage for bitcoin that rarely, if ever, gets used, ultra-secure cold storage methods like multisig or MPC make the most sense, considering that these accounts will likely have the most bitcoin in them. In short, the more bitcoin that you are storing, the more secure your storage method should be.
However you decide to store your bitcoin, one thing is clear: don’t leave it in the hands of third parties, as it removes one of Bitcoin’s primary advantages – its sovereign nature. To have complete control over your money, you must have complete control over its storage. As such, the case for cold storage is clear: if you want to avoid the impacts that the greed and incompetence of governments and financial institutions create — keep your bitcoin in cold storage.
Sources and Citations:
[1]. https://blogs.darden.virginia.edu/brunerblog/2010/12/a-quadrillion-dollars/
[3]. https://www.bbc.com/news/business-64245044
[4]. https://cointelegraph.com/magazine/financial-decentralized-exchange-dex/
[5]. https://www.bankregdata.com/allHMmet.asp?met=LEV
[6]. https://arxiv.org/pdf/2106.08157.pdf
[7]. Ibid.
[9]. https://www.miamiherald.com/software-business/article274319645.html
[10]. https://bitcoin.org/bitcoin.pdf
[11]. https://www.fireblocks.com/blog/hot-vs-warm-vs-cold-which-crypto-wallet-is-right-for-me/
[12]. https://www.coincenter.org/theres-no-such-thing-as-a-decentralized-exchange/
[13]. https://academy.binance.com/en/articles/what-is-an-air-gapped-wallet
[14]. https://www.youtube.com/watch?v=9scIevuymZM
[15]. https://unchained.com/blog/bitcoin-multisig-2-of-3-vs-3-of-5/
[16]. https://medium.com/bitbees/shamirs-secret-sharing-or-multisig-why-not-both-ad1be6dbccff
