Stories on the intersection of humans, culture, and Crypto.
Stories on the intersection of humans, culture, and Crypto.
Share Dialog
Share Dialog
Hi again!👋
This week, I decided to revisit the custodial debates again. I hope you find it insightful.
NB: This newsletter is still in Beta stage, if you have any feedbacks and suggestions about areas that need to be improved, do not hesitate to reach me. I’ll be waiting to hear from you!
Don't forget to hit the subscribe button if you haven't. That said, let's dig in!
The age-long expression “not your keys, not your crypto” carries the idealist's philosophy of cryptographic key management. This framing implies a standard where only an individual (or a group via “multisig”) has direct and sole control over their own private keys— and subsequently, ownership and control of crypto assets. Crypto wallets that adhere to this approach are referred to as “non-custodial,” meaning no third party has access to users’ private keys.
In reality, the narrative is wider than a mere mantra can fully capture. The norm has always been to follow a binary approach when considering the security of crypto wallets, projecting non-custodial wallets as one in which users are in control of their keys, hence, a higher level of security. However, It turns out that this thinking is flawed in everyday practice.
Before I thread any further, I want to provide some historical context to the infamous FTX unraveling. Whenever a major negative development or event happens in the financial markets, or in the world of crypto, it is always accompanied by a flurry of debates and unusual market movements. Similar to traditional bank runs, custodial exchanges witnessed a substantial spike in withdrawals.
The image above report highlights the parallels between significant market events and withdrawals from custodial exchanges to self-custodial wallets. Each highlighted major negative market event correlated with a significant spike in liquidity transfers from custodial exchanges to self-custodial wallets.
The FTX collapse rekindled the debates over custodial practices across the industry. Many started advocating for users to boycott custodial exchanges, and embrace self-custodial wallets. The effect? Hardware wallets generated a boom in sales. While the calls for the boycott of custodial wallets for non-custodial wallets are well-earned, we need to take a few steps back and examine crypto wallets from a more nuanced perspective.
Before we proceed, it is important to point out that there has also been a number of high-profile non-custodial wallet hacks, from the Slope wallet hack in 2022, to the most recent being the Atomic wallet hack, a massive $100 million exploit that compromised an estimated 5,500 crypto wallets in June, alongside the vulnerabilities of hardware wallets, and other incidences. These occurrences blur the line between custodial and non-custodial wallets, as in many instances, the victims of most hacks and thefts admitted that attackers found a way to hijack their coveted keys. A paradox, is it?
The value proposition of non-custodial wallets has always been about eliminating trust in third parties, in alignment with the cryptocurrency canon of autonomy and self-sovereignty. However, in reality, do non-custodial wallets really put users in “full control” of their keys?
Custodianship is, in reality, a spectrum. What appears to be non-custodial at a first glance, actually involves a number of third-party elements. These elements are often overlooked or taken for granted. What is called a wallet is someone else's creation. Wallets are typically created and operated by third-party software or hardware. As such, using a non-custodial wallet means putting a level of trust on other people and products to some extent. I’ll use the Ledger incident to drive my point home.
The Ledger incident in May clearly demonstrates this. The crypto hardware wallet provider came under intense criticism from the crypto community for its newly proposed “Ledger Recover” feature, a new service allowing users of the Ledger hardware wallet to back up their seed phrases with third-party entities. Following the backlash from the crypto community, the firm had to delay the launch, with the intention of accelerating its plans to open-source more of its codebase.
“Some amount of trust must be placed into Ledger to use their product. If you don't trust Ledger, meaning you treat your HW manufacturer as an adversary, that can't work at all.” — Éric Larchevêque, Ledger co-founder an CEO.
The above statement sums up the situation with non-custodial wallets. If you trust the device to sign a transaction only when you press a button, you automatically trust all the various wallet connection integrations in between, including smart contracts and software updates. Oftentimes, we do not consider these fine little details, but when all these interwoven elements are brought together, it flaws the non-custodial aspect.
This post is not a campaign against non-custodial wallets, rather, it is intended to help web3 users better understand the technicalities involved in securing their assets by way of the catchphrase above. It is important to regard wallets with more nuance and to consider the specific risks and trade-offs involved with each type of wallet, which often involves striking an optimal balance between accessibility, convenience, and security. There is no one-size-fits-all answer when it comes to wallet security. Users should choose the wallet type that best meets their needs and risk tolerance.
****
Ps: This article was first published on my Mirror account.
Signing off for now, enjoy your weekend.
I'll see you next week!
Spread the love, share the insights
Hi again!👋
This week, I decided to revisit the custodial debates again. I hope you find it insightful.
NB: This newsletter is still in Beta stage, if you have any feedbacks and suggestions about areas that need to be improved, do not hesitate to reach me. I’ll be waiting to hear from you!
Don't forget to hit the subscribe button if you haven't. That said, let's dig in!
The age-long expression “not your keys, not your crypto” carries the idealist's philosophy of cryptographic key management. This framing implies a standard where only an individual (or a group via “multisig”) has direct and sole control over their own private keys— and subsequently, ownership and control of crypto assets. Crypto wallets that adhere to this approach are referred to as “non-custodial,” meaning no third party has access to users’ private keys.
In reality, the narrative is wider than a mere mantra can fully capture. The norm has always been to follow a binary approach when considering the security of crypto wallets, projecting non-custodial wallets as one in which users are in control of their keys, hence, a higher level of security. However, It turns out that this thinking is flawed in everyday practice.
Before I thread any further, I want to provide some historical context to the infamous FTX unraveling. Whenever a major negative development or event happens in the financial markets, or in the world of crypto, it is always accompanied by a flurry of debates and unusual market movements. Similar to traditional bank runs, custodial exchanges witnessed a substantial spike in withdrawals.
The image above report highlights the parallels between significant market events and withdrawals from custodial exchanges to self-custodial wallets. Each highlighted major negative market event correlated with a significant spike in liquidity transfers from custodial exchanges to self-custodial wallets.
The FTX collapse rekindled the debates over custodial practices across the industry. Many started advocating for users to boycott custodial exchanges, and embrace self-custodial wallets. The effect? Hardware wallets generated a boom in sales. While the calls for the boycott of custodial wallets for non-custodial wallets are well-earned, we need to take a few steps back and examine crypto wallets from a more nuanced perspective.
Before we proceed, it is important to point out that there has also been a number of high-profile non-custodial wallet hacks, from the Slope wallet hack in 2022, to the most recent being the Atomic wallet hack, a massive $100 million exploit that compromised an estimated 5,500 crypto wallets in June, alongside the vulnerabilities of hardware wallets, and other incidences. These occurrences blur the line between custodial and non-custodial wallets, as in many instances, the victims of most hacks and thefts admitted that attackers found a way to hijack their coveted keys. A paradox, is it?
The value proposition of non-custodial wallets has always been about eliminating trust in third parties, in alignment with the cryptocurrency canon of autonomy and self-sovereignty. However, in reality, do non-custodial wallets really put users in “full control” of their keys?
Custodianship is, in reality, a spectrum. What appears to be non-custodial at a first glance, actually involves a number of third-party elements. These elements are often overlooked or taken for granted. What is called a wallet is someone else's creation. Wallets are typically created and operated by third-party software or hardware. As such, using a non-custodial wallet means putting a level of trust on other people and products to some extent. I’ll use the Ledger incident to drive my point home.
The Ledger incident in May clearly demonstrates this. The crypto hardware wallet provider came under intense criticism from the crypto community for its newly proposed “Ledger Recover” feature, a new service allowing users of the Ledger hardware wallet to back up their seed phrases with third-party entities. Following the backlash from the crypto community, the firm had to delay the launch, with the intention of accelerating its plans to open-source more of its codebase.
“Some amount of trust must be placed into Ledger to use their product. If you don't trust Ledger, meaning you treat your HW manufacturer as an adversary, that can't work at all.” — Éric Larchevêque, Ledger co-founder an CEO.
The above statement sums up the situation with non-custodial wallets. If you trust the device to sign a transaction only when you press a button, you automatically trust all the various wallet connection integrations in between, including smart contracts and software updates. Oftentimes, we do not consider these fine little details, but when all these interwoven elements are brought together, it flaws the non-custodial aspect.
This post is not a campaign against non-custodial wallets, rather, it is intended to help web3 users better understand the technicalities involved in securing their assets by way of the catchphrase above. It is important to regard wallets with more nuance and to consider the specific risks and trade-offs involved with each type of wallet, which often involves striking an optimal balance between accessibility, convenience, and security. There is no one-size-fits-all answer when it comes to wallet security. Users should choose the wallet type that best meets their needs and risk tolerance.
****
Ps: This article was first published on my Mirror account.
Signing off for now, enjoy your weekend.
I'll see you next week!
Spread the love, share the insights
Subscribe to The Cannon
Subscribe to The Cannon
<100 subscribers
<100 subscribers
No activity yet