Not Your Keys, Not Your Coins
This is a preview from this month’s newsletter which will be published in the evening of February 3rd.
“Not Your Keys, Not Your Coins” or some variation of this phrase is a very popular saying within the cryptocurrency community and if you stick around long enough it is only a matter of time until you hear someone talk about this idea. But it is one thing to hear this popular phrase and a completely different thing to both understand and internalize the significance of exactly what this means.
To start we have to establish, what are your “keys”? Every cryptocurrency wallet has an associated pair of public keys and private keys. Your public keys are needed when receiving funds and are used so others know which address is yours. This can be thought of as something similar to an account # with a bank. On the other hand, your private keys are much more similar to your bank password because if someone else gets access to the private keys they now have access to all of your funds and assets which are held in that associated wallet. Your private keys are used to generate your public key and to send your money.
As previously stated, if someone gets access to your private key, that entire wallet is compromised. Your private keys are meant for you and you alone. An example of a situation where this went horribly wrong is the infamous Mt. Gox hack where a ton of private keys were accessed by hackers which allowed the malicious actors to steal 850,000 Bitcoins from users accounts. Those 850,000 Bitcoins were valued at about $500 Million at the time and were worth over $8 Billion at Bitcoins recent all time high prices of $60,000+. This highlights one of the main concerns hardcore crypto users have with leaving your coins on any type of exchange. Most exchanges typically give you a non custodial wallet meaning you share it with them and you don’t have your own private keys. They keep control of your funds and the keys that control these funds. This is why you should never just leave money sitting on an exchange.
At this point there are a bunch of much more secure alternatives for storing cryptocurrency with differing levels of increased security, ranging from hot wallets such as MetaMask to hardware wallets like Ledger or Trezor. Typically in most modern wallets (especially hardware wallets) you are given a unique 12–24 word mnemonic phrase which is often referred to as a “seed phrase.” This is given to users instead of having to remember an entire 64 digit cryptographic key and is often protected further by an additional passphrase and/or PIN. Hot wallet solutions such as MetaMask are popularly used to interact with decentralized applications such as DeFi or NFTs. Technically while using a “hot wallet” if your computer gets a virus you could potentially be vulnerable but it is still much more secure than leaving your coins on some centralized exchange that doesn’t even give you control over your keys. Nonetheless, the most secure and recommended option for storing your cryptocurrency is usually a hardware wallet. This is typically a USB style wallet where your private key is stored and encrypted. While using a hardware wallet, as long as you don’t ever share your private key with anyone else then you can be 100% certain that no one else has access to your funds. If the first thing your wallet provider or application does when generating a new wallet is to prompt you to write down a 12–24 word mnemonic phrase then you are in control of your keys. They are generated locally on your device and not communicated to any type of server. This means they are not stored by any third party such as an exchange or service and is the best security option for most crypto users. However, using a hardware wallet also means you take on the responsibility of keeping those keys safe and backing them up properly because if you mess up and lose them then there is no support number or anyone to contact that can help you.
“Your keys, your coins” is one of, if not the single most fundamental principle of control and ownership in the decentralized cryptocurrency economy. If you generate a backup of your mnemonic phrase, you must never enter that phrase into any application or program that you are not 100% certain is a popular, secure, properly constructed, and well reviewed wallet that keeps the keys locally on your device. Never enter them into websites or online documents like Google Docs or Dropbox as this just introduces more potential points where the security of your wallet could potentially be compromised. The safest way to back up your mnemonic phrase is good old fashioned pen and paper where you can store a physical copy in a secure location.
Centralized exchanges still play a vital role in the ecosystem by providing an easy to use on and off ramp to get back and forth from the fiat world to the crypto world. They also provide very seamless user interfaces that allow newbies to make their first cryptocurrency purchases in an easy to understand and digest manner. However, exchanges are not wallets and they are not safe to keep your funds on for any period of time longer than is absolutely necessary. Money sitting on an exchange is not your money, it is a promise from the exchange. The best advice is to do your trade on the exchange and then either send your fiat back to your bank or crypto to your hardware wallet ASAP after completing the desired trades. Cryptocurrency users will always have different levels of technical sophistication and risk tolerance thresholds so you should always do what is best for your individual situation. However, if you’re beginning to journey into the decentralized realm of cryptocurrency you should always remember, “Not Your Keys, Not Your Coins.”