On Centralized Custodial Crypto-currency Exchanges and Other Terrible Ideas
On Centralized Custodial Exchanges:
They get hacked and people lose their bitcoin. It makes the news, FUD rains from the sky, bitcoin’s price drops, we buy the cheap coins and …put them in custodial exchanges. All is good in the world, and then it happens again. Another breach. And yet we go back, like hostages afflicted with Stockholm Syndrome. Why? We are used to bank accounts that are FDIC insured and we sleep tight with the assurance that if Neighborhood Bank fails, we, the account holders, don’t suffer losses. Yet, in bitcoin land, it happens again and again and again. And we never learn. Why?
It’s simple — We love custodial cryptocurrency exchanges because we are lazy and they are familiar and easy. Custodial exchanges are just websites with a login and a password (and if you’re even remotely smart, 2FA). You can get to the website just about anywhere and you don’t really have to remember much- just a password. You login, transact, and leave. Easy. Did you lose your phone? No problem, the web site is still there- exchanges are not device specific or reliant.
These platforms provide incredible convenience. So what could possibly go wrong? Why not use them?
- You, individually, are a bad target, and they are a great target. Jon Bitcoin holder (or hodler) may hold 30 bitcoin in his own software wallet. Jon has his own private key. Even though software wallets are not the most secure product out there (as opposed to, say, a Trezor), Jon is an unlikely target because Jon is one person, with a small amount of value. Why target Jon for a smallish payday, when Mt. Gox is right there, ripe for the taking? There is little incentive for hackers to waste time on small fish. (see also, Apple operating systems and computer viruses, 1980–2013)
- Exchanges track and collect AML/KYC info. If you are just a causal investor, or use your bitcoin for small daily transactions, you can obtain and use bitcoin without subjecting yourself to regulation. However, if you want to trade, or use options based upon bitcoin or other crypto, using any domestic platform will subject you to AML/KYC. Depending on your intended use of bitcoin, this may or may not be a relevant consideration. However, because of this, you can be targeted because your identity can be associated with your bitcoin public address.
- You get little back for your risk. By letting others hold your bitcoin or cryptocurrencies, you are taking on higher risk (of hack, mismanagement, insider theft, etc...) and getting little to nothing in return.
- Some custodial exchanges keep assets in separate wallets with separate keys; others aggregate and commingle cryptoassets together and maintain their own records of who owns what. In the second scenario, you don’t really have cryptographic keys and, thus, you don’t really control your bitcoin.
- Most exchanges are not insured, so where’s the benefit? If you keep control of your assets, you are your own guarantor; if a custodial site gets hacked you lose your value. See Mt. Gox, Bitfinex, Bitfloor, BIPS, Bitcurex, Poloniex…. the list goes on and on. The best you can hope for is a wind down, fiduciary obtaining assets, and distributing them through a claims procedure. (As for a “socialized loss,” as Bitfinex is suggesting it may try, this is brand new ground, and at press time, it’s unclear as to what exactly it means, but it seems wrong to suggest that Bitfinex users who only held USD and alt-coins should bear the losses of BTC holders too).
- Customers of custodial exchanges have no insight as to their operation. Although most exchanges include disclosures of how they operate and their security, as I wrote in 2014, http://www.insidecounsel.com/2014/07/02/cybersecurity-for-distributed-virtual-currency-bus, (sorry, it’s pay-walled) security is critical. When using a centralized custodial exchange you TRUST the exchange to protect you, TRUST that they will do what they say, and TRUST their security.
- You may have no recourse if someone else screws up and your crypto-assets go elsewhere. To use an example, BitFinex’s Terms of Service are very unfriendly to its customers. BitFinex’s terms fully incorporate BitGo’s terms (which is begging for contradictions and ambiguity among the terms), states that the relationship is governed by BVI law, that venue is in BVI, that the customer waives any forum non-conveniens arguments (i.e. arguments that you should not be stuck suing in BVI because the parties, evidence and transactions occurred elsewhere), describe the hack (through very broad terms) as a “loss” for which the company has no liability, include “ ‘computer, server or Internet malfunctions …’ and ‘other delays, defaults, failures or interruptions that cannot be reasonably’” as Force Majeure, which is typically limited to “acts of G-d,” limits liability to fees paid by customers for transactions (this is fairly common), has the customer agree to release both Bitfinex and Bitgo for all losses, and provides no reps & warranties to the customer. This is not an attractive set of legal rights to a customer. (Others exchanges, like Poloniex, for example, have less odious terms). But whether the terms are friendly or not, by using a custodial exchange, customers are still stuck in a system where they must rely on someone, or file suit and jump through legal hoops when a hack happens.
- We saw the mess that the exploit of TheDao triggered. In that case, however, the “hack” occurred as a result of a coding error in a smart contract operating on a protocol layer above the actual blockchain. In a still extraordinary and controversial move, the protocol layer reversed an arms-length negotiated transaction made by two parties. Although the ETH community was split on what to do, they “decided” to implement a hard fork to fix a single transaction (the hack transaction) which resulted in a … split ETH/ETC community. Undoubtedly this method of “recovery” is controversial (including whether it should have occurred in the first place) and will be discussed for years to come. The result of the ETH fork is probably that forks will not be used again to try to reverse hacks. If you didn’t like it, you had very little recourse- the community made your mind up for you, or you joined the ETC side.
- An exchange that allows insurance claims for lost assets, that permits itself to be sued and/or sets up a summary ADR (alternate dispute resolution) procedure, and that puts customer service first may be the only place I’d park my bitcoin.
In summary, leaving your cryptoassets in an exchange is a pretty terrible idea. Exchanges are for trading, or options, and they are great for trading or options. But not for storage. By storing, you get little benefit, take on more risk, and have little control over your assets. Gabriel Abed, CEO of Bitt.com, a company that uses cold offline wallets to secure over 90% of all clients funds explained: “Never keep your coins on an exchange, ever.” Gabriel, I agree, and hopefully the rest of the community will figure it out too.