The Truth About “Non-Custodial” Wallets
As an owner of cryptocurrency, somebody’s probably told you to be careful about scams. You know to watch for fake ICOs, unreputable exchanges, and just about anything that sounds too good to be true. However, it’s quite possible that no one has ever told you that your “non-custodial” wallet might actually be partially custodial (or have “split custody”). That difference could cost you big time.
Custodial vs Noncustodial
My good friend Ishita Reddy wrote an amazing article about the various types of cryptocurrency wallets, but I’ll summarize briefly here:
Fully Custodial Wallets:
- The company that created the wallet retains full control of your private keys, meaning that they must sign off on any transaction involving your funds.
- In the event that you forget your password, the company should be able to recover it.
- They operate very similarly to a centralized bank, in that they can freeze your funds without warning, charge surprise fees, and they do not necessarily have 100% of your funds on hand.
- Examples include Coinbase, Freewallet, and Calibra (which Facebook has promised to release along with Libra early next year).
Non-Custodial Wallets:
- You retain full control over your private keys, allowing you to send, receive, and withdraw from your account as you please.
- Because you have full control over your funds, there is no possibility of account freezes or surprise fees.
- You are responsible for keeping your password and recovery phrase secure because any truly noncustodial wallet will not store this information on its servers.
- Examples include TrustlessBank and Electrum.
However, there is actually a third type of wallet that some would rather you not know about.
Stuck in the Middle: Split Custody Wallets
While they may call themselves non-custodial in promotional materials, split custody wallets only give you half of your private key and the company will keep the other half. It is therefore impossible for the company to move your funds without your permission, but they can still bar you from withdrawing or transferring them.
So, why might a company want to retain half of your key? Custodial wallets can at least claim to be keeping the key to recover your funds in case you forget your password, but because custody is split, password recovery is not possible. The company also can’t be investing your funds because you would have to give permission for your coins to leave your account. It seems to me that split custody wallets like GreenAddress and ZenGo want to have the ability to deny your transactions.
If one of these services suddenly imposes a hefty monthly or withdrawal fee, you’d have little choice but to pay it. Retaining half of the key means that, if you can’t or don’t pay, the company could simply let your funds sit in your account, completely inaccessible to you.
Similarly, if the internet goes down in the area that the company is based in, you will be completely unable to move funds until it is back up. With zero-custody wallets, funds can be moved even without an internet connection by connecting to a satellite or Bluetooth.
GreenAddress attempts to justify split custody by arguing that it adds an extra layer of security. They say that if someone were to hack into your account, the company would not sign any transactions and your funds would be protected. However, how would they know that you weren’t the one initiating the transactions? Would they wait for you to tell them that someone hacked into your account (at which point it has likely already been drained)? Or would they take a cue from credit card companies and be on the lookout for “suspicious activity” — whatever that means — and deny your access whenever something looks funny? Either way, it doesn’t sound like a win for the user.
Protect Yourself
The only way to find out if your “non-custodial” wallet is truly non-custodial is to contact your provider and ask whether they control any part of your private key. Don’t expect this information to be featured on their website or even accurately listed on websites like CoinDesk (I’ve seen cases where it isn’t).
“Never put yourself in a situation where someone can freeze your funds,” says Edward Fricker, co-founder of TrustlessBank, the world’s first zero-custody, lightning swap wallet. “Make sure you, and only you, can export your private key whenever you need to.”
Like what you’re reading? I’m flattered. Drop me a comment and be sure to subscribe for more.
