Menu

Say no to custodial wallets

GOSU GUIDE

Some time ago, we talked about the Trezor Hardware Wallet and although it has added a couple of very nice features; such as bec32 segwit wallet support, some people may still think: Why would I need to buy and set up a device, when I can simply use an exchange to store my coins; or even better, when there are some web wallets that are easier to set up and use, and I can simultaneously use in my phone and desktop?

Well, there’s this little phrase we normally use, and I’m sure some people have even tattooed: Not your keys, not your coins!

What does this mean? It means that if you are not the only owner of the private keys belonging to the addresses you are using, you are not the owner of the coins in those addresses. Those addresses belong to a service that lets you use them at your own will, but should that service ever disappear or lock your funds, “your” funds will follow the same path. And why is that? Because those funds are not yours! The moment you deposit at a custodial service of any kind, you pass the ownership of those coins to said service, and in exchange, they let you handle them.

If that was not reason enough, history is on our side on this one. Over the not-so-short lifespan of Bitcoin, many events have made it even more obvious that it’s not a good idea to store crypto in centralized custodial services; but as usual, people don’t actually give a f*** until tragedy strikes.

Famous exchange hacks

We could talk about this for many many many hours but we’ll try to make this as short as possible:

Early years of Bitcoin:

*Silkroad was not hacked per se; the coins were confiscated by the FBI

So in the first 4 years, Bitcoin had been operative, there were already more than 375.000 Bitcoins stolen from custodial sites. One could argue that the price was lower back then and everyone had more whole coins instead of satoshis; but we are not talking about any FIAT value here, we are talking about why you shouldn’t use custodial services. If they get hacked/disappear/are seized, it won’t matter if you have 1, 100, 500, or 0.0005 BTC (of course it will but to you); you’ll lose everything. Most of these services are long gone, but if we take a look at the current platforms; each and every major exchange has been breached at least once. If that’s not reason enough to not trust centralized services, keep reading; because there’s more coming your way.

Exit scams

Although so far we’ve mostly talked about exchanges, remember that we are actually talking about any kind of custodial service. Now, another question:

What’s stopping the owner of a custodial business from pulling the plug one night and running away with the funds to the Cayman Islands? In most cases, regulations we could argue; most services must have a license, headquarters, be registered and a long list of paperwork that makes it more difficult (but never impossible) for this to happen. But, what happens with the services that aren’t subject to these regulations? One of the advantages of Bitcoin is the level of anonymity it provides, and some companies operate within that same level of anonymity. In the above example, we mentioned Silkroad; and yes, it was not hacked; and it was neither an exit scam (he wishes he got that lucky), but it’s the perfect example of a service pulling the plug overnight.

Funnily enough, this has happened with many faucets too; so there’s another reason to avoid wasting time on them. One example we recall from some time ago is the case of the Donaldcoin-Cetobeto faucets. The owners did first run Donaldcoin, but ran out of funds and had to close shop. Users lost their balance and deposits, everything. They then opened Cetobeto; and obviously, the same thing happened there. Apart from that, the owner had been accused of promoting some Ponzi/multi-level marketing sites, so everything was rather cristal clear, to begin with.

Abusive policies

Since you are using a centralized service, you must accept some Terms And Conditions / Terms of Service before you can actually use the service, and let’s be honest, who reads those? That’s exactly the reason most services will hold your funds hostage without you knowing so. Some people just buy and store bitcoin (HODL), and don’t look back at it until a certain amount of time has passed. Well, there may be a surprise waiting for them the moment they come back to check on those funds; because some TOS includes a small point, in which the service will reset your whole balance to 0 in the event of inactivity of X time. They can do that, and be sure they will do that because you agreed to that in the initial TOS you signed.

We can think of some other funny examples; such as you losing the funds if you by any chance send them to an address that is not from the coin you are trying to withdraw. Is this idiotic? Very much. Does this happen often? More than it actually should. How is it even possible to send coins from Xcoin to a Ycoin address? So far, the mix-ups we’ve seen mostly involve a bitcoin segwit-litecoin mix-up in the system. This, of course, would never happen in a real wallet, as it wouldn’t recognize the address as valid. And this does not only happen to withdrawals; deposits are subject to being stupidly mistaken. If you happen to send BTC to a BCH address, they will not credit that transaction to your account, and it kind of makes sense, because you haven’t sent the coin you’ve said you were going to send. And what happens next? Do they reimburse you? OH, YOU WISH! In the case of Bitfinex, if the amount “lost” is lower than 2500 USD, they won’t even assess whether it’s worthy to “rescue” those funds. If the amount is greater than those 2500, they will assess the situation; they may decide that it’s still not worthy and you’ll lose your funds, and in the event, they deem your claim worth their time; they will of course charge you a fee. Does this happen in non-custodial wallets? Of course not.

Still, want to know about more abuses? Last year (2019) the Poloniex margin trading market for CLAMS collapsed. The price went down by more than 80% in an hour, and the system failed to close all the open margin positions. For the ones that are unfamiliar with how margin trading works; let’s put it simply: There are 2 people involved in the operation; a lender and the person opening the position. When you open a position, you borrow a certain amount of coins from a lender on the platform and pay some interest over the time your margin position is open, when you close it, the lender gets paid and so do you (unless you lose money, of course). The end result of this CLAMS disaster was a frightening 180.736 BTC loss for Poloniex, a company that didn’t think twice before socializing the losses (like every big company; privatize profits, socialize losses); and who had their coins stolen? Lenders. Every lender on the platform; even the ones that had no open position at the moment or had never done anything with CLAMS; every single user that had some balance on their “Lending” wallet suffered this almost illegal deduction on their balance. Today, there are people that still have not gotten their money back, and it doesn’t like they will; at least any time soon.

Split coins

Another tasty subject. Back in 2017, when the Bcash hard fork happened, many users were not able to claim any of their forked coins because…. you guessed right! They were using a custodial service, so they didn’t have access to their keys. We’ll be fair and say that many services did allow their users to withdraw the forked coins, but many doesn’t mean every. Apart from that, there are more bitcoin forks than one would actually expect, and out of those many places that allowed users to either cash in their BCH to BTC, or withdraw to a BCH wallet, the rest of the forks weren’t that lucky. That is something that is still happening nowadays; although we are not sure about what happened with the BCH-BSV fork, we are pretty sure only a handful of sites did in fact allow their users to keep the forked coins.

KYC

In case you have reached this far and are still considering using a custodial wallet; We must warn you: There’s another reason we are going to explain as to why you should steer clear of using custodial wallets: Privacy. Bitcoin is a pseudo-anonymous cryptocurrency developed by satoshi nakamoto… Yes, pseudo-anonymous because every transaction is public and addresses can be connected together; but not because you must give your ID (among many things) to a centralized service in order to be able to use Bitcoin!

We mean; this goes against the principles of Bitcoin! It has to be said though, that most of these services are forced to do this by governments, and that it’s not really their fault. On the same reasoning, it’s also our choice to not use these services. Not only privacy, but many services (mostly exchanges) have limits on the amount of money you can move every day/month if you have not verified yourself, or depending on how much you’ve verified yourself. Even most of the casinos have a KYC policy, but they don’t usually enforce it unless there’s something strange with your account, and besides, who uses a casino as a wallet? That’s why we’ve mostly referred to exchanges throughout the whole text wall this has become.

Conclusion

This whole content is supposed to be educational, so even if we’ll most likely never receive any kind of feedback on this little post, we want you to know, that deep inside our hearts, we do really hope that we’ve managed to make you think twice before using custodial services to store bitcoins. We’ll also say after you’ve read this, that sometimes it’s impossible to not use some kind of custodial service, or that not all custodial services are “bad”. We personally use a custodial LN wallet on a telegram bot that lets you send tips on group chats, but both because it’s custodial and it’s the LN, we don’t consider those satoshis as ours. It’s some kind of money we’ve lost, and maybe someday we’ll recover. The same happens with casinos; you must deposit to use it, but it’s not the best idea to use them as a real wallet. Exchanges…. are the main source of problems when it comes to managing funds, so you should ONLY use them to actually exchange one currency for another, and then withdraw as fast as you humanly can. This is not the rule if you are a trader (gambler), Lender, or actually operate on a regular basis on an exchange; meaning the money is moving and not stationary, but you should consider the many disadvantages present on these platforms, and as with everything, don’t spend more than you can afford to lose.

Relevant news

Leave a Reply