“Not Your Keys, Not your Crypto” (Meaning + Issues)

whiteboard crypto logo
Published by:
Whiteboard Crypto
on

If you’ve done anything in crypto, you’ve probably come across the word “wallet”. A crypto wallet is where you store your cryptocurrencies and tokens like NFTs. There are hardware wallets and software wallets.

But what most people don’t realize is when you have your crypto on an exchange, it’s actually stored in the exchange’s wallet, not your own, which means you don’t actually have control over your crypto assets. That’s because you don’t have the keys to the exchange’s wallet.

What Are Keys?

Crypto Wallet

All crypto wallets have what are called keys. Wallet keys are essential for managing and securing your digital assets. There are two main types of wallet keys: public keys and private keys.

  1. Public Key:
    • Think of the public key like your email address. It’s the address you share with others so they can send you cryptocurrency. It’s derived from the private key and is mathematically linked to it. However, it’s designed so that, while someone can send you crypto using this key, they can’t use it to take anything from your wallet.
  2. Private Key:
    • The private key, on the other hand, is like the password to your email account. It’s what you use to access and control your cryptocurrency funds. This key is crucial; it allows you to sign transactions, proving you own the crypto in your wallet. It’s essential to keep your private key secure and private, as anyone with access to it can control your funds.

In terms of ownership, the private key is what establishes your ownership of your cryptocurrency. If you lose your private key, you lose access to your crypto. That’s why it’s vital to keep it safe and backed up.

The public and private keys work together to enable secure transactions in the crypto world, with the private key serving as the core of your digital asset security.

You can think of these keys as your routing number (public key) and then your password to your bank login (private key).

Your public key is needed when sending funds. This is where another user knows which address is yours. It’s just like your account number; it’s reserved only for your account. The bank (which in this example is the blockchain) will use it to identify your account without using your password.

Now, your private key would be the password to the login information on the banking website and would be the same as the login to your crypto “wallet.”

This is the key that only you should know and not anyone else, because if someone else knows your private key they can take every bit of crypto you might have been holding.

How Are Keys Created?

Public and Private Keys

Crypto wallet keys are created using a process called cryptography, which is basically a fancy way of saying ‘secure math.’

When you create a new crypto wallet, the software generates a private key and a seed phrase using a random number generator. This private key is just a super long and random string of numbers and letters. It’s like a secret code that only you should know.

From this private key, the software then generates a public key. This is done through a set of mathematical operations that are easy to perform one way but hard to reverse. Think of it like mixing a bunch of paint colors together—easy to do, but hard to separate back into the original colors.

Your public key is then used to create your wallet address, which is what you share with others to receive crypto. It’s like a more user-friendly version of your public key.

So, in a nutshell, your private key is randomly generated, and your public key and wallet address are mathematically derived from it. This whole process ensures your wallet keys are unique and secure.

What are Seed Phrases?

As we mentioned, when you create a new crypto wallet, along with the private key, the wallet software generates a seed phrase. This seed phrase is usually a series of 12 to 24 words.

This set of words is essentially a human-readable form of your wallet’s private key. It’s like a master key. The words are selected from a specific list defined in a standard unique to the specific blockchain, ensuring consistency and security across different wallets.

The primary purpose of a seed phrase is to serve as a backup. If you lose access to your wallet (like if your computer crashes or you forget your wallet password), you can use the seed phrase to restore access to your wallet and your funds on a new device.

Because the seed phrase can be used to regenerate your private key, and therefore access your cryptocurrency, it’s as important as the private key itself. It should be kept secure and private. If someone gets your seed phrase, they can access your wallet.

If you want a more in depth explanation on how they work and how they are secure you can head over to our page about asymmetric encryption. But you don’t need to know that for the purposes of this article.

In short, your private keys (and seed phrase) are used to create your public address, and also used to send your money—this is why you don’t want anyone else to have access to them. 

Accessing vs Owning Crypto

Something that is very important to note when it comes to cryptocurrencies is the difference between access and ownership.

Access can be shared, it is when multiple people have access to your crypto, they can move it around without your verification if they wanted to.

Ownership is where ONLY you have access to your funds. 

Imagine if your friend (or even Sathvik) had access to your house keys while you were away on vacation and they threw a party—they had access to your house and did what they wanted to—even if they said they weren’t going to throw a party.

When it comes to cryptocurrencies and any blockchain network, if anyone other than yourself has access to the private keys, consider your account compromised. When it comes to money, it’s best to assume the worst. 

Example — Mt. Gox Hack

Mt Gox

One of the most famous cryptocurrency hacks of all time was from an exchange called Mt. Gox. 

Mt. Gox, an exchange similar to Coinbase, faced a massive hack where about 850,000 bitcoins were stolen. This huge amount was taken from both the exchange’s and their customers’ accounts.

Customers who kept their bitcoins in wallets on Mt. Gox trusted the company to protect them. It’s unclear whether the theft was an inside job or if a hacker exploited a security weakness. But the result was the same: a lot of private keys got into the wrong hands, leading to the theft of a massive amount of bitcoins.

To give you an idea of how big this was, those 850,000 bitcoins made up about 7% of all bitcoins in circulation at that time, worth roughly $500 million. That’s a staggering amount of money—half a billion dollars is enough to do a lot of things.

Custodial vs. Non-Custodial

A custodial service in the context of cryptocurrency refers to a setup where a third party, like an exchange or wallet provider, holds and manages the private keys of your crypto assets, offering ease of use but less control over your funds.

On the other hand, a non-custodial service means you have complete control over your cryptocurrency’s private keys, ensuring full autonomy and security over your assets, but requiring you to manage and safeguard your keys responsibly.

AspectCustodialNon-Custodial
Key ControlThe service provider holds and manages the private keys.You have complete control over your private keys.
SecuritySecurity is managed by the provider, but there’s a risk if the provider is compromised.You’re responsible for the security of your keys, offering more safety but requiring careful management.
ConvenienceGenerally more user-friendly, with easier recovery options for lost passwords or keys.Might be less user-friendly and requires you to manage your keys and backups.
ResponsibilityThe provider is responsible for safeguarding your keys.You are fully responsible for safeguarding your keys and managing your wallet.
AutonomyLess autonomy over your funds, as the provider can control access.Full autonomy and control over your funds, with no intermediary.
RecoveryIf you lose access, the provider can often help you regain access.If you lose your private keys or seed phrase, there’s usually no way to recover your funds.

Example — Robinhood

One of the very popular noncustodial exchanges is called Robinhood. It doesn’t even give you a wallet address—they ONLY buy and sell crypto for you.

This means if you wanted to send your crypto to a friend, you literally cannot, because you don’t have a wallet address to send from. Likewise, if you want to receive some crypto from a friend, there is no address they can send it to.

Robinhood is a horrible place to buy crypto if you believe in the fundamentals of why crypto was created in the first place:

  • decentralization
  • privacy
  • trust

Example — Coinbase

Coinbase, on the other hand, actually lets you send the crypto you bought off their platform. However, if you keep it on their platform, and they get hacked due to a database issue on their side, all of your crypto could be gone.

Coinbase is a good beginner exchange because it is fairly easy to buy a ton of large market-cap cryptocurrencies, and send your crypto via their user-friendly platform to another wallet. 

The importance here is that you’re just using Coinbase as an exchange, not a wallet. We highly recommend sending your crypto to a wallet that ONLY you control, so that you have 100% ownership of that crypto.

Coinbase has the private keys, so technically anyone at Coinbase might be able to send your crypto to a wallet, tumble it using a tumbler and then you’ll never know where it went. 

Example — Metamask and Ledger 

Two common wallets that you can send your crypto to so that you are the only person who actually owns it—i.e., you have the private key and no one else does—are Metamask and Ledger. 

Metamask is a browser extension, so you can use it on your desktop. It is a kind of wallet called a “soft wallet” or “hot wallet” because your crypto is still stored somewhere that has an active internet connection, meaning it is more vulnerable than if it were stored offline.

Technically if your computer has a virus, you could lose your funds, but it soft wallets are still much more secure than Coinbase or other noncustodial exchanges.

Metamask is used by hundreds of thousands of people and the code is audited by very curious people so it’s pretty much an industry standard. You can also use Metamask to interact with decentralized applications. 

Ledger, on the other hands offers a USB version of a wallet. This is a kind of wallet called a “hardware wallet” or “cold wallet”.

In Ledger, the private key is encrypted and stored on a USB where you must insert your USB Ledger and connect the device to be able to send your crypto.

It is much more secure than Metamask and if you don’t share your private keys with anyone else, you can be 100% sure they aren’t shared anywhere else.

Conclusion

We learned a lot of terms in this article! You should now understand what public and private keys are, what seed phrases are, access vs ownership, custodial vs noncustodial services, soft vs hard wallets, and hot vs cold wallets.

Hopefully you’ll now understand why we called this article “Not Your Keys, Not Your Crypto!” If you don’t have control of the private key, you don’t have control of your crypto.

Thanks for reading, we hope you enjoyed it, and we really hope you learned something.

whiteboard crypto logo

WhiteboardCrypto is the #1 online resource for crypto education that explains topics of the cryptocurrency world using analogies, stories, and examples so that anyone can easily understand them. Growing to over 870,000 Youtube subscribers, the content has been shared around the world, played in public conferences and universities, and even in Congress.