Exchanges vs. self-custody: Known vs. unknown risks
"There are known knowns. There are things we know we know. We also know there are known unknowns. That is to say, we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know."
Donald Rumsfeld, February 12th, 2002
Bloomberg commentator Tracy Alloway likes to point out that billion year events keep happening every few months in the markets. If you are holding bitcoin, chances are you see the problem. Rational analysis is impossible when the risk is in the instrument we use to measure risk itself: the U.S. dollar.
Bitcoin investors understand that the risks in the fiat economy are unknown unknowns - invisible, unpredictable, and the only way to avoid them is to opt out. But buying bitcoin isn't enough. Exchanges, custodians, lending platforms, and anyone else who deals in fiat and Bitcoin is exposed, and could take your hard money with them should they go under.
At the same time, self-custody poses obvious risks as well. Poor key management has led to millions in losses at today's prices. Mundane issues like fires, flooding, spilled drinks, and moving houses pose an entirely different set of challenges. But while the future can't be perfectly predicted, these kinds of risks are known unknowns, and far easier to manage.
This leaves us with a choice: take responsibility for assessing and mitigating the known risks inherent to self-custody, or roll the dice and hope that whoever we are trusting with your assets won’t be caught swimming naked the next time the tide goes out.
Exchanges and key management
With exchange custody, you're trusting someone else to holding your keys. What you own is a claim, a promise that they’ll let you withdraw your Bitcoin when you ask. It’s like a pre-paid train ticket - it won’t get you very far if the train stops running.
This is counterparty risk, and it’s a problem with any exchange. Binance and Mt. Gox have been hacked. QuadrigaCX was an exit scam and the owners disappeared with the assets.
You could also have your account hacked and funds drained. An exchange with a large client base is ripe for repeat phishing attacks. Two-factor authentication and withdrawal limits help, but may not be enough. There is always the risk that a novel attack will target exchange customers at scale, as the potential payoffs are substantial.
These risks are straightforward, and what people usually consider when they think about the trade-offs of self-custody. They're known unknowns, and fairly straightforward to mitigate by using basic security practices and only working with well capitalized exchanges. Unfortunately these are far from the only category of risk that goes along with using a centralized custodian.
Exchanges and systemic risk
Exchanges have deeper risks from complex legal, financial, technical, and political systems. As their customer, you have limited visibility and zero influence.
Legal and political risk is nothing new to Bitcoin. Many early bitcoiners have had their legacy bank accounts closed for buying bitcoin. Jurisdictions get blacklisted. Exchanges are at risk of shut down by local authorities and can have their assets seized. While the current regulatory climate is showing signs of improvement, it has yet to be tested in a period of serious financial instability.
Digital assets and smart contracts are new and complex. The fiat system is already over-leveraged and unstable. Together they're a recipe for novel ways to blow up an exchange. These problems may have no impact on Bitcoin's network, but you could wind up fighting for years to get even a fraction of your assets back.
Exchanges are off-ramps from the fiat economy, and they're exposed to risk on both sides. DeFi flash loans and legacy banks can both fail in spectacular fashion. Financialization can create too many claims on an exchange’s assets. Problems on other blockchains or in the fiat economy may someday threaten exchange solvency.
Complex financial systems
"What I would like to point out here is that we have come dangerously close to the collapse of the entire system, and the public seems to be completely unaware of that, including Congress and the regulators."
Thomas Peterffy, CEO of Interactive Brokers
February 17th 2021
The GameStop saga earlier this year showed how a group of traders were able to educate themselves using public resources, build a narrative and coordinate action on a public platform, and use the public markets to execute a devastatingly effective trade. The short sellers weren't ready for them, but neither was the system. Ancient trade settlement software, abundant online information on Gamma strategies, r/WSB, and leverage up to everyone's eyeballs led to losses far beyond $GME and $AMC.
A similar situation that combines aspects of financial, technical, and legal issues could easily play out at multiple exchanges, and would be impossible to predict ahead of time. The only winning move is not to play.
Unlike the myriad ways exchange custody can fail, the risks of holding your keys are easy to imagine. Banks flood, houses burn down, drinks spill, and evil maids are evil. There are dozens of ways fate can destroy an important document in your home or elsewhere.
For anyone new to Bitcoin, this can be a scary proposition. It feels safer to trust a third party with custody, rather than face the risks yourself. Experienced Bitcoiners know better.
Because self-custody risks are obvious, they’re easy to mitigate with sound risk diversification. Hardware wallets, steel backups, open source software, and multisig setups are your tools in the self-custody toolkit.
Multisig has been a part of Bitcoin for nine years, and offers an easy yet powerful way to secure your funds. The risk that your bank floods is real. The risk that your in-law’s house burns down on the opposite side of the world is also real. But these two risks aren’t correlated - it’s very unlikely that both will happen at the same time.
With multisig you store your funds in a wallet controlled by a set keys. A subset of them can approve any transaction. In a 1-of-2 setup, if your bank floods you can still use the key at your in-laws, and vice versa. You can reduce the risk of theft if an attacker has to travel to different locations.
“How did you go bankrupt?” Bill asked.
“Two ways,” Mike said. “Gradually, then suddenly.”
- Ernest Hemingway, The Sun Also Rises
The trade-offs between the risks of exchange custody and self-custody is at the heart of why Bitcoin exists. Known unknowns are the risks we can see in the real world, and Bitcoin’s fundamental value is that it tethers the digital with the real, through the math of encryption and the security provided by proof of work. Unknown unknowns are the product of complex human systems that grow and metastasize under the broken assumptions of a fiat standard.
You cannot effectively hedge against a system while tied to it. While exchanges play an important role in the transition to a Bitcoin standard, in the end they are creatures of the system and exposed to the same risks. If you plan to outlast fiat, the only choice is to face bitcoin's risks head-on.
Looking for peace of mind about your Bitcoin custody? Let's get it handled.
Casa Gold is FREE to try for 30 days and only $120 / year after that. Ready to move directly to our Platinum or Diamond tiers? You can get started here or book a call with our Client Services team to learn more.